upgrade deps #678
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker CI/CD | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| workflow_dispatch: | |
| inputs: | |
| force_build_all: | |
| description: "Force build all apps regardless of changes" | |
| required: false | |
| default: "false" | |
| type: choice | |
| options: | |
| - "true" | |
| - "false" | |
| permissions: | |
| contents: read | |
| packages: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| detect-changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| web: ${{ steps.filter.outputs.web }} | |
| server: ${{ steps.filter.outputs.server }} | |
| worker: ${{ steps.filter.outputs.worker }} | |
| indexer: ${{ steps.filter.outputs.indexer }} | |
| packages: ${{ steps.filter.outputs.packages }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Detect changed paths | |
| uses: dorny/paths-filter@v4 | |
| id: filter | |
| with: | |
| filters: | | |
| web: | |
| - 'apps/web/**' | |
| - 'packages/**' | |
| - 'turbo.json' | |
| - 'package.json' | |
| - 'bun.lock' | |
| server: | |
| - 'apps/server/**' | |
| - 'packages/**' | |
| - 'turbo.json' | |
| - 'package.json' | |
| - 'bun.lock' | |
| worker: | |
| - 'apps/worker/**' | |
| - 'packages/**' | |
| - 'turbo.json' | |
| - 'package.json' | |
| - 'bun.lock' | |
| indexer: | |
| - 'apps/indexer/**' | |
| - 'packages/**' | |
| - 'turbo.json' | |
| - 'package.json' | |
| - 'bun.lock' | |
| packages: | |
| - 'packages/**' | |
| validate: | |
| runs-on: ubuntu-latest | |
| needs: detect-changes | |
| # Only run validation if there are code changes | |
| if: | | |
| needs.detect-changes.outputs.web == 'true' || | |
| needs.detect-changes.outputs.server == 'true' || | |
| needs.detect-changes.outputs.worker == 'true' || | |
| needs.detect-changes.outputs.indexer == 'true' || | |
| needs.detect-changes.outputs.packages == 'true' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 25 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Run linter | |
| run: bun run lint | |
| - name: Run type checking | |
| run: bun run typecheck | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [detect-changes, validate] | |
| # Only run if changes detected or if it's a manual trigger | |
| if: | | |
| always() && | |
| (needs.validate.result == 'success' || needs.validate.result == 'skipped') && | |
| (needs.detect-changes.outputs.web == 'true' || | |
| needs.detect-changes.outputs.server == 'true' || | |
| needs.detect-changes.outputs.worker == 'true' || | |
| needs.detect-changes.outputs.indexer == 'true' || | |
| github.event_name == 'workflow_dispatch') | |
| environment: ${{ github.event_name == 'pull_request' && 'Staging' || 'Production' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - app: web | |
| dockerfile: ./apps/web/prod.Dockerfile | |
| - app: server | |
| dockerfile: ./apps/server/Dockerfile | |
| - app: worker | |
| dockerfile: ./apps/worker/Dockerfile | |
| - app: indexer | |
| dockerfile: ./apps/indexer/Dockerfile | |
| steps: | |
| - name: Show detected changes | |
| run: | | |
| echo "Changes detected for ${{ matrix.app }}: ${{ needs.detect-changes.outputs[matrix.app] }}" | |
| echo "Web changes: ${{ needs.detect-changes.outputs.web }}" | |
| echo "Server changes: ${{ needs.detect-changes.outputs.server }}" | |
| echo "Worker changes: ${{ needs.detect-changes.outputs.worker }}" | |
| echo "Indexer changes: ${{ needs.detect-changes.outputs.indexer }}" | |
| echo "Package changes: ${{ needs.detect-changes.outputs.packages }}" | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate Docker metadata | |
| id: meta | |
| if: needs.detect-changes.outputs[matrix.app] == 'true' || github.event.inputs.force_build_all == 'true' | |
| run: | | |
| # Generate tags based on event type | |
| if [ "${{ github.event_name }}" == "pull_request" ]; then | |
| # PR tags: pr-123-sha, pr-123-latest | |
| echo "tags<<EOF" >> $GITHUB_OUTPUT | |
| echo "ghcr.io/${{ github.repository }}-${{ matrix.app }}:pr-${{ github.event.pull_request.number }}-${{ github.sha }}" >> $GITHUB_OUTPUT | |
| echo "ghcr.io/${{ github.repository }}-${{ matrix.app }}:pr-${{ github.event.pull_request.number }}-latest" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| else | |
| # Main branch tags: sha, latest, short-sha | |
| SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) | |
| echo "tags<<EOF" >> $GITHUB_OUTPUT | |
| echo "ghcr.io/${{ github.repository }}-${{ matrix.app }}:${{ github.sha }}" >> $GITHUB_OUTPUT | |
| echo "ghcr.io/${{ github.repository }}-${{ matrix.app }}:latest" >> $GITHUB_OUTPUT | |
| echo "ghcr.io/${{ github.repository }}-${{ matrix.app }}:${SHORT_SHA}" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Build and push ${{ matrix.app }} docker image | |
| # Only build if this specific app has changes or force build is enabled | |
| if: needs.detect-changes.outputs[matrix.app] == 'true' || github.event.inputs.force_build_all == 'true' | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| file: ${{ matrix.dockerfile }} | |
| # Only push to registry on main branch, not on PRs | |
| push: ${{ github.event_name != 'pull_request' }} | |
| # Load image locally on PRs for validation | |
| load: ${{ github.event_name == 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| cache-from: type=gha,scope=${{ matrix.app }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.app }} | |
| secrets: | | |
| umami_script_url=${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL }} | |
| umami_website_id=${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} | |
| activity_websocket_url=${{ secrets.NEXT_PUBLIC_ACTIVITY_WEBSOCKET_URL }} | |
| better_auth_secret=${{ secrets.BETTER_AUTH_SECRET }} | |
| discord_client_id=${{ secrets.DISCORD_CLIENT_ID }} | |
| discord_client_secret=${{ secrets.DISCORD_CLIENT_SECRET }} | |
| twitter_client_id=${{ secrets.TWITTER_CLIENT_ID }} | |
| twitter_client_secret=${{ secrets.TWITTER_CLIENT_SECRET }} | |
| site_url=${{ secrets.NEXT_PUBLIC_SITE_URL }} | |
| database_url=${{ secrets.DATABASE_URL }} | |
| indexer_database_url=${{ secrets.INDEXER_DATABASE_URL }} | |
| s3_endpoint=${{ secrets.S3_ENDPOINT }} | |
| s3_access_key=${{ secrets.S3_ACCESS_KEY }} | |
| s3_secret_key=${{ secrets.S3_SECRET_KEY }} | |
| ses_region=${{ secrets.SES_REGION }} | |
| ses_access_key=${{ secrets.SES_ACCESS_KEY }} | |
| ses_secret_key=${{ secrets.SES_SECRET_KEY }} | |
| ses_mail_from=${{ secrets.SES_MAIL_FROM }} | |
| live_api_key=${{ secrets.NEXT_PUBLIC_LIVE_API_KEY }} | |
| bypass_live_key=${{ secrets.BYPASS_LIVE_KEY }} | |
| redis_url=${{ secrets.REDIS_URL }} | |
| cleanup: | |
| runs-on: ubuntu-latest | |
| needs: [detect-changes, validate, build] | |
| # Run cleanup only on main branch and only if build succeeded or was skipped | |
| if: | | |
| always() && | |
| github.event_name != 'pull_request' && | |
| (needs.build.result == 'success' || needs.build.result == 'skipped') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| app: [web, server, worker, indexer] | |
| steps: | |
| - name: Delete all untagged ${{ matrix.app }} images | |
| uses: actions/delete-package-versions@v5 | |
| continue-on-error: true | |
| with: | |
| package-name: ${{ github.event.repository.name }}-${{ matrix.app }} | |
| package-type: container | |
| delete-only-untagged-versions: true | |
| min-versions-to-keep: 3 |