mpuchstein
16e8c6c865
Release / release (push) Successful in 5m28s
- release.yml: bump Helm v3.16.2 → v4.1.4; replace --wait with --rollback-on-failure (Helm 4 rename, implies --wait) - Dockerfile: backend builder rust:1.95-slim-bookworm → rust:1.95-alpine3.23 (adds cmake/g++/perl/nasm/sqlite-dev for aws-lc-rs + sqlx); runtime debian:trixie-slim → alpine:3.23 (adds sqlite-libs, uses adduser -D) - cronjob-backup: gate on backup.enabled, pin image to alpine:3.23 - values.yaml: backup.enabled default true - values_override.yaml: backup.enabled: false (disabled until tested) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
117 lines
3.0 KiB
YAML
117 lines
3.0 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*.*.*'
|
|
|
|
env:
|
|
IMAGE: registry.itsh.dev/s0wlz/tutortool
|
|
NAMESPACE: tenant-5
|
|
RELEASE_NAME: tutortool
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22'
|
|
|
|
- uses: pnpm/action-setup@v4
|
|
with:
|
|
version: '9'
|
|
|
|
- uses: dtolnay/rust-toolchain@master
|
|
with:
|
|
toolchain: '1.95.0'
|
|
components: clippy, rustfmt
|
|
|
|
- name: Cache Cargo
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
backend/target
|
|
key: cargo-${{ hashFiles('backend/Cargo.lock') }}
|
|
restore-keys: cargo-
|
|
|
|
- name: Cache pnpm store
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/.local/share/pnpm/store
|
|
key: pnpm-${{ hashFiles('frontend/pnpm-lock.yaml') }}
|
|
restore-keys: pnpm-
|
|
|
|
- name: Install frontend deps
|
|
run: pnpm --dir frontend install --frozen-lockfile
|
|
|
|
- name: JS security audit
|
|
run: pnpm --dir frontend audit --audit-level high
|
|
|
|
- name: Generate SvelteKit types
|
|
run: pnpm --dir frontend exec svelte-kit sync
|
|
|
|
- name: Type check (frontend)
|
|
run: pnpm --dir frontend exec tsgo --version && pnpm --dir frontend check
|
|
|
|
- name: Type check (backend)
|
|
run: cargo check --manifest-path backend/Cargo.toml
|
|
|
|
- name: Clippy
|
|
run: cargo clippy --manifest-path backend/Cargo.toml -- -D warnings
|
|
|
|
- name: Format check
|
|
run: cargo fmt --manifest-path backend/Cargo.toml -- --check
|
|
|
|
- name: Unit tests (backend)
|
|
run: cargo test --manifest-path backend/Cargo.toml
|
|
|
|
- name: Security audit
|
|
run: |
|
|
cargo install cargo-audit --locked
|
|
cd backend && cargo audit --ignore RUSTSEC-2023-0071
|
|
|
|
- name: Build frontend
|
|
run: pnpm --dir frontend build
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: registry.itsh.dev
|
|
username: ${{ secrets.REGISTRY_USER }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
- name: Build and push image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: |
|
|
${{ env.IMAGE }}:${{ github.ref_name }}
|
|
|
|
- name: Configure kubectl
|
|
run: |
|
|
mkdir -p ~/.kube
|
|
echo "${{ secrets.K8S_CONFIG }}" | base64 -d > ~/.kube/config
|
|
chmod 600 ~/.kube/config
|
|
|
|
- name: Set up Helm
|
|
uses: azure/setup-helm@v4
|
|
with:
|
|
version: v4.1.4
|
|
|
|
- name: Deploy via Helm
|
|
run: |
|
|
helm upgrade --install ${{ env.RELEASE_NAME }} ./deploy \
|
|
-f ./deploy/values_override.yaml \
|
|
--set image.tag=${{ github.ref_name }} \
|
|
-n ${{ env.NAMESPACE }} \
|
|
--rollback-on-failure --timeout 5m
|