diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index a8818fda..8b92e865 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -1,12 +1,17 @@ name: Build Docker Image on: + workflow_call: + inputs: + version: + description: Docker image tag to publish alongside latest. + required: true + type: string release: - # Run this workflow when a release or pre-release is published - types: [published, released, prereleased] + # Use the release tag as the single source of truth for published image tags. + types: [published, prereleased] env: - FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} @@ -19,10 +24,27 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 + + - name: Prepare image name + id: image + run: | + IMAGE_NAME_LOWER="$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]')" + echo "name=${IMAGE_NAME_LOWER}" >> "$GITHUB_OUTPUT" + echo "uri=${{ env.REGISTRY }}/${IMAGE_NAME_LOWER}" >> "$GITHUB_OUTPUT" + + - name: Resolve image version tag + id: version + run: | + IMAGE_TAG="${{ inputs.version || github.event.release.tag_name }}" + if [ -z "${IMAGE_TAG}" ]; then + echo "Image tag is required but was not provided." + exit 1 + fi + echo "tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT" - name: Log in to the Container registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -30,14 +52,19 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ steps.image.outputs.uri }} + tags: | + type=raw,value=latest + type=raw,value=${{ steps.version.outputs.tag }} - name: Build and push Docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} + push: true + tags: | + ${{ steps.image.outputs.uri }}:latest + ${{ steps.image.outputs.uri }}:${{ steps.version.outputs.tag }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index abf7b146..a67c3afe 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -10,9 +10,9 @@ jobs: backend-checks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.12' - name: Install dependencies @@ -36,9 +36,9 @@ jobs: frontend-checks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '24' cache: 'npm' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 724bf604..5319486a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 669cca1b..52af04c9 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -21,7 +21,6 @@ permissions: contents: write env: - FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true RELEASE_VERSION: ${{ github.event.inputs.version }} jobs: @@ -29,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Ensure workflow is running on allowed branches run: | @@ -47,13 +46,13 @@ jobs: matrix: os: [ubuntu-latest, windows-latest] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.12" - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '24' - name: Install dependencies @@ -73,7 +72,7 @@ jobs: tar -czf dist/release/backend-onedir-${{ runner.os }}.tar.gz -C dist run_app - name: Upload Backend Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: backend-onedir-${{ runner.os }} path: dist/release/backend-onedir-${{ runner.os }}.tar.gz @@ -85,13 +84,13 @@ jobs: matrix: os: [ubuntu-latest, windows-latest] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '24' - name: Download Backend Artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: backend-onedir-${{ runner.os }} path: dist/run_app @@ -110,7 +109,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload Electron Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: electron-assets-${{ runner.os }} path: | @@ -128,13 +127,13 @@ jobs: matrix: os: [ubuntu-latest, windows-latest] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.12" - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '24' - name: Install dependencies @@ -148,7 +147,7 @@ jobs: - name: Build Backend (onefile) run: python build_backend.py onefile - name: Upload Onefile Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: backend-onefile-${{ runner.os }} path: dist/AugmentedQuill* @@ -158,14 +157,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Download all artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: path: all-assets merge-multiple: true + - name: Collect release assets + run: | + mkdir -p release-assets + # Keep only final application installer artifacts, not intermediate backend-only packages + find all-assets -type f \( -name '*Setup*.exe' -o -name '*.AppImage' -o -name '*.dmg' -o -name '*.zip' \) -exec cp {} release-assets/ \; + echo "Release asset candidates:" + ls -la release-assets + - name: Create GitHub Release uses: ncipollo/release-action@v1 with: @@ -176,6 +183,16 @@ jobs: prerelease: ${{ github.event.inputs.prerelease }} commit: ${{ github.ref_name }} token: ${{ secrets.GITHUB_TOKEN }} - artifacts: "all-assets/**/*.{tar.gz,exe,dmg,AppImage,zip}" + artifacts: "release-assets/*" allowUpdates: true replacesArtifacts: true + + publish-docker: + needs: create-release + permissions: + contents: read + packages: write + uses: ./.github/workflows/build-docker.yml + with: + version: ${{ github.event.inputs.version }} + secrets: inherit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4f80c9d5..bb8ee13e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,7 +15,7 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Dependency review uses: actions/dependency-review-action@v4