opencode-docker/.github/workflows/release.yml at main · dallay/opencode-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Release

on:
  push:
    branches: [main]
  workflow_dispatch:

permissions:
  contents: write
  issues: write
  pull-requests: write
  packages: write
  security-events: write

concurrency:
  group: release-${{ github.ref }}
  cancel-in-progress: false

jobs:
  # ==========================================================================
  # Semantic Release - Determine version
  # ==========================================================================
  semantic-release:
    name: Semantic Release
    runs-on: ubuntu-latest
    outputs:
      new_release_published: ${{ steps.release.outputs.new_release_published }}
      new_release_version: ${{ steps.release.outputs.new_release_version }}
      new_release_major_version: ${{ steps.release.outputs.new_release_major_version }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Run semantic-release
        id: release
        uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6
        with:
          extra_plugins: |
            @semantic-release/commit-analyzer
            @semantic-release/release-notes-generator
            @semantic-release/github
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  # ==========================================================================
  # Build, Scan and Push Docker Image
  # ==========================================================================
  publish-docker:
    name: Publish Docker Image
    needs: semantic-release
    if: needs.semantic-release.outputs.new_release_published == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: v${{ needs.semantic-release.outputs.new_release_version }}

      - name: Setup Docker Buildx
        uses: dallay/common-actions/actions/setup-buildx@main

      - name: Build and Push Docker Image
        id: build
        uses: dallay/common-actions/actions/docker-build-push@main
        with:
          image-name: opencode
          image-title: "opencode"
          image-description: "Custom opencode Docker image with personal skills, commands, and agent configuration"
          dockerfile: Dockerfile
          platforms: linux/amd64,linux/arm64
          build-args: |
            OPENCODE_VERSION=1.4.3
          github-owner: ${{ github.repository_owner }}
          dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
          version: ${{ needs.semantic-release.outputs.new_release_version }}
          major-version: ${{ needs.semantic-release.outputs.new_release_major_version }}

      - name: Security Scan
        uses: dallay/common-actions/actions/docker-security-scan@main
        with:
          image-ref: ghcr.io/${{ github.repository_owner }}/opencode:${{ needs.semantic-release.outputs.new_release_version }}
          report-name: opencode-trivy
          category: opencode-trivy
          severity: HIGH,CRITICAL
          fail-on-error: false