Gate Docker build on CI passing

Merged ci.yml and build.yml into a single workflow. The build job now
declares needs: [typecheck, lint, test] so images are only pushed when
all checks are green. PRs run CI only; branch/tag pushes run CI then
build if successful.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-09 18:53:58 -04:00
parent 3d861d08eb
commit c6211e5239
2 changed files with 62 additions and 70 deletions
-67
View File
@@ -1,67 +0,0 @@
# Branch push (dev): builds and pushes :dev + :<sha>
# Branch push (main): builds and pushes :latest + :<sha>
# Tag push (v1.2.0): builds and pushes :latest + :<sha> + :v1.2.0
#
# To cut a versioned release:
# git tag v1.2.0 && git push origin v1.2.0
#
# Required secrets (repo → Settings → Secrets → Actions):
# REGISTRY_USER — your Forgejo username
# REGISTRY_TOKEN — Forgejo PAT with write:packages scope
name: Build & push image
on:
push:
branches: [main, dev]
tags: ["v*"]
paths:
- "src/**"
- "frontend/**"
- "Dockerfile"
- "pyproject.toml"
- "alembic/**"
- "alembic.ini"
- ".forgejo/workflows/build.yml"
env:
REGISTRY: git.fabledsword.com
IMAGE: git.fabledsword.com/bvandeusen/fabledassistant
jobs:
build:
name: Build & push
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Generate image tags
id: tags
run: |
TAGS="${{ env.IMAGE }}:${{ github.sha }}"
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
TAGS="$TAGS,${{ env.IMAGE }}:latest"
elif [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
TAGS="$TAGS,${{ env.IMAGE }}:dev"
elif [[ "${{ github.ref }}" == refs/tags/* ]]; then
TAGS="$TAGS,${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ github.ref_name }}"
fi
echo "value=$TAGS" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Forgejo registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.tags.outputs.value }}
cache-from: type=registry,ref=${{ env.IMAGE }}:cache
cache-to: type=registry,ref=${{ env.IMAGE }}:cache,mode=max
+62 -3
View File
@@ -1,14 +1,28 @@
# Runs on every push and pull request.
# Fast checks only — no Docker build. Second runs take ~30s due to caching.
name: CI
# CI runs first; build only proceeds if all checks pass.
#
# Push to dev: typecheck + lint + test → build :dev + :<sha>
# Push to main: typecheck + lint + test → build :latest + :<sha>
# Tag v*: typecheck + lint + test → build :latest + :<sha> + :<version>
# Pull request: typecheck + lint + test only (no build)
#
# Required secrets (repo → Settings → Secrets → Actions):
# REGISTRY_USER — your Forgejo username
# REGISTRY_TOKEN — Forgejo PAT with write:packages scope
name: CI & Build
on:
push:
branches: [main, dev]
tags: ["v*"]
paths:
- "src/**"
- "frontend/**"
- "tests/**"
- "pyproject.toml"
- "alembic/**"
- "alembic.ini"
- "Dockerfile"
- "assets/**"
- ".forgejo/workflows/ci.yml"
pull_request:
paths:
@@ -18,6 +32,10 @@ on:
- "pyproject.toml"
- ".forgejo/workflows/ci.yml"
env:
REGISTRY: git.fabledsword.com
IMAGE: git.fabledsword.com/bvandeusen/fabledassistant
jobs:
typecheck:
name: TypeScript typecheck
@@ -70,3 +88,44 @@ jobs:
- name: Run tests
run: pytest tests/ -v
build:
name: Build & push image
needs: [typecheck, lint, test]
# Only build on branch/tag pushes — not on pull requests
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Generate image tags
id: tags
run: |
TAGS="${{ env.IMAGE }}:${{ github.sha }}"
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
TAGS="$TAGS,${{ env.IMAGE }}:latest"
elif [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
TAGS="$TAGS,${{ env.IMAGE }}:dev"
elif [[ "${{ github.ref }}" == refs/tags/* ]]; then
TAGS="$TAGS,${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ github.ref_name }}"
fi
echo "value=$TAGS" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Forgejo registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.tags.outputs.value }}
cache-from: type=registry,ref=${{ env.IMAGE }}:cache
cache-to: type=registry,ref=${{ env.IMAGE }}:cache,mode=max