lunarfront-manager/.gitea/workflows/build.yml

name: Build & Release

on:
  push:
    branches: [main]
  workflow_dispatch:

concurrency:
  group: build
  cancel-in-progress: false

jobs:
  build:
    runs-on: ubuntu-latest
    if: "!startsWith(github.event.head_commit.message, 'chore: bump version')"
    env:
      REGISTRY: registry.digitalocean.com/lunarfront
      GIT_REMOTE: git.lunarfront.tech
      DOCKER_HOST: tcp://localhost:2375

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          token: ${{ secrets.BOT_TOKEN }}

      - name: Determine version bump
        id: bump
        run: |
          COMMIT_MSG=$(git log -1 --pretty=%s)
          if echo "$COMMIT_MSG" | grep -qiE "^breaking(\(.+\))?:|^.+!:"; then
            echo "type=major" >> $GITHUB_OUTPUT
          elif echo "$COMMIT_MSG" | grep -qiE "^feat(\(.+\))?:"; then
            echo "type=minor" >> $GITHUB_OUTPUT
          else
            echo "type=patch" >> $GITHUB_OUTPUT
          fi

      - name: Bump version
        id: version
        run: |
          VERSION=$(node -e "
            const fs = require('fs');
            const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
            const [major, minor, patch] = (pkg.version ?? '0.0.0').split('.').map(Number);
            const type = '${{ steps.bump.outputs.type }}';
            if (type === 'major') pkg.version = \`\${major + 1}.0.0\`;
            else if (type === 'minor') pkg.version = \`\${major}.\${minor + 1}.0\`;
            else pkg.version = \`\${major}.\${minor}.\${patch + 1}\`;
            fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
            console.log(pkg.version);
          ")
          echo "version=$VERSION" >> $GITHUB_OUTPUT

      - name: Login to registry
        run: echo "${{ secrets.DOCR_TOKEN }}" | docker login registry.digitalocean.com -u token --password-stdin

      - name: Build and push
        run: |
          VERSION=${{ steps.version.outputs.version }}
          SHA=$(git rev-parse --short HEAD)
          docker build \
            -t $REGISTRY/manager:$VERSION \
            -t $REGISTRY/manager:$SHA \
            -t $REGISTRY/manager:latest \
            .
          docker push $REGISTRY/manager:$VERSION
          docker push $REGISTRY/manager:$SHA
          docker push $REGISTRY/manager:latest

      - name: Commit version bump
        run: |
          git config user.name "lunarfront-bot"
          git config user.email "bot@lunarfront.tech"
          git remote set-url origin https://lunarfront-bot:${{ secrets.BOT_TOKEN }}@$GIT_REMOTE/ryan/lunarfront-manager.git
          git add package.json
          git commit -m "chore: bump version to v${{ steps.version.outputs.version }}"
          git pull --rebase origin main
          git push origin main

      - name: Update charts
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.CHARTS_DEPLOY_KEY }}" > ~/.ssh/charts_deploy_key
          chmod 600 ~/.ssh/charts_deploy_key
          echo "StrictHostKeyChecking no" >> ~/.ssh/config
          GIT_SSH_COMMAND="ssh -i ~/.ssh/charts_deploy_key" git clone ssh://git@git-ssh.lunarfront.tech/ryan/lunarfront-charts.git /tmp/charts
          cd /tmp/charts
          sed -i "s|image: registry.digitalocean.com/lunarfront/manager:.*|image: registry.digitalocean.com/lunarfront/manager:${{ steps.version.outputs.version }}|" manager/deployment.yaml
          git config user.name "lunarfront-bot"
          git config user.email "bot@lunarfront.tech"
          git add manager/deployment.yaml
          git commit -m "chore: update manager image to v${{ steps.version.outputs.version }}"
          GIT_SSH_COMMAND="ssh -i ~/.ssh/charts_deploy_key" git push origin main

      - name: Logout
        if: always()
        run: docker logout registry.digitalocean.com