From a6dfc5664b8044496f4d2ce802c9e1b3f6e0459f Mon Sep 17 00:00:00 2001 From: zhom <2717306+zhom@users.noreply.github.com> Date: Tue, 24 Mar 2026 21:12:52 +0400 Subject: [PATCH] refactor: run docker workflow on release --- .github/workflows/docker-sync.yml | 18 +++++++------- .github/workflows/release.yml | 39 +++++++++++++++++++++---------- donut-sync/Dockerfile | 16 +++++++++---- 3 files changed, 49 insertions(+), 24 deletions(-) diff --git a/.github/workflows/docker-sync.yml b/.github/workflows/docker-sync.yml index fd101f9..cdc3098 100644 --- a/.github/workflows/docker-sync.yml +++ b/.github/workflows/docker-sync.yml @@ -1,12 +1,16 @@ name: Build and Push donut-sync Docker Image on: - release: - types: [published] push: branches: [main] paths: - "donut-sync/**" + workflow_call: + inputs: + tag: + description: "Docker tag (e.g., v1.0.0)" + required: true + type: string workflow_dispatch: inputs: tag: @@ -41,19 +45,17 @@ jobs: id: tags run: | TAGS="" + INPUT_TAG="${{ inputs.tag }}" - if [ "${{ github.event_name }}" = "release" ]; then - # Stable release: tag with version and latest - VERSION="${{ github.event.release.tag_name }}" - TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}" + if [ -n "$INPUT_TAG" ]; then + # Called from release workflow or manual dispatch + TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${INPUT_TAG}" TAGS="${TAGS},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" elif [ "${{ github.event_name }}" = "push" ]; then # Push to main (nightly): tag with nightly and commit SHA SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly" TAGS="${TAGS},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly-${SHORT_SHA}" - elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then - TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.tag }}" fi echo "tags=${TAGS}" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a98aa6a..cdfd45c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -237,6 +237,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: write + pull-requests: write steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 with: @@ -368,16 +369,28 @@ jobs: //!d }' README.md - - name: Commit release docs + - name: Create release docs PR + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAG: ${{ github.ref_name }} run: | + VERSION="${TAG#v}" + BRANCH="docs/release-${VERSION}" git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" + git checkout -b "$BRANCH" git add CHANGELOG.md README.md if git diff --cached --quiet; then echo "No changes to commit" else - git commit -m "docs: update CHANGELOG.md and README.md for ${{ github.ref_name }} [skip ci]" - git push origin main + git commit -m "docs: update CHANGELOG.md and README.md for ${TAG} [skip ci]" + git push origin "$BRANCH" + gh pr create \ + --title "docs: release notes for ${TAG}" \ + --body "Automated update of CHANGELOG.md and README.md download links for ${TAG}." \ + --base main \ + --head "$BRANCH" + gh pr merge "$BRANCH" --auto --squash fi - name: Update release notes @@ -410,6 +423,14 @@ jobs: }" \ "$DISCORD_WEBHOOK_URL" + docker: + if: github.repository == 'zhom/donutbrowser' + needs: [release] + uses: ./.github/workflows/docker-sync.yml + with: + tag: ${{ github.ref_name }} + secrets: inherit + update-flake: if: github.repository == 'zhom/donutbrowser' needs: [release] @@ -435,19 +456,13 @@ jobs: echo "Downloading x86_64 AppImage..." curl -fsSL -o /tmp/amd64.AppImage "$AMD64_URL" || { echo "x86_64 AppImage not found"; exit 1; } - AMD64_HASH=$(nix-hash --type sha256 --base32 --flat /tmp/amd64.AppImage 2>/dev/null || sha256sum /tmp/amd64.AppImage | awk '{print $1}') echo "Downloading aarch64 AppImage..." curl -fsSL -o /tmp/aarch64.AppImage "$AARCH64_URL" || { echo "aarch64 AppImage not found"; exit 1; } - AARCH64_HASH=$(nix-hash --type sha256 --base32 --flat /tmp/aarch64.AppImage 2>/dev/null || sha256sum /tmp/aarch64.AppImage | awk '{print $1}') - # Convert to SRI format (sha256-) if we got hex - if echo "$AMD64_HASH" | grep -qE '^[0-9a-f]{64}$'; then - AMD64_HASH="sha256-$(echo "$AMD64_HASH" | xxd -r -p | base64 | tr -d '\n')" - fi - if echo "$AARCH64_HASH" | grep -qE '^[0-9a-f]{64}$'; then - AARCH64_HASH="sha256-$(echo "$AARCH64_HASH" | xxd -r -p | base64 | tr -d '\n')" - fi + # Compute SRI hashes (sha256-) + AMD64_HASH="sha256-$(sha256sum /tmp/amd64.AppImage | awk '{print $1}' | xxd -r -p | base64 | tr -d '\n')" + AARCH64_HASH="sha256-$(sha256sum /tmp/aarch64.AppImage | awk '{print $1}' | xxd -r -p | base64 | tr -d '\n')" echo "AMD64_HASH=${AMD64_HASH}" >> "$GITHUB_ENV" echo "AARCH64_HASH=${AARCH64_HASH}" >> "$GITHUB_ENV" diff --git a/donut-sync/Dockerfile b/donut-sync/Dockerfile index 28cf28e..aa3a74c 100644 --- a/donut-sync/Dockerfile +++ b/donut-sync/Dockerfile @@ -1,10 +1,18 @@ +FROM node:22-alpine AS builder + +WORKDIR /build +COPY donut-sync/package.json donut-sync/tsconfig.json donut-sync/tsconfig.build.json ./ +COPY donut-sync/src/ src/ +RUN npm install +RUN npm run build +RUN npm prune --omit=dev + FROM node:22-alpine WORKDIR /app - -COPY package.json . -COPY dist/ dist/ -COPY node_modules/ node_modules/ +COPY --from=builder /build/package.json . +COPY --from=builder /build/dist/ dist/ +COPY --from=builder /build/node_modules/ node_modules/ ENV NODE_ENV=production EXPOSE 12342