feat: initial version #22
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-base: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Log in to Public ECR | |
| run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
| - name: Build and push base | |
| run: | | |
| echo "${{ secrets.GHCR_PAT }}" > github_token | |
| docker buildx build \ | |
| --platform linux/arm64,linux/amd64 \ | |
| --provenance=false \ | |
| --secret id=github_token,src=github_token \ | |
| --target base \ | |
| --tag ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime:base \ | |
| --tag public.ecr.aws/j5r7n1v7/lambda-shell-runtime:base \ | |
| --push \ | |
| . | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GHCR_PAT }} | |
| build: | |
| needs: build-base | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.draft == false || github.event_name != 'pull_request' | |
| env: | |
| HTTP_CLI_VERSION: v1.0.1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - run: npm ci | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Create and use buildx builder | |
| run: | | |
| docker buildx create --name shell-runtime-builder --driver docker-container --use | |
| docker buildx inspect shell-runtime-builder --bootstrap | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Set version | |
| id: version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| # For PRs, use pr-NUMBER format | |
| echo "VERSION=pr-${{ github.event.number }}" >> $GITHUB_ENV | |
| echo "SHOULD_RELEASE=false" >> $GITHUB_ENV | |
| elif [ "${{ github.ref_name }}" = "main" ]; then | |
| # Get semantic version for main branch | |
| VERSION=$(npx semantic-release --no-ci --dry-run --branch main 2>&1 | grep -oP 'The next release version is \K[0-9]+\.[0-9]+\.[0-9]+' || echo "") | |
| if [ -z "$VERSION" ]; then | |
| echo "No release needed" | |
| echo "VERSION=develop" >> $GITHUB_ENV | |
| echo "SHOULD_RELEASE=false" >> $GITHUB_ENV | |
| else | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "SHOULD_RELEASE=true" >> $GITHUB_ENV | |
| fi | |
| else | |
| # Use branch name for develop (sanitize it) | |
| CLEAN_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9.-]/-/g') | |
| echo "VERSION=$CLEAN_BRANCH" >> $GITHUB_ENV | |
| echo "SHOULD_RELEASE=false" >> $GITHUB_ENV | |
| fi | |
| echo "Detected VERSION: $VERSION" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Log in to GHCR | |
| run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u skunxicat --password-stdin | |
| - name: Log in to Public ECR | |
| run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
| - name: Build and push images | |
| run: | | |
| echo "${{ secrets.GHCR_PAT }}" > github_token | |
| export GITHUB_TOKEN="${{ secrets.GHCR_PAT }}" | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| # For PRs, only build (don't push) | |
| echo "PR build - testing only, not pushing" | |
| ./build-enhanced --load --platform linux/arm64 tiny micro full | |
| else | |
| # For push events, build and push to both registries | |
| ./build-enhanced --push --ghcr --public-ecr --platform linux/arm64,linux/amd64 tiny micro full | |
| fi | |
| # Also tag latest for main branch releases | |
| if [ "${{ github.ref_name }}" = "main" ] && [ "$SHOULD_RELEASE" = "true" ]; then | |
| for VARIANT in tiny micro full; do | |
| docker buildx imagetools create \ | |
| ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime:$VARIANT \ | |
| --tag ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime:$VARIANT-latest | |
| docker buildx imagetools create \ | |
| public.ecr.aws/j5r7n1v7/lambda-shell-runtime:$VARIANT \ | |
| --tag public.ecr.aws/j5r7n1v7/lambda-shell-runtime:$VARIANT-latest | |
| done | |
| fi | |
| shell: bash | |
| - name: Create release | |
| if: env.SHOULD_RELEASE == 'true' | |
| run: npx semantic-release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GHCR_PAT: ${{ secrets.GHCR_PAT }} |