This repository was archived by the owner on Mar 16, 2026. It is now read-only.

feat: Implement plugin publishing workflow, enhance authentication wi… #3

	# Registry Web: build React app, deploy to EC2 (rsync + Caddy reload).
	# Path filter: only registry/web and this workflow.

	name: Registry Web

	on:
	push:
	branches: [main]
	paths:
	- "registry/web/**"
	- ".github/workflows/registry-web.yml"
	pull_request:
	branches: [main]
	paths:
	- "registry/web/**"

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: "20"
	cache: "npm"
	cache-dependency-path: registry/web/package-lock.json
	- run: cd registry/web && npm ci
	- run: cd registry/web && npm run build
	- uses: actions/upload-artifact@v4
	with:
	name: web-dist
	path: registry/web/dist/

	deploy:
	needs: build
	if: github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: web-dist
	path: dist/
	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/hivemind-registry-deploy
	aws-region: us-east-1
	- name: Deploy to EC2
	env:
	EC2_HOST: ${{ secrets.REGISTRY_EC2_HOST }}
	DEPLOY_KEY: ${{ secrets.REGISTRY_DEPLOY_KEY }}
	run: \|
	echo "$DEPLOY_KEY" > /tmp/deploy_key && chmod 600 /tmp/deploy_key
	rsync -avz --delete -e "ssh -i /tmp/deploy_key -o StrictHostKeyChecking=no" \
	dist/ ec2-user@$EC2_HOST:/opt/hivemind-registry/web_dist/
	ssh -i /tmp/deploy_key -o StrictHostKeyChecking=no ec2-user@$EC2_HOST \
	"docker exec hivemind-registry-caddy-1 caddy reload --config /etc/caddy/Caddyfile"

Provide feedback