temporalio · chaptersix · Nov 20, 2025 · Nov 20, 2025 · Nov 20, 2025 · Nov 20, 2025
@@ -0,0 +1,243 @@
+name: Build and Publish (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      publish:
+        description: "Whether to publish the release and Docker image"
+        required: true
+        type: boolean
+      version:
+        description: "Version tag for the release (required if publish is true)"
+        required: false
+        type: string
+      registry:
+        description: "Container registry (docker.io, ghcr.io, etc.)"
+        required: false
+        type: string
+        default: ""
+      registry_namespace:
+        description: "Registry namespace/organization"
+        required: false
+        type: string
+        default: ""
+      image_name:
+        description: "Image name"
+        required: false
+        type: string
+        default: "temporal"
+    secrets:
+      DOCKER_USERNAME:
+        required: false
+      DOCKER_PASSWORD:
+        required: false
+
+jobs:
+  build:
+    name: Build and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: "go.mod"
+          check-latest: true
+          cache: true
+
+      - name: Get build date
+        id: date
+        run: echo "date=$(date '+%F-%T')" >> $GITHUB_OUTPUT
+
+      - name: Get build unix timestamp
+        id: timestamp
+        run: echo "timestamp=$(date '+%s')" >> $GITHUB_OUTPUT
+
+      - name: Get git branch
+        id: branch
+        run: echo "branch=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Get build platform
+        id: platform
+        run: echo "platform=$(go version | cut -d ' ' -f 4)" >> $GITHUB_OUTPUT
+
+      - name: Get Go version
+        id: go
+        run: echo "go=$(go version | cut -d ' ' -f 3)" >> $GITHUB_OUTPUT
+
+      - name: Check if release is latest
+        if: inputs.publish
+        id: check_latest_release
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const releaseTag = '${{ inputs.version }}';
+            const { data: release } = await github.rest.repos.getReleaseByTag({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag: releaseTag
+            });
+
+            const isLatest = !release.prerelease && !release.draft;
+            core.setOutput('is_latest', isLatest);
+            console.log(`Release: ${release.tag_name}`);
+            console.log(`Prerelease: ${release.prerelease}, Draft: ${release.draft}`);
+            console.log(`Should tag as latest: ${isLatest}`);
+
+      - name: Run GoReleaser (release)
+        if: inputs.publish
+        uses: goreleaser/[email protected]
+        with:
+          version: v2.12.7
+          args: release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BUILD_DATE: ${{ steps.date.outputs.date }}
+          BUILD_TS_UNIX: ${{ steps.timestamp.outputs.timestamp }}
+          GIT_BRANCH: ${{ steps.branch.outputs.branch }}
+          BUILD_PLATFORM: ${{ steps.platform.outputs.platform }}
+          GO_VERSION: ${{ steps.go.outputs.go }}
+
+      - name: Run GoReleaser (snapshot)
+        if: ${{ !inputs.publish }}
+        uses: goreleaser/[email protected]
+        with:
+          version: v2.12.7
+          args: release --snapshot --clean
+        env:
+          BUILD_DATE: ${{ steps.date.outputs.date }}
+          BUILD_TS_UNIX: ${{ steps.timestamp.outputs.timestamp }}
+          GIT_BRANCH: ${{ steps.branch.outputs.branch }}
+          BUILD_PLATFORM: ${{ steps.platform.outputs.platform }}
+          GO_VERSION: ${{ steps.go.outputs.go }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Get build metadata
+        id: meta
+        env:
+          INPUT_VERSION: ${{ inputs.version }}
+          INPUT_PUBLISH: ${{ inputs.publish }}
+          INPUT_REGISTRY: ${{ inputs.registry }}
+          INPUT_REGISTRY_NAMESPACE: ${{ inputs.registry_namespace }}
+          INPUT_IMAGE_NAME: ${{ inputs.image_name }}
+          REPO_OWNER: ${{ github.repository_owner }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const inputVersion = process.env.INPUT_VERSION;
+            const inputPublish = process.env.INPUT_PUBLISH;
+            const inputRegistry = process.env.INPUT_REGISTRY;
+            const inputRegistryNamespace = process.env.INPUT_REGISTRY_NAMESPACE;
+            const inputImageName = process.env.INPUT_IMAGE_NAME;
+            const repoOwner = process.env.REPO_OWNER;
+
+            // Get git information
+            const { execSync } = require('child_process');
+            const cliSha = execSync('git rev-parse HEAD', { encoding: 'utf8' }).trim();
+            const imageShaTag = execSync('git rev-parse --short HEAD', { encoding: 'utf8' }).trim();
+            const imageBranchTag = execSync('git rev-parse --abbrev-ref HEAD', { encoding: 'utf8' }).trim();
+
+            core.setOutput('cli_sha', cliSha);
+            core.setOutput('image_sha_tag', imageShaTag);
+            core.setOutput('image_branch_tag', imageBranchTag);
+
+            // Determine version
+            let version;
+            if (inputPublish === 'true') {
+              // Get version from input, strip 'v' prefix
+              version = inputVersion.startsWith('v') ? inputVersion.slice(1) : inputVersion;
+            } else {
+              version = 'snapshot';
+            }
+            core.setOutput('version', version);
+
+            // Determine registry (with auto-detection for temporalio vs forks)
+            let registry = inputRegistry;
+            if (!registry) {
+              if (repoOwner === 'temporalio') {
+                registry = 'docker.io';
+              } else {
+                registry = 'ghcr.io';
+              }
+            }
+
+            // Determine registry type for authentication
+            let registryType;
+            if (registry === 'ghcr.io') {
+              registryType = 'ghcr';
+            } else if (registry === 'docker.io') {
+              registryType = 'dockerhub';
+            } else {
+              registryType = 'other';
+            }
+            core.setOutput('registry_type', registryType);
+
+            // Set namespace (defaults to repository owner)
+            const namespace = inputRegistryNamespace || repoOwner;
+            core.setOutput('image_namespace', namespace);
+
+            // Set image name (defaults to 'temporal')
+            const imageName = inputImageName || 'temporal';
+            core.setOutput('image_name', imageName);
+
+            // For Docker Hub, use empty string as registry (special case)
+            const imageRepo = registry === 'docker.io' ? '' : registry;
+            core.setOutput('image_repo', imageRepo);
+
+            console.log(`Registry: ${registry}, Type: ${registryType}, Namespace: ${namespace}, Image: ${imageName}`);
+
+      - name: Log in to GitHub Container Registry
+        if: inputs.publish && steps.meta.outputs.registry_type == 'ghcr'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to Docker Hub
+        if: inputs.publish && steps.meta.outputs.registry_type == 'dockerhub'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push Docker image
+        if: inputs.publish
+        run: |
+          docker buildx bake \
+            --file docker-bake.hcl \
+            --push \
+            cli
+        env:
+          CLI_SHA: ${{ steps.meta.outputs.cli_sha }}
+          IMAGE_SHA_TAG: ${{ steps.meta.outputs.image_sha_tag }}
+          IMAGE_BRANCH_TAG: ${{ steps.meta.outputs.image_branch_tag }}
+          VERSION: ${{ steps.meta.outputs.version }}
+          TAG_LATEST: ${{ steps.check_latest_release.outputs.is_latest == 'true' }}
+          IMAGE_REPO: ${{ steps.meta.outputs.image_repo }}
+          IMAGE_NAMESPACE: ${{ steps.meta.outputs.image_namespace }}
+          IMAGE_NAME: ${{ steps.meta.outputs.image_name }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+
+      - name: Build Docker image
+        if: ${{ !inputs.publish }}
+        run: |
+          docker buildx bake \
+            --file docker-bake.hcl \
+            cli
+        env:
+          CLI_SHA: ${{ steps.meta.outputs.cli_sha }}
+          IMAGE_SHA_TAG: ${{ steps.meta.outputs.image_sha_tag }}
+          IMAGE_BRANCH_TAG: ${{ steps.meta.outputs.image_branch_tag }}
+          VERSION: ${{ steps.meta.outputs.version }}
+          TAG_LATEST: false
+          IMAGE_REPO: ${{ steps.meta.outputs.image_repo }}
+          IMAGE_NAMESPACE: ${{ steps.meta.outputs.image_namespace }}
+          IMAGE_NAME: ${{ steps.meta.outputs.image_name }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
@@ -0,0 +1,15 @@
+name: Build Docker Image
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    permissions:
+      contents: read
+    uses: ./.github/workflows/build-and-publish.yml
+    with:
+      publish: false
@@ -1,55 +1,21 @@
-name: goreleaser
+name: Release
 
 on:
   workflow_dispatch:
   release:
     types:
       - published
 
-jobs:
-  goreleaser:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: "go.mod"
-          check-latest: true
-
-      - name: Get build date
-        id: date
-        run: echo "::set-output name=date::$(date '+%F-%T')"
-
-      - name: Get build unix timestamp
-        id: timestamp
-        run: echo "::set-output name=timestamp::$(date '+%s')"
-
-      - name: Get git branch
-        id: branch
-        run: echo "::set-output name=branch::$(git rev-parse --abbrev-ref HEAD)"
+permissions:
+  contents: write
+  packages: write
 
-      - name: Get build platform
-        id: platform
-        run: echo "::set-output name=platform::$(go version | cut -d ' ' -f 4)"
-
-      - name: Get Go version
-        id: go
-        run: echo "::set-output name=go::$(go version | cut -d ' ' -f 3)"
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
-        with:
-          version: v1.26.2
-          args: release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          BUILD_DATE: ${{ steps.date.outputs.date }}
-          BUILD_TS_UNIX: ${{ steps.timestamp.outputs.timestamp }}
-          GIT_BRANCH: ${{ steps.branch.outputs.branch }}
-          BUILD_PLATFORM: ${{ steps.platform.outputs.platform }}
-          GO_VERSION: ${{ steps.go.outputs.go }}
+jobs:
+  release:
+    uses: ./.github/workflows/build-and-publish.yml
+    with:
+      publish: true
+      version: ${{ github.ref_name }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -5,6 +5,7 @@ on:
     types: [published]
 jobs:
   update:
+    if: github.repository == 'temporalio/cli'
     runs-on: ubuntu-latest
     defaults:
       run: