ci: split Docker workflow into separate stg and prd files (#78)

Author: mxmlnwbr

.github/workflows/docker-image.yml .github/workflows/docker-image-prd.yml.github/workflows/docker-image.yml renamed to .github/workflows/docker-image-prd.yml

@@ -1,9 +1,6 @@
-name: Build Docker image
+name: Build production Docker images
 
 on:
-  push:
-    branches:
-      - 'main'
   release:
     types:
       - published
@@ -12,59 +9,7 @@ env:
   REGISTRY: ghcr.io
 
 jobs:
-  build-stg:
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55
-
-      - name: Log into registry ${{ env.REGISTRY }}
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
-        with:
-          images: ${{ env.REGISTRY }}/${{ github.repository }}
-          tags: |
-            type=raw,value=main
-            type=raw,value=latest
-            type=raw,value=latest-${{ github.sha }}
-
-      - name: Replace .env.production with .env.stage
-        shell: bash
-        run: |
-          rm .env.production
-          mv .env.stage .env.production
-        if: github.ref == 'refs/heads/main'
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6
-        with:
-          context: .
-          file: Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |
-            NEXT_PUBLIC_APP_VERSION=latest-${{ github.sha }}
-
   build-prd:
-    if: github.event_name == 'release'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -116,7 +61,6 @@ jobs:
             NEXT_PUBLIC_APP_VERSION=stable-${{ steps.stable_sha.outputs.value }}
 
   build-prd-ibw:
-    if: github.event_name == 'release'
     runs-on: ubuntu-latest
     permissions:
       contents: read

.github/workflows/docker-image-stg.yml

@@ -0,0 +1,59 @@
+name: Build staging Docker image
+
+on:
+  push:
+    branches:
+      - 'main'
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build-stg:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=raw,value=main
+            type=raw,value=latest
+            type=raw,value=latest-${{ github.sha }}
+
+      - name: Replace .env.production with .env.stage
+        shell: bash
+        run: |
+          rm .env.production
+          mv .env.stage .env.production
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            NEXT_PUBLIC_APP_VERSION=latest-${{ github.sha }}

package.json

@@ -47,7 +47,8 @@
     "release:rc": "standard-version --prerelease rc --no-verify",
     "release:rc:dry": "standard-version --dry-run --prerelease rc",
     "release": "standard-version",
-    "release:dry": "standard-version --dry-run"
+    "release:dry": "standard-version --dry-run",
+    "release:publish": "bash scripts/release-publish.sh"
   },
   "dependencies": {
     "@azure/identity": "3.3.0",

scripts/release-publish.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+set -euo pipefail
+
+BRANCH=$(git rev-parse --abbrev-ref HEAD)
+if [[ "$BRANCH" != "main" ]]; then
+  echo "❌ Must be on 'main' branch (currently on '$BRANCH')"
+  exit 1
+fi
+
+if [[ -n "$(git status --porcelain)" ]]; then
+  echo "❌ Working directory is not clean. Commit or stash changes first."
+  exit 1
+fi
+
+echo "📦 Running standard-version..."
+pnpm run release
+
+VERSION=$(node -p "require('./package.json').version")
+TAG="v$VERSION"
+
+echo "🚀 Pushing commit and tag ($TAG) to origin/main..."
+git push --follow-tags origin main
+
+echo "📢 Creating GitHub Release $TAG..."
+gh release create "$TAG" --target main --generate-notes --title "$TAG"
+
+echo "✅ Release $TAG published. build-prd and build-prd-ibw will start shortly."