name: ci on: push: workflow_dispatch: inputs: tag: description: 'Tag to deploy' required: false jobs: run-tests: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Cache Poetry dependencies uses: actions/cache@v4 with: path: | ~/.cache/pypoetry ~/.cache/pip key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} restore-keys: | ${{ runner.os }}-poetry- - name: Setup Python uses: actions/setup-python@v5 with: python-version: '3.12' - name: Install dependencies run: | pip install poetry poetry sync - name: Run tests run: | poetry run python -m unittest docker: runs-on: ubuntu-latest needs: [run-tests] if: github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'develop') permissions: contents: read packages: write # required to push to ghcr.io id-token: write # optional for OIDC if you use it steps: - uses: actions/checkout@v3 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GHCR uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Prepare image tags run: | OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]') REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]') # Determine tag if [ "${GITHUB_REF_NAME}" = "main" ]; then TAG="latest" else TAG="dev" fi SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7) IMAGE_BASE="ghcr.io/${OWNER}/${REPO}" echo "IMAGE_LATEST=${IMAGE_BASE}:${TAG}" >> $GITHUB_ENV echo "IMAGE_SHA=${IMAGE_BASE}:sha-${SHORT_SHA}" >> $GITHUB_ENV - name: Build and push Docker image (with registry cache) uses: docker/build-push-action@v5 with: context: . push: true platforms: linux/amd64,linux/arm64 tags: | ${{ env.IMAGE_LATEST }} ${{ env.IMAGE_SHA }} cache-from: type=gha cache-to: type=gha,mode=max