storage-hideyoshi.com/.github/workflows/deploy.yml

name: ci

on:
  push:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to deploy'
        required: false

jobs:
  run-tests:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Cache Poetry dependencies
        uses: actions/cache@v4
        with:
          path: |
            ~/.cache/pypoetry
            ~/.cache/pip
          key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
          restore-keys: |
            ${{ runner.os }}-poetry-

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.12'

      - name: Install dependencies
        run: |
          pip install poetry
          poetry sync

      - name: Run tests
        run: |
          poetry run python -m unittest

  docker:
    runs-on: ubuntu-latest
    needs: [run-tests]
    if: github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'develop')
    permissions:
      contents: read
      packages: write   # required to push to ghcr.io
      id-token: write   # optional for OIDC if you use it
    steps:
      - uses: actions/checkout@v3

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Prepare image tags
        run: |
          OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
          REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
          
          # Determine tag
          if [ "${GITHUB_REF_NAME}" = "main" ]; then
            TAG="latest"
          else
            TAG="dev"
          fi
          
          SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
          IMAGE_BASE="ghcr.io/${OWNER}/${REPO}"
          
          echo "IMAGE_LATEST=${IMAGE_BASE}:${TAG}" >> $GITHUB_ENV
          echo "IMAGE_SHA=${IMAGE_BASE}:sha-${SHORT_SHA}" >> $GITHUB_ENV

      - name: Build and push Docker image (with registry cache)
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ${{ env.IMAGE_LATEST }}
            ${{ env.IMAGE_SHA }}
          cache-from: type=gha
          cache-to: type=gha,mode=max