web: KB 9.0 compatibility (#2062) #633
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: dockerize-web | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened] | |
| paths: | |
| - "web/**" | |
| - ".github/workflows/dockerize-web.yml" | |
| - "!**/*.md" | |
| - "!web/package-lock.json" | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "web/**" | |
| - ".github/workflows/dockerize-web.yml" | |
| - "!**/*.md" | |
| - "!web/package-lock.json" | |
| permissions: | |
| pull-requests: write | |
| packages: write | |
| contents: read | |
| issues: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| jobs: | |
| build-web-images: | |
| name: Build Web Docker Images | |
| permissions: | |
| packages: write | |
| strategy: | |
| matrix: | |
| include: | |
| - arch: amd64 | |
| - arch: arm64 | |
| runs-on: ubuntu-24.04-arm | |
| runs-on: ${{ matrix.runs-on || 'ubuntu-24.04' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Cache node modules | |
| id: cache-node-modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: web/node_modules | |
| key: ${{ runner.os }}-${{ matrix.arch }}-node-${{ hashFiles('web/package-lock.json') }} | |
| - name: Use Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18.x | |
| - name: Install Package | |
| working-directory: web | |
| if: steps.cache-node-modules.outputs.cache-hit != 'true' | |
| run: npm ci | |
| - name: Build web | |
| working-directory: web | |
| env: | |
| VITE_SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| VITE_GITHUB_SHA: ${{ github.sha }} | |
| run: npm run build | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@v1 | |
| if: ${{ !github.event.repository.fork && github.event_name != 'pull_request' && matrix.arch == 'amd64' }} | |
| continue-on-error: true | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
| with: | |
| sourcemaps: web/dist/assets | |
| url_prefix: "~/assets/" | |
| version: ${{ format('laf@{0}', github.sha) }} | |
| working_directory: web | |
| ignore_missing: true | |
| ignore_empty: true | |
| - name: Sentry release info (PR only) | |
| if: github.event_name == 'pull_request' && matrix.arch == 'amd64' | |
| run: | | |
| echo "ℹ️ Sentry release skipped in PR for security reasons" | |
| echo "🚀 Sentry release will be created when this PR is merged" | |
| - name: Remove source maps | |
| run: rm -rf web/dist/assets/*.map | |
| - name: Set up QEMU | |
| if: ${{ matrix.arch != runner.arch }} | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' && env.DOCKERHUB_USERNAME != '' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to Github Container Hub | |
| if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository_owner }}/laf-web | |
| ${{ env.DOCKERHUB_USERNAME && format('docker.io/{0}/laf-web', env.DOCKERHUB_USERNAME) || '' }} | |
| - name: Build for ${{ matrix.arch }} | |
| id: docker-build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./web | |
| file: ./web/Dockerfile | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/${{ matrix.arch }} | |
| # PR builds: load locally, Main builds: push by digest | |
| push: false | |
| load: ${{ github.event_name == 'pull_request' }} | |
| outputs: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' && format('type=image,"name=ghcr.io/{0}/laf-web{1}",name-canonical=true,push-by-digest=true,push=true', github.repository_owner, env.DOCKERHUB_USERNAME && format(',docker.io/{0}/laf-web', env.DOCKERHUB_USERNAME) || '') || '' }} | |
| - name: Export digest | |
| if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} | |
| run: | | |
| mkdir -p ${{ runner.temp }}/digests | |
| digest="${{ steps.docker-build.outputs.digest }}" | |
| touch "${{ runner.temp }}/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-web-${{ matrix.arch }} | |
| path: ${{ runner.temp }}/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Comment on PR | |
| if: github.event_name == 'pull_request' && matrix.arch == 'amd64' && always() | |
| uses: actions/github-script@v7 | |
| continue-on-error: true | |
| with: | |
| script: | | |
| const buildSuccess = '${{ steps.docker-build.outcome }}' === 'success'; | |
| const emoji = buildSuccess ? '✅' : '❌'; | |
| const status = buildSuccess ? 'Success' : 'Failed'; | |
| let body = `## ${emoji} laf Web Image Build ${status}\n\n`; | |
| body += `### Build Details\n\n`; | |
| body += `| Item | Value |\n`; | |
| body += `|------|-------|\n`; | |
| body += `| Build Status | ${buildSuccess ? '✅ Passed' : '❌ Failed'} |\n`; | |
| body += `| Platforms | linux/amd64 (PR validation) |\n`; | |
| body += `| Push to Registry | ⚠️ No (PR build only) |\n`; | |
| body += `| Node Version | 18.x |\n`; | |
| body += `| Framework | Vite/React |\n\n`; | |
| if (buildSuccess) { | |
| body += `### 📦 Image will be published after merge to main\n\n`; | |
| body += `**Note**: PR builds only verify the Docker build process for linux/amd64. Multi-platform images (amd64 + arm64) are built and pushed only when merged to main.\n\n`; | |
| } | |
| body += `**Commit**: \`${{ github.sha }}\`\n`; | |
| body += `**Triggered by**: @${{ github.actor }}\n`; | |
| try { | |
| const { data: comments } = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| const botComment = comments.find(comment => | |
| comment.user.type === 'Bot' && | |
| comment.body.includes('laf Web Image Build') | |
| ); | |
| if (botComment) { | |
| await github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: botComment.id, | |
| body: body | |
| }); | |
| } else { | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| body: body | |
| }); | |
| } | |
| } catch (error) { | |
| console.log('Failed to post comment:', error.message); | |
| console.log('This might be expected for PRs from forks'); | |
| } | |
| release-web-images: | |
| name: Push Web Docker Images | |
| permissions: | |
| packages: write | |
| needs: build-web-images | |
| runs-on: ubuntu-24.04 | |
| if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Login to DockerHub | |
| if: ${{ env.DOCKERHUB_USERNAME != '' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to Github Container Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download digests | |
| uses: actions/download-artifact@v5 | |
| with: | |
| path: ${{ runner.temp }}/digests | |
| pattern: digests-web-* | |
| merge-multiple: true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository_owner }}/laf-web | |
| ${{ env.DOCKERHUB_USERNAME && format('docker.io/{0}/laf-web', env.DOCKERHUB_USERNAME) || '' }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=ref,event=tag | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} | |
| - name: Create manifest list and push | |
| working-directory: ${{ runner.temp }}/digests | |
| run: | | |
| for TAG in $DOCKER_METADATA_OUTPUT_TAGS; do | |
| docker buildx imagetools create -t $TAG \ | |
| $(printf 'ghcr.io/${{ github.repository_owner }}/laf-web@sha256:%s ' *) | |
| sleep 3 | |
| done | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/laf-web:${{ steps.meta.outputs.version }} |