GHA-powered deploy to Production (#20)

* Add GHA workflow to deploy to production * Allow manual dispatch and trigger deploy on tag creation * Build and push Docker image to multiple registries * Add missing flyctl tool in build stage * Explicitly grant permission for GHA to push Docker image to GHCR * Enable build cache within Docker+GHA context * Do not deploy to Docker Hub * Don't hardcode GHCR repository URL (let forks build) * Don't push pull request-initiated builds to container registries * Don't label images by individual commit ID * Push to container registries when new tags are created, or a commit to `main` occurs * Remove debugging flag for checkout action
bldrs-ai · Aug 26, 2023 · 9691ba7 · 9691ba7
1 parent 1a29a9b
commit 9691ba7
Showing 1 changed file with 61 additions and 1 deletion.
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
@@ -4,15 +4,75 @@ on:
   push:
     branches:
       - main
+    tags:
+      - "v*.*.*"
 
   workflow_dispatch:
 
 env:
   FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
 
+permissions:
+  packages: write
+
 jobs:
+  build:
+    name: Build application
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Fly.io command line tool
+        id: setup-flyctl
+        uses: superfly/flyctl-actions/setup-flyctl@master
+
+      - name: Generate Docker metadata
+        id: docker-image-metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+            registry.fly.io/headless-three-prod
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to Fly.io Container Registry
+        run: flyctl auth docker
+
+      - name: Build and Push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker-image-metadata.outputs.tags }}
+          labels: ${{ steps.docker-image-metadata.outputs.labels }}
+
   deploy:
     name: Deploy app
+    needs:
+      - build
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -25,4 +85,4 @@ jobs:
 
       - name: Build and Deploy
         id: build-and-deploy
-        run: flyctl deploy --app headless-three-prod
+        run: flyctl deploy --app headless-three-prod --remote-only --build-arg 'GIT_COMMIT=${{ github.sha }}' --build-arg 'GIT_TAG=${{ github.ref_name }}'