1+ name : Build and Release
2+
3+ on :
4+ push :
5+ branches :
6+ - develop
7+ - main
8+ pull_request :
9+ branches :
10+ - main
11+ types : [opened, synchronize, reopened, ready_for_review]
12+
13+ permissions :
14+ contents : write
15+ issues : write
16+ pull-requests : write
17+
18+ concurrency :
19+ group : ${{ github.workflow }}-${{ github.ref }}
20+ cancel-in-progress : true
21+
22+ jobs :
23+ build-base :
24+ runs-on : ubuntu-latest
25+ steps :
26+ - uses : actions/checkout@v3
27+ - name : Set up Docker Buildx
28+ uses : docker/setup-buildx-action@v3
29+ - name : Login to GitHub Container Registry
30+ uses : docker/login-action@v3
31+ with :
32+ registry : ghcr.io
33+ username : ${{ github.actor }}
34+ password : ${{ secrets.GHCR_PAT }}
35+ - name : Configure AWS credentials
36+ uses : aws-actions/configure-aws-credentials@v4
37+ with :
38+ aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
39+ aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
40+ aws-region : us-east-1
41+ - name : Log in to Public ECR
42+ run : aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
43+ - name : Build and push base
44+ run : |
45+ echo "${{ secrets.GHCR_PAT }}" > github_token
46+ docker buildx build \
47+ --platform linux/arm64,linux/amd64 \
48+ --provenance=false \
49+ --secret id=github_token,src=github_token \
50+ --target base \
51+ --tag ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime:base \
52+ --tag public.ecr.aws/j5r7n1v7/lambda-shell-runtime:base \
53+ --push \
54+ .
55+ env :
56+ GITHUB_TOKEN : ${{ secrets.GHCR_PAT }}
57+
58+ build :
59+ needs : build-base
60+ runs-on : ubuntu-latest
61+ if : github.event.pull_request.draft == false || github.event_name != 'pull_request'
62+ env :
63+ HTTP_CLI_VERSION : v1.0.1
64+ steps :
65+ - uses : actions/checkout@v3
66+ - uses : actions/setup-node@v3
67+ with :
68+ node-version : 20
69+ - uses : actions/cache@v3
70+ with :
71+ path : ~/.npm
72+ key : ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
73+ restore-keys : |
74+ ${{ runner.os }}-node-
75+ run : npm ci
76+ - name : Set up QEMU
77+ uses : docker/setup-qemu-action@v3
78+ - name : Set up Docker Buildx
79+ uses : docker/setup-buildx-action@v3
80+ - name : Create and use buildx builder
81+ run : |
82+ docker buildx create --name shell-runtime-builder --driver docker-container --use
83+ docker buildx inspect shell-runtime-builder --bootstrap
84+ name : Cache Docker layers
85+ uses : actions/cache@v3
86+ with :
87+ path : /tmp/.buildx-cache
88+ key : ${{ runner.os }}-buildx-${{ github.sha }}
89+ restore-keys : |
90+ ${{ runner.os }}-buildx-
91+ name : Set version
92+ id : version
93+ env :
94+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
95+ run : |
96+ if [ "${{ github.event_name }}" = "pull_request" ]; then
97+ # For PRs, use pr-NUMBER format
98+ echo "VERSION=pr-${{ github.event.number }}" >> $GITHUB_ENV
99+ echo "SHOULD_RELEASE=false" >> $GITHUB_ENV
100+ elif [ "${{ github.ref_name }}" = "main" ]; then
101+ # Get semantic version for main branch
102+ VERSION=$(npx semantic-release --no-ci --dry-run --branch main 2>&1 | grep -oP 'Published release \K[0-9]+\.[0-9]+\.[0-9]+' || echo "")
103+ if [ -z "$VERSION" ]; then
104+ echo "No release needed"
105+ echo "VERSION=develop" >> $GITHUB_ENV
106+ echo "SHOULD_RELEASE=false" >> $GITHUB_ENV
107+ else
108+ echo "VERSION=$VERSION" >> $GITHUB_ENV
109+ echo "SHOULD_RELEASE=true" >> $GITHUB_ENV
110+ fi
111+ else
112+ # Use branch name for develop (sanitize it)
113+ CLEAN_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9.-]/-/g')
114+ echo "VERSION=$CLEAN_BRANCH" >> $GITHUB_ENV
115+ echo "SHOULD_RELEASE=false" >> $GITHUB_ENV
116+ fi
117+ echo "Detected VERSION: $VERSION"
118+ name : Configure AWS credentials
119+ uses : aws-actions/configure-aws-credentials@v4
120+ with :
121+ aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
122+ aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
123+ aws-region : us-east-1
124+ - name : Log in to GHCR
125+ run : echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u skunxicat --password-stdin
126+ - name : Log in to Public ECR
127+ run : aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
128+ - name : Build and push images
129+ run : |
130+ echo "${{ secrets.GHCR_PAT }}" > github_token
131+ export GITHUB_TOKEN="${{ secrets.GHCR_PAT }}"
132+
133+ if [ "${{ github.event_name }}" = "pull_request" ]; then
134+ # For PRs, only build (don't push)
135+ echo "PR build - testing only, not pushing"
136+ ./build-enhanced --load --platform linux/arm64 tiny micro full
137+ else
138+ # For push events, build and push to both registries
139+ ./build-enhanced --push --ghcr --public-ecr --platform linux/arm64,linux/amd64 tiny micro full
140+ fi
141+
142+ # Also tag latest for main branch releases
143+ if [ "${{ github.ref_name }}" = "main" ] && [ "$SHOULD_RELEASE" = "true" ]; then
144+ for VARIANT in tiny micro full; do
145+ docker buildx imagetools create \
146+ ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime:$VARIANT \
147+ --tag ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime:$VARIANT-latest
148+ docker buildx imagetools create \
149+ public.ecr.aws/j5r7n1v7/lambda-shell-runtime:$VARIANT \
150+ --tag public.ecr.aws/j5r7n1v7/lambda-shell-runtime:$VARIANT-latest
151+ done
152+ fi
153+ shell : bash
154+ - name : Create release
155+ if : env.SHOULD_RELEASE == 'true'
156+ run : npx semantic-release
157+ env :
158+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
159+ GHCR_PAT : ${{ secrets.GHCR_PAT }}
0 commit comments