build: Improve commit stage workflow #66

Workflow file for this run

.github/workflows/commit-stage.yml at 331a391

	name: Commit Stage

	on: push

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: kadras-io/kadras-developer-portal
	VERSION: ${{ github.sha }}

	permissions:
	contents: read

	jobs:
	build:
	name: Build
	runs-on: ubuntu-24.04
	permissions:
	contents: read
	steps:
	- name: Check out source code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Set up Node
	uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
	with:
	node-version: 22
	cache: 'yarn'

	- name: Install dependencies
	run: \|
	yarn install --immutable

	- name: Validate configuration
	run: \|
	yarn backstage-cli config:check --lax

	- name: Validate types and definitions
	run: \|
	yarn tsc:full

	- name: Prettier
	run: \|
	yarn prettier:check

	- name: Build
	run: \|
	yarn build:all

	- name: Lint
	run: \|
	yarn lint:all

	- name: Test
	run: \|
	yarn test:all

	package:
	if: ${{ github.ref == 'refs/heads/main' }}
	needs: [ build ]
	runs-on: ubuntu-24.04
	permissions:
	contents: read
	packages: write
	strategy:
	fail-fast: false
	matrix:
	platform:
	- linux/amd64
	- linux/arm64
	steps:
	- name: Check out source code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Set up Node
	uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
	with:
	node-version: 22
	cache: 'yarn'

	- name: Install dependencies
	run: \|
	yarn install --immutable

	- name: Generate type definitions
	run: \|
	yarn tsc

	- name: Build application
	run: \|
	yarn build:backend --config ../../app-config.yaml

	- name: Prepare OCI build
	run: \|
	platform=${{ matrix.platform }}
	echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

	- name: Generate Docker meta information
	id: meta
	uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	labels: \|
	org.opencontainers.image.licenses='Apache-2.0'
	org.opencontainers.image.revision=${{ github.sha }}
	org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
	org.opencontainers.image.version=${{ env.VERSION }}
	org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

	- name: Login to container registry
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
	with:
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	registry: ${{ env.REGISTRY }}

	- name: Build and push
	uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
	id: build
	with:
	context: .
	file: packages/backend/Dockerfile
	platforms: ${{ matrix.platform }}
	labels: ${{ steps.meta.outputs.labels }}
	outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"

	- name: Upload digest
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: digests-backstage-${{ env.PLATFORM_PAIR }}
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	merge:
	if: ${{ github.ref == 'refs/heads/main' }}
	needs: [package]
	runs-on: ubuntu-24.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- name: Download digests
	uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
	with:
	path: /tmp/digests
	pattern: digests-backstage-*
	merge-multiple: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

	- name: Install Cosign
	uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1

	- name: Generate Docker meta information
	id: meta
	uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	labels: \|
	org.opencontainers.image.licenses='Apache-2.0'
	org.opencontainers.image.revision=${{ github.sha }}
	org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
	org.opencontainers.image.version=${{ env.VERSION }}
	org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
	tags: \|
	type=raw,value=latest,enable={{is_default_branch}}
	type=sha,format=long

	- name: Login to container registry
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
	with:
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	registry: ${{ env.REGISTRY }}

	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	docker buildx imagetools create $(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)

	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}

	- name: Sign image
	run: \|
	cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build: Improve commit stage workflow #66

Workflow file

build: Improve commit stage workflow #66

Uh oh!

Jobs

Run details

Workflow file for this run