publish-alwatr-container.yml

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Publish Alwatr Containers

on:
  workflow_dispatch:

  push:
    tags:
      - 'v*.*.*'
    branches:
      - next
      - main

  pull_request:
    paths:
      - 'cloud/container/alwatr-*.dockerfile'
      - '.github/workflows/publish-alwatr-container.yml'

env:
  REGISTRY: ghcr.io
  USERNAME: ${{github.repository_owner}}
  # USERNAME: ${{github.actor}}
  # USERNAME: Alwatr

jobs:
  build:
    if: github.repository_owner == 'AliMD'

    name: Build Container
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        include:
          # services
          - image: comment
            source: services/comment
            dockerfile: cloud/container/alwatr-services.dockerfile
            description: Alwatr Comment API Nanoservice, Distributed simple and fast comment nanoservice.

          - image: flight-crawler
            source: services/flight-crawler
            dockerfile: cloud/container/alwatr-services.dockerfile
            description: Alwatr Flight Crawler Nanoservice, Distributed simple and fast flight crawler nanoservice.

          - image: form-registration
            source: services/form-registration
            dockerfile: cloud/container/alwatr-services.dockerfile
            description: Alwatr Form Registration API Nanoservice, Distributed simple and fast nanoservice for registering form information.

          - image: storage-server
            source: services/storage-server
            dockerfile: cloud/container/alwatr-services.dockerfile
            description: Alwatr Storage Server, Elegant micro in-memory json-like storage nanoservice with disk backed, Fastest NoSQL Database.

          - image: telegram-notifier
            source: services/telegram-notifier
            dockerfile: cloud/container/alwatr-services.dockerfile
            description: Alwatr Telegram Notify Microservice, Distributed simple and fast telegram notify nanoservice.

          # uniquely
          - image: soffit-pwa
            source: uniquely/soffit-pwa
            dockerfile: cloud/container/alwatr-pwa.dockerfile
            description: Soffit PWA.

          - image: com-pwa
            source: uniquely/com-pwa
            dockerfile: cloud/container/alwatr-pwa.dockerfile
            description: Customer Order Management PWA.

          - image: keep-pwa
            source: uniquely/keep-pwa
            dockerfile: cloud/container/alwatr-pwa.dockerfile
            description: Keep PWA.

          - image: com-api
            source: uniquely/com-api
            dockerfile: cloud/container/alwatr-services.dockerfile
            description: Customer Order Management API.

          - image: flight-finder-api
            source: uniquely/flight-finder-api
            dockerfile: cloud/container/alwatr-services.dockerfile
            description: Alwatr Flight Finder Application API.

          # - image: flight-finder-pwa
          #   source: uniquely/flight-finder-pwa
          #   dockerfile: cloud/container/alwatr-pwa.dockerfile
          #   description: Alwatr Flight Finder PWA.


    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write

    steps:
      - name: ⤵️ Checkout repository
        uses: actions/checkout@v4.1.1

      - name: 🏗 Setup Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0

      - name: 🏗 Log into registry ${{ env.REGISTRY }}
        if: ${{ github.event_name != 'pull_request' }}
        uses: docker/login-action@v3.0.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ env.USERNAME }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: 🏗 Extract metadata
        id: meta
        uses: docker/metadata-action@v5.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          images: name=${{ env.REGISTRY }}/${{ env.USERNAME }}/${{ matrix.image }},enable=true

          labels: |
            org.opencontainers.image.authors=Ali.Mihandoost@gmail.com
            org.opencontainers.image.title=@alwatr/${{ matrix.image }}
            org.opencontainers.image.description=${{ matrix.description }}

          tags: |
            type=semver,enable=true,pattern={{major}}
            type=semver,enable=true,pattern={{major}}.{{minor}}
            type=semver,enable=true,pattern={{version}}
            type=ref,enable=true,event=pr
            type=ref,enable=true,event=branch

      - name: 🚀 Build and push container image
        id: build-and-push
        uses: docker/build-push-action@v5.0.0
        with:
          push: ${{ github.event_name != 'pull_request' }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          context: .
          file: ${{ matrix.dockerfile }}
          build-args: |
            PACKAGE_SOURCE=${{ matrix.source }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: 🏗 Install cosign
        if: ${{ github.event_name != 'pull_request' }}
        uses: sigstore/cosign-installer@v3.1.2

      - name: 🏗 Sign the published container image
        if: ${{github.event_name != 'pull_request'}}
        env:
          COSIGN_EXPERIMENTAL: 'true'
        run: echo "${{steps.meta.outputs.tags}}" | xargs -I {} cosign sign --yes {}@${{steps.build-and-push.outputs.digest}}