Shad
2b83e3ad0e
Two-stage build (node:22 → nginx:1.27) bakes dist/ into a static image.
nginx reverse-proxies /api/* to demo.flow-master.ai so live mode works
same-origin without CORS. CI runs vitest + build, then publishes
gitea.flow-master.ai/shad/mission-control-demo:sha-${git} on push to main.
Constraint: backend rejects cross-origin → same-origin proxy required
Confidence: high
Scope-risk: narrow
Not-tested: image actually built in Gitea Actions (requires registry secret)
50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
name: build-and-publish
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
tags: ['v*']
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: pnpm/action-setup@v4
|
|
with: { version: 9 }
|
|
- uses: actions/setup-node@v4
|
|
with: { node-version: 22, cache: pnpm }
|
|
- run: pnpm install --frozen-lockfile
|
|
- run: pnpm test
|
|
- run: pnpm build
|
|
|
|
image:
|
|
needs: test
|
|
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Compute tag
|
|
id: tag
|
|
run: |
|
|
if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
|
|
echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "tag=sha-${GITHUB_SHA::8}" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
- name: Login to Gitea registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: gitea.flow-master.ai
|
|
username: ${{ gitea.actor }}
|
|
password: ${{ secrets.GITEA_TOKEN }}
|
|
- uses: docker/setup-buildx-action@v3
|
|
- uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: |
|
|
gitea.flow-master.ai/shad/mission-control-demo:${{ steps.tag.outputs.tag }}
|
|
gitea.flow-master.ai/shad/mission-control-demo:latest
|