mirror of
https://github.com/formbricks/formbricks.git
synced 2026-02-27 10:09:30 -06:00
82 lines
2.3 KiB
YAML
82 lines
2.3 KiB
YAML
name: Build, release & deploy Formbricks images
|
|
|
|
on:
|
|
release:
|
|
types: [published]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
docker-build-community:
|
|
name: Build & release community docker image
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
uses: ./.github/workflows/release-docker-github.yml
|
|
secrets: inherit
|
|
with:
|
|
IS_PRERELEASE: ${{ github.event.release.prerelease }}
|
|
|
|
docker-build-cloud:
|
|
name: Build & push Formbricks Cloud to ECR
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
uses: ./.github/workflows/build-and-push-ecr.yml
|
|
secrets: inherit
|
|
with:
|
|
image_tag: ${{ needs.docker-build-community.outputs.VERSION }}
|
|
IS_PRERELEASE: ${{ github.event.release.prerelease }}
|
|
needs:
|
|
- docker-build-community
|
|
|
|
helm-chart-release:
|
|
name: Release Helm Chart
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
uses: ./.github/workflows/release-helm-chart.yml
|
|
secrets: inherit
|
|
needs:
|
|
- docker-build-community
|
|
with:
|
|
VERSION: ${{ needs.docker-build-community.outputs.VERSION }}
|
|
|
|
verify-cloud-build:
|
|
name: Verify Cloud Build Outputs
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 5 # Simple verification should be quick
|
|
needs:
|
|
- docker-build-cloud
|
|
steps:
|
|
- name: Harden the runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Display ECR build outputs
|
|
env:
|
|
IMAGE_TAG: ${{ needs.docker-build-cloud.outputs.IMAGE_TAG }}
|
|
TAGS: ${{ needs.docker-build-cloud.outputs.TAGS }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
echo "✅ ECR Build Completed Successfully"
|
|
echo "Image Tag: ${IMAGE_TAG}"
|
|
echo "ECR Tags:"
|
|
printf '%s\n' "${TAGS}"
|
|
|
|
move-stable-tag:
|
|
name: Move stable tag to release
|
|
permissions:
|
|
contents: write # Required for tag push operations in called workflow
|
|
uses: ./.github/workflows/move-stable-tag.yml
|
|
needs:
|
|
- docker-build-community # Ensure release is successful first
|
|
with:
|
|
release_tag: ${{ github.event.release.tag_name }}
|
|
commit_sha: ${{ github.sha }}
|
|
is_prerelease: ${{ github.event.release.prerelease }}
|