mirror of
https://github.com/formbricks/formbricks.git
synced 2026-04-23 05:17:49 -05:00
30fdb72c09
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
96 lines
3.4 KiB
YAML
96 lines
3.4 KiB
YAML
name: Build Cloud Deployment Images
|
|
|
|
# This workflow builds Formbricks Docker images for ECR deployment:
|
|
# - workflow_call: Used by releases with explicit SemVer versions
|
|
# - workflow_dispatch: Auto-detects version from current branch or uses override
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version_override:
|
|
description: "Override version (SemVer only, e.g., 1.2.3). Leave empty to auto-detect from branch."
|
|
required: false
|
|
type: string
|
|
deploy_production:
|
|
description: "Tag image for production deployment"
|
|
required: false
|
|
default: false
|
|
type: boolean
|
|
deploy_staging:
|
|
description: "Tag image for staging deployment"
|
|
required: false
|
|
default: false
|
|
type: boolean
|
|
workflow_call:
|
|
inputs:
|
|
image_tag:
|
|
description: "Image tag to push (required for workflow_call)"
|
|
required: true
|
|
type: string
|
|
IS_PRERELEASE:
|
|
description: "Whether this is a prerelease (auto-tags for staging/production)"
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
MAKE_LATEST:
|
|
description: "Whether to tag for production (from GitHub release 'Set as the latest release' option)"
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
outputs:
|
|
IMAGE_TAG:
|
|
description: "Normalized image tag used for the build"
|
|
value: ${{ jobs.build-and-push.outputs.IMAGE_TAG }}
|
|
TAGS:
|
|
description: "Newline-separated list of ECR tags pushed"
|
|
value: ${{ jobs.build-and-push.outputs.TAGS }}
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
env:
|
|
ECR_REGION: ${{ vars.ECR_REGION }}
|
|
# ECR settings are sourced from repository/environment variables for portability across envs/forks
|
|
ECR_REGISTRY: ${{ vars.ECR_REGISTRY }}
|
|
ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
|
|
|
|
jobs:
|
|
build-and-push:
|
|
name: Build and Push
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
outputs:
|
|
IMAGE_TAG: ${{ steps.build.outputs.image_tag }}
|
|
TAGS: ${{ steps.build.outputs.registry_tags }}
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Build and push cloud deployment image
|
|
id: build
|
|
uses: ./.github/actions/build-and-push-docker
|
|
with:
|
|
registry_type: "ecr"
|
|
ecr_registry: ${{ env.ECR_REGISTRY }}
|
|
ecr_repository: ${{ env.ECR_REPOSITORY }}
|
|
ecr_region: ${{ env.ECR_REGION }}
|
|
aws_role_arn: ${{ secrets.AWS_ECR_PUSH_ROLE_ARN }}
|
|
version: ${{ inputs.version_override || inputs.image_tag }}
|
|
deploy_production: ${{ inputs.deploy_production }}
|
|
deploy_staging: ${{ inputs.deploy_staging }}
|
|
is_prerelease: ${{ inputs.IS_PRERELEASE }}
|
|
make_latest: ${{ inputs.MAKE_LATEST }}
|
|
env:
|
|
DEPOT_PROJECT_TOKEN: ${{ secrets.DEPOT_PROJECT_TOKEN }}
|
|
DUMMY_DATABASE_URL: ${{ secrets.DUMMY_DATABASE_URL }}
|
|
DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
|
|
DUMMY_REDIS_URL: ${{ secrets.DUMMY_REDIS_URL }}
|
|
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
|
POSTHOG_KEY: ${{ secrets.POSTHOG_KEY }}
|