Added release workflow

xelaTech · xelaTech · commit b8283cb88c73 · 2026-03-26T12:02:51.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,254 @@
+# =============================================================================
+# mqBase Release Workflow
+# =============================================================================
+# Triggers:
+#   - Tag push: v* (e.g., v0.13.0) on any branch
+#   - Manual: workflow_dispatch with version input
+#
+# Jobs:
+#   1. build: Build and push Docker images to Docker Hub and GHCR
+#   2. deploy: Deploy to production (requires environment approval)
+#
+# Setup:
+#   - Create "production" environment in repo settings with required reviewers
+#   - Install self-hosted runner on production server (see docs)
+#   - Configure runner with labels: [self-hosted, linux, production]
+# =============================================================================
+
+name: Release mqBase
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (e.g., 0.13.0)'
+        required: true
+      deploy:
+        description: 'Deploy to production after build'
+        type: boolean
+        default: false
+
+env:
+  DOCKERHUB_IMAGE: dotstartech/mqbase
+  GHCR_IMAGE: ghcr.io/dotstartech/mqbase
+
+jobs:
+  # ===========================================================================
+  # Build Job - Runs on GitHub-hosted runner
+  # ===========================================================================
+  build:
+    name: Build Docker Images
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      version: ${{ steps.version.outputs.VERSION }}
+    
+    steps:
+      - name: Extract version
+        id: version
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            VERSION="${GITHUB_REF#refs/tags/v}"
+          else
+            VERSION="${{ inputs.version }}"
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "Building version: $VERSION"
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU for multi-arch builds
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Minify app.js for production
+        run: |
+          npm install -g terser
+          ORIGINAL_SIZE=$(wc -c < admin/app.js)
+          terser admin/app.js --compress --mangle -o admin/app.js
+          MINIFIED_SIZE=$(wc -c < admin/app.js)
+          REDUCTION=$((100 - (MINIFIED_SIZE * 100 / ORIGINAL_SIZE)))
+          echo "app.js: ${ORIGINAL_SIZE} bytes -> ${MINIFIED_SIZE} bytes (${REDUCTION}% reduction)"
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # =========================================================================
+      # Standard image - AMD64
+      # =========================================================================
+      - name: Build and push standard AMD64 image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64
+            ${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}
+            ${{ env.DOCKERHUB_IMAGE }}:latest
+            ${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64
+            ${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}
+            ${{ env.GHCR_IMAGE }}:latest
+          build-args: |
+            UID=1000
+            GID=1000
+          cache-from: type=gha,scope=standard-amd64
+          cache-to: type=gha,mode=max,scope=standard-amd64
+
+      # =========================================================================
+      # Standard image - ARM64
+      # =========================================================================
+      - name: Build and push standard ARM64 image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          platforms: linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64
+            ${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64
+          build-args: |
+            UID=1000
+            GID=1000
+          cache-from: type=gha,scope=standard-arm64
+          cache-to: type=gha,mode=max,scope=standard-arm64
+
+      # =========================================================================
+      # Distroless image - AMD64
+      # =========================================================================
+      - name: Build and push distroless AMD64 image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/Dockerfile.distroless
+          platforms: linux/amd64
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64-distroless
+            ${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64-distroless
+          cache-from: type=gha,scope=distroless-amd64
+          cache-to: type=gha,mode=max,scope=distroless-amd64
+
+      # =========================================================================
+      # Distroless image - ARM64
+      # =========================================================================
+      - name: Build and push distroless ARM64 image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/Dockerfile.distroless
+          platforms: linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64-distroless
+            ${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64-distroless
+          cache-from: type=gha,scope=distroless-arm64
+          cache-to: type=gha,mode=max,scope=distroless-arm64
+
+      - name: Build Summary
+        run: |
+          echo "## Images pushed successfully! :rocket:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Version: ${{ steps.version.outputs.VERSION }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Standard Images (debian:trixie-slim)" >> $GITHUB_STEP_SUMMARY
+          echo "| Architecture | Docker Hub | GitHub Container Registry |" >> $GITHUB_STEP_SUMMARY
+          echo "|--------------|------------|---------------------------|" >> $GITHUB_STEP_SUMMARY
+          echo "| AMD64 | \`${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64\` | \`${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| ARM64 | \`${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64\` | \`${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64\` |" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Distroless Images (gcr.io/distroless/base-debian13)" >> $GITHUB_STEP_SUMMARY
+          echo "| Architecture | Docker Hub | GitHub Container Registry |" >> $GITHUB_STEP_SUMMARY
+          echo "|--------------|------------|---------------------------|" >> $GITHUB_STEP_SUMMARY
+          echo "| AMD64 | \`${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64-distroless\` | \`${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-amd64-distroless\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| ARM64 | \`${{ env.DOCKERHUB_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64-distroless\` | \`${{ env.GHCR_IMAGE }}:${{ steps.version.outputs.VERSION }}-arm64-distroless\` |" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Latest Tag" >> $GITHUB_STEP_SUMMARY
+          echo "- \`${{ env.DOCKERHUB_IMAGE }}:latest\` → AMD64 standard image" >> $GITHUB_STEP_SUMMARY
+          echo "- \`${{ env.GHCR_IMAGE }}:latest\` → AMD64 standard image" >> $GITHUB_STEP_SUMMARY
+
+  # ===========================================================================
+  # Deploy Job - Runs on self-hosted runner on production server
+  # ===========================================================================
+  deploy:
+    name: Deploy to Production
+    needs: build
+    # Only deploy on tag push OR when manually triggered with deploy=true
+    if: startsWith(github.ref, 'refs/tags/v') || inputs.deploy == true
+    runs-on: [self-hosted, linux, production]
+    environment: production  # Requires approval from reviewers
+    
+    steps:
+      - name: Deploy mqBase v${{ needs.build.outputs.version }}
+        run: |
+          echo "=== Deploying mqBase v${{ needs.build.outputs.version }} ==="
+          cd /opt/mqbase
+          
+          # Pull the new image
+          echo "Pulling new image..."
+          sudo docker compose -f compose.prod.yml pull
+          
+          # Restart with new image
+          echo "Restarting container..."
+          sudo docker compose -f compose.prod.yml up -d
+          
+          # Wait for container to be healthy
+          echo "Waiting for health check..."
+          sleep 5
+          
+          # Verify deployment
+          HEALTH=$(curl -sf --max-time 10 https://mqbase.io/health || echo "FAILED")
+          if [ "$HEALTH" = "OK" ]; then
+            echo "✅ Deployment successful!"
+          else
+            echo "❌ Health check failed: $HEALTH"
+            exit 1
+          fi
+
+      - name: Deployment Summary
+        run: |
+          echo "## Deployment Complete :white_check_mark:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- **Version**: ${{ needs.build.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Server**: mqbase.io (78.46.17.48)" >> $GITHUB_STEP_SUMMARY
+          echo "- **Status**: Healthy" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Verification" >> $GITHUB_STEP_SUMMARY
+          echo "- Health endpoint: https://mqbase.io/health → OK" >> $GITHUB_STEP_SUMMARY
+
+      - name: Notify on failure
+        if: failure()
+        run: |
+          echo "## ❌ Deployment Failed" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "Check the logs above for details." >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Rollback" >> $GITHUB_STEP_SUMMARY
+          echo "To rollback, SSH to the server and run:" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
+          echo "cd /opt/mqbase" >> $GITHUB_STEP_SUMMARY
+          echo "sudo docker compose -f compose.prod.yml down" >> $GITHUB_STEP_SUMMARY
+          echo "sudo docker pull dotstartech/mqbase:<previous-version>" >> $GITHUB_STEP_SUMMARY
+          echo "sudo docker compose -f compose.prod.yml up -d" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
