From 0da987001f165aedfb8357cf0b451c1fc33e9d01 Mon Sep 17 00:00:00 2001
From: Arthur Deierlein <arthur.deierlein@adfinis.com>
Date: Wed, 11 Dec 2024 13:59:18 +0100
Subject: [PATCH] ci: use go-semantic-relase for semrel and refactor releasing
 container image

---
 .../workflows/release-container-image.yaml    | 100 -----------------
 .github/workflows/release.yaml                | 101 ++++++++++++++++++
 .github/workflows/release.yml                 |  65 -----------
 3 files changed, 101 insertions(+), 165 deletions(-)
 delete mode 100644 .github/workflows/release-container-image.yaml
 create mode 100644 .github/workflows/release.yaml
 delete mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/release-container-image.yaml b/.github/workflows/release-container-image.yaml
deleted file mode 100644
index 38f08831..00000000
--- a/.github/workflows/release-container-image.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
-name: Release Container Image
-
-on:
-  push:
-    branches: main
-  workflow_call:
-    inputs:
-      ref:
-        type: string
-        required: true
-    secrets:
-      AUTH_ROLE_ADMIN:
-        required: true
-      AUTH_ROLE_EMPLOYEE:
-        required: true
-      AUTH_ROLE_CUSTOMER:
-        required: true
-      TIMED_STAGING_HOST:
-        required: true
-      TIMED_PROD_HOST:
-        required: true
-
-
-jobs:
-  frontend:
-    runs-on: ubuntu-latest
-    env:
-      REF: ${{ inputs.ref || github.ref }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ env.REF }}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Prepare Image Metadata
-        id: prep
-        run: |
-          DOCKER_IMAGE=ghcr.io/adfinis/customer-center/frontend
-          VERSION=noop
-          if [ "${{ github.event_name }}" = "schedule" ]; then
-            VERSION=nightly
-          elif [[ $REF == refs/tags/* ]]; then
-            VERSION=${REF#refs/tags/}
-          elif [[ $REF == refs/heads/* ]]; then
-            VERSION=$(echo ${REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=edge
-            fi
-          elif [[ $REF == refs/pull/* ]]; then
-            VERSION=pr-${{ github.event.number }}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            MINOR=${VERSION%.*}
-            MAJOR=${MINOR%.*}
-            TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest"
-          elif [ "${{ github.event_name }}" = "push" ]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
-          fi
-          echo ::set-output name=version::${VERSION}
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-
-      - name: Login to GHCR
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-        if: ${{ github.event_name != 'pull_request' }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          context: ./frontend
-          file: ./frontend/Dockerfile
-          build-args: |
-            AUTH_ROLE_ADMIN=${{ secrets.AUTH_ROLE_ADMIN }}
-            AUTH_ROLE_EMPLOYEE=${{ secrets.AUTH_ROLE_EMPLOYEE }}
-            AUTH_ROLE_CUSTOMER=${{ secrets.AUTH_ROLE_CUSTOMER }}
-            TIMED_STAGING_HOST=${{ secrets.TIMED_STAGING_HOST }}
-            TIMED_PROD_HOST=${{ secrets.TIMED_PROD_HOST }}
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
-          labels: |
-            org.opencontainers.image.title=${{ github.event.repository.name }}
-            org.opencontainers.image.description=${{ github.event.repository.description }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ steps.prep.outputs.version }}
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000..699ba8e5
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,101 @@
+---
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  semrel:
+    permissions:
+      actions: none
+      checks: none
+      contents: none
+      deployments: none
+      issues: none
+      packages: none
+      pull-requests: none
+      repository-projects: none
+      security-events: none
+      statuses: none
+      id-token: none
+
+    name: Semantic Release
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.semrel.outputs.version }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Semantic Release
+        uses: go-semantic-release/action@v1
+        id: semrel
+        with:
+          github-token: ${{ secrets.ADFINISBOT_PAT }}
+          allow-initial-development-versions: true
+
+  container:
+    name: Release Container
+    runs-on: ubuntu-latest
+    if: needs.semrel.outputs.version != ''
+    needs: semrel
+
+    permissions:
+      actions: none
+      checks: none
+      contents: write
+      deployments: none
+      issues: none
+      packages: none
+      pull-requests: none
+      repository-projects: none
+      security-events: none
+      statuses: none
+      id-token: none
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Adjust Version
+        run: |
+          sed 's/"0.0.0"/"${{ needs.semrel.outputs.version }}"/g' -i ./frontend/package.json
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/frontend
+          flavor: |
+            latest=auto
+          tags: |
+            type=semver,pattern={{version}},value=${{ needs.semrel.outputs.version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semrel.outputs.version }}
+            type=semver,pattern={{major}},value=${{ needs.semrel.outputs.version }}
+          labels: |
+            org.opencontainers.image.title=frontend
+            org.opencontainers.image.description=${{ github.event.repository.description }}
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
+
+      - name: Build and Push Docker Image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./frontend/
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index 2c8aeee8..00000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-name: Release
-
-on: workflow_dispatch
-
-env:
-  GH_TOKEN: ${{ secrets.GH_TOKEN }}
-  NODE_VERSION: 18
-
-jobs:
-  release:
-    defaults:
-      run:
-        working-directory: frontend
-    name: Release
-    runs-on: ubuntu-latest
-    outputs:
-      latest-tag-ref: ${{ steps.latest-tag.outputs.tag }}
-      new-tag-ref: ${{ steps.semantic-release-tag.outputs.tag }}
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-      - uses: actions/setup-node@v3
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: "yarn"
-          cache-dependency-path: 'frontend/yarn.lock'
-
-      - name: Install dependencies
-        run: yarn install
-
-      - name: Get latest tag
-        id: latest-tag
-        run: |
-          TAG=$(git describe --tags --abbrev=0)
-          TAG_REF=$(git show-ref --tags $TAG | cut -d" " -f2)
-          echo $TAG_REF
-          echo ::set-output name=tag::${TAG_REF}
-
-      - name: Release on GitHub
-        run: yarn semantic-release
-
-      - name: Get created tag
-        id: semantic-release-tag
-        run: |
-          TAG=$(git describe --tags --abbrev=0)
-          TAG_REF=$(git show-ref --tags $TAG | cut -d" " -f2)
-          echo $TAG_REF
-          echo ::set-output name=tag::${TAG_REF}
-
-  release-container-image:
-    needs: release
-    if: needs.release.outputs.new-tag-ref != needs.release.outputs.latest-tag-ref
-    uses: adfinis/customer-center/.github/workflows/release-container-image.yaml@main
-    with:
-      ref: ${{ needs.release.outputs.new-tag-ref }}
-    secrets:
-      AUTH_ROLE_ADMIN: ${{ secrets.AUTH_ROLE_ADMIN }}
-      AUTH_ROLE_EMPLOYEE: ${{ secrets.AUTH_ROLE_EMPLOYEE }}
-      AUTH_ROLE_CUSTOMER: ${{ secrets.AUTH_ROLE_CUSTOMER }}
-      TIMED_STAGING_HOST: ${{ secrets.TIMED_STAGING_HOST }}
-      TIMED_PROD_HOST: ${{ secrets.TIMED_PROD_HOST }}
-
-