edh-stats/.github/workflows/publish.yml

name: Build and Publish Docker Images

on:
  push:
    tags:
      - 'v*'
      - 'release-*'
    branches:
      - main
      - production
  workflow_dispatch:
    inputs:
      version:
        description: 'Version tag (e.g., 1.0.0)'
        required: true
        type: string

env:
  REGISTRY: ghcr.io
  PROJECT_NAME: edh-stats

jobs:
  build:
    name: Build and Push Docker Images
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver-options: image=moby/buildkit:latest

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHCR_TOKEN || secrets.GITHUB_TOKEN }}

      - name: Extract version
        id: version
        run: |
          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
            VERSION=${{ github.event.inputs.version }}
          elif [[ "${{ github.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            VERSION=${GITHUB_REF#refs/tags/v}
          elif [[ "${{ github.ref }}" =~ ^refs/tags/release-(.+)$ ]]; then
            VERSION=${BASH_REMATCH[1]}
          elif [[ "${{ github.ref }}" == "refs/heads/main" || "${{ github.ref }}" == "refs/heads/production" ]]; then
            VERSION=${{ github.ref_name }}-${{ github.sha }}
          else
            VERSION=latest
          fi
          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
          echo "BACKEND_IMAGE=${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.PROJECT_NAME }}-backend:${VERSION}" >> $GITHUB_OUTPUT
          echo "FRONTEND_IMAGE=${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.PROJECT_NAME }}-frontend:${VERSION}" >> $GITHUB_OUTPUT

      - name: Build and push backend image
        uses: docker/build-push-action@v5
        with:
          context: ./backend
          file: ./backend/Dockerfile
          target: production
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            ${{ steps.version.outputs.BACKEND_IMAGE }}
            ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.PROJECT_NAME }}-backend:latest

      - name: Build and push frontend image
        uses: docker/build-push-action@v5
        with:
          context: ./
          file: ./frontend/Dockerfile.prod
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            ${{ steps.version.outputs.FRONTEND_IMAGE }}
            ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.PROJECT_NAME }}-frontend:latest

      - name: Generate deployment config
        id: config
        run: |
          cat > docker-compose.prod.deployed.yml << 'EOF'
          version: '3.8'
          
          services:
            backend:
              image: ${{ steps.version.outputs.BACKEND_IMAGE }}
              environment:
                - NODE_ENV=production
                - DATABASE_PATH=/app/database/data/edh-stats.db
                - JWT_SECRET_FILE=/run/secrets/jwt_secret
                - CORS_ORIGIN=${CORS_ORIGIN:-https://yourdomain.com}
                - LOG_LEVEL=warn
                - ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-false}
              volumes:
                - sqlite_data:/app/database/data
                - app_logs:/app/logs
              secrets:
                - jwt_secret
              restart: unless-stopped
              healthcheck:
                test: ['CMD', 'wget', '--no-verbose', '--tries=1', '--spider', 'http://localhost:3000/api/health']
                interval: 30s
                timeout: 10s
                retries: 3
              networks:
                - edh-stats-network
            
            frontend:
              image: ${{ steps.version.outputs.FRONTEND_IMAGE }}
              ports:
                - '80:80'
                - '443:443'
              restart: unless-stopped
              networks:
                - edh-stats-network
          
          volumes:
            sqlite_data:
              driver: local
            app_logs:
              driver: local
          
          secrets:
            jwt_secret:
              external: true
          
          networks:
            edh-stats-network:
              driver: bridge
          EOF

      - name: Upload deployment config
        uses: actions/upload-artifact@v4
        with:
          name: deployment-config
          path: docker-compose.prod.deployed.yml

      - name: Create Release
        if: startsWith(github.ref, 'refs/tags/')
        uses: softprops/action-gh-release@v1
        with:
          files: docker-compose.prod.deployed.yml
          generate_release_notes: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Post deployment info
        run: |
          echo "## Deployment Summary" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Version:** ${{ steps.version.outputs.VERSION }}" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Backend Image:** ${{ steps.version.outputs.BACKEND_IMAGE }}" >> $GITHUB_STEP_SUMMARY
          echo "**Frontend Image:** ${{ steps.version.outputs.FRONTEND_IMAGE }}" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Pull Commands:**" >> $GITHUB_STEP_SUMMARY
          echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
          echo "docker pull ${{ steps.version.outputs.BACKEND_IMAGE }}" >> $GITHUB_STEP_SUMMARY
          echo "docker pull ${{ steps.version.outputs.FRONTEND_IMAGE }}" >> $GITHUB_STEP_SUMMARY
          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY