feat: add collaborative document authoring (Phase 1) #13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI / CD | |
| # GitFlow branch semantics: | |
| # feature/fix/chore branches → CI only (lint, typecheck, test) | |
| # develop → CI + Docker images tagged `develop` + `sha-<sha>` | |
| # main → CI + Docker images tagged `latest` + `sha-<sha>` | |
| # v* tags → CI + Docker images tagged `<version>` + `<major>.<minor>` | |
| on: | |
| push: | |
| pull_request: | |
| # Cancel in-flight runs for the same ref when a new commit arrives | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # ── Lint, typecheck & test ────────────────────────────────────────────────── | |
| ci: | |
| name: Lint, typecheck & test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Typecheck | |
| run: pnpm typecheck | |
| - name: Lint | |
| run: pnpm lint | |
| - name: Test | |
| run: pnpm test | |
| # ── Build & push Docker images ────────────────────────────────────────────── | |
| # Runs only on direct pushes to main/develop or semver tags, after CI passes. | |
| docker: | |
| name: Docker — ${{ matrix.app }} | |
| needs: ci | |
| if: > | |
| github.event_name == 'push' && | |
| (github.ref == 'refs/heads/main' || | |
| github.ref == 'refs/heads/develop' || | |
| startsWith(github.ref, 'refs/tags/v')) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false # build both images even if one fails | |
| matrix: | |
| include: | |
| - app: web | |
| dockerfile: apps/web/Dockerfile | |
| - app: bff | |
| dockerfile: apps/bff/Dockerfile | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract image metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ secrets.DOCKERHUB_USERNAME }}/quorum-${{ matrix.app }} | |
| # latest=false — we tag latest explicitly for main only | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha,prefix=sha-,format=short | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # Scope caches per app so web and bff don't share layers | |
| cache-from: type=gha,scope=${{ matrix.app }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.app }} |