iBoss/bolt-diy
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
9ab4880d992dbcb887f3b98eea437480b3d81b80
bolt-diy/.github/workflows/docker.yaml
Stijnus 9ab4880d99 feat: comprehensive GitHub workflow improvements with security & quality enhancements (#1940) 
* feat: add comprehensive workflow testing framework

- Add test-workflows.yaml for safe workflow validation
- Add interactive testing script (test-workflows.sh)
- Add comprehensive testing documentation (WORKFLOW_TESTING.md)
- Add preview deployment smoke tests
- Add Playwright configuration for preview testing
- Add configuration files for quality checks

* fix: standardize pnpm version to 9.14.4 across all configs

- Update package.json packageManager to match workflow configurations
- Resolves version conflict detected by workflow testing
- Ensures consistent pnpm version across development and CI/CD

* fix: resolve TypeScript issues in test files

- Add ts-ignore comments for Playwright imports (dev dependency)
- Add proper type annotations to avoid implicit any errors
- These files are only used in testing environments where Playwright is installed

* feat: add CODEOWNERS file for automated review assignments

- Automatically request reviews from repository maintainers
- Define ownership for security-sensitive and core architecture files
- Enhance code review process with automated assignees

* fix: update CODEOWNERS for upstream repository maintainers

- Replace personal ownership with stackblitz-labs/bolt-maintainers team
- Ensure appropriate review assignments for upstream collaboration
- Maintain security review requirements for sensitive files

* fix: resolve workflow failures in upstream CI

- Exclude preview tests from main test suite (require Playwright)
- Add test configuration to vite.config.ts to prevent import errors
- Make quality workflow tools more resilient with better error handling
- Replace Cloudflare deployment with mock for upstream repo compatibility
- Replace Playwright smoke tests with basic HTTP checks
- Ensure all workflows can run without additional dependencies

These changes maintain workflow functionality while being compatible
with the upstream repository's existing setup and dependencies.

* fix: make workflows production-ready and non-blocking

Critical fixes to prevent workflows from blocking future PRs:

- Preview deployment: Gracefully handle missing Cloudflare secrets
- Quality analysis: Make dependency checks resilient with fallbacks
- PR size check: Add continue-on-error and larger size categories
- Quality gates: Distinguish required vs optional workflows
- All workflows: Ensure they pass when dependencies/secrets missing

These changes ensure workflows enhance the development process
without becoming blockers for legitimate PRs.

* fix: ensure all workflows are robust and never block PRs

Final robustness improvements:

- Preview deployment: Add continue-on-error for GitHub API calls
- Preview deployment: Add summary step to ensure workflow always passes
- Cleanup workflows: Handle missing permissions gracefully
- PR Size Check: Replace external action with robust git-based implementation
- All GitHub API calls: Add continue-on-error to prevent permission failures

These changes guarantee that workflows provide value without blocking
legitimate PRs, even when secrets/permissions are missing.

* fix: ensure Docker image names are lowercase for ghcr.io compatibility

- Add step to convert github.repository to lowercase using tr command
- Update all image references to use lowercase repository name
- Resolves "repository name must be lowercase" error in Docker registry

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* feat: Add comprehensive bug reporting system

- Add BugReportTab component with full form validation
- Implement real-time environment detection (browser, OS, screen resolution)
- Add API route for bug report submission to GitHub
- Include form validation with character limits and required fields
- Add preview functionality before submission
- Support environment info inclusion in reports
- Clean up and remove screenshot functionality for simplicity
- Fix validation logic to properly clear errors when fixed

---------

Co-authored-by: Claude <noreply@anthropic.com>
2025-08-31 02:14:43 +02:00

78 lines
2.5 KiB
YAML
Raw Blame History

name: Docker Publish
on:
push:
branches: [main, stable]
tags: ['v*', '*.*.*']
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
packages: write
contents: read
env:
REGISTRY: ghcr.io
jobs:
docker-build-publish:
runs-on: ubuntu-latest
# timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set lowercase image name
id: image
run: echo "name=$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata for Docker image
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ steps.image.outputs.name }}
tags: |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=stable,enable=${{ github.ref == 'refs/heads/stable' }}
type=ref,event=tag
type=sha,format=short
type=raw,value=${{ github.ref_name }},enable=${{ startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/stable' }}
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
target: bolt-ai-production
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ steps.image.outputs.name }}:${{ steps.meta.outputs.version }}
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
- name: Check manifest
run: docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ steps.image.outputs.name }}:${{ steps.meta.outputs.version }}
Reference in New Issue View Git Blame Copy Permalink