From 868deea239bd800c409ff2ac81d5be430ada2d76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=81=82=E3=82=8F=E3=82=8F=E3=82=8F=E3=81=A8=E3=83=BC?= =?UTF-8?q?=E3=81=AB=E3=82=85?= <17376330+u1-liquid@users.noreply.github.com> Date: Tue, 13 May 2025 06:56:32 +0900 Subject: [PATCH] =?UTF-8?q?chore(git):=20main=E3=83=96=E3=83=A9=E3=83=B3?= =?UTF-8?q?=E3=83=81=E3=81=A8io=E3=82=AB=E3=82=B9=E3=82=BF=E3=83=9E?= =?UTF-8?q?=E3=82=A4=E3=82=BA=E3=83=96=E3=83=A9=E3=83=B3=E3=83=81=E3=82=92?= =?UTF-8?q?=E5=88=86=E9=9B=A2=20(MisskeyIO#994)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/api-misskey-js.yml | 3 + .../workflows/check-misskey-js-version.yml | 4 ++ .github/workflows/docker-beta.yml | 4 ++ .github/workflows/docker-host.yml | 4 ++ .github/workflows/docker-io.yml | 8 ++- .github/workflows/docker-main.yml | 56 +++++++++++++++++++ .github/workflows/dockle.yml | 5 ++ .github/workflows/labeler.yml | 7 ++- .github/workflows/lint.yml | 4 ++ .github/workflows/test-backend.yml | 4 ++ .github/workflows/test-frontend.yml | 4 ++ .github/workflows/test-misskey-js.yml | 4 ++ .github/workflows/test-production.yml | 4 ++ .github/workflows/validate-api-json.yml | 4 ++ 14 files changed, 110 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/docker-main.yml diff --git a/.github/workflows/api-misskey-js.yml b/.github/workflows/api-misskey-js.yml index 9fd731490..c09b1df0b 100644 --- a/.github/workflows/api-misskey-js.yml +++ b/.github/workflows/api-misskey-js.yml @@ -8,6 +8,9 @@ on: paths: - packages/misskey-js/** +permissions: + contents: read + jobs: report: diff --git a/.github/workflows/check-misskey-js-version.yml b/.github/workflows/check-misskey-js-version.yml index 66408b597..25dd7bcc8 100644 --- a/.github/workflows/check-misskey-js-version.yml +++ b/.github/workflows/check-misskey-js-version.yml @@ -5,6 +5,7 @@ on: branches: - main - beta + - io - host paths: - packages/misskey-js/package.json @@ -14,6 +15,9 @@ on: - packages/misskey-js/package.json - package.json +permissions: + contents: read + jobs: check-version: # ルートの package.json と packages/misskey-js/package.json のバージョンが一致しているかを確認する diff --git a/.github/workflows/docker-beta.yml b/.github/workflows/docker-beta.yml index 2198ea7d5..5a9a433d5 100644 --- a/.github/workflows/docker-beta.yml +++ b/.github/workflows/docker-beta.yml @@ -6,6 +6,10 @@ on: - beta workflow_dispatch: +permissions: + contents: read + packages: write + jobs: push_to_registry: name: Push Docker image to GitHub Container Registry diff --git a/.github/workflows/docker-host.yml b/.github/workflows/docker-host.yml index 80928ff02..90d5a0fe1 100644 --- a/.github/workflows/docker-host.yml +++ b/.github/workflows/docker-host.yml @@ -8,6 +8,10 @@ on: - '**-host.*' workflow_dispatch: +permissions: + contents: read + packages: write + jobs: push_to_registry: name: Push Docker image to GitHub Container Registry diff --git a/.github/workflows/docker-io.yml b/.github/workflows/docker-io.yml index 2b3b00798..e50af0ca2 100644 --- a/.github/workflows/docker-io.yml +++ b/.github/workflows/docker-io.yml @@ -3,11 +3,15 @@ name: Publish Docker image (io) on: push: branches: - - main + - io tags: - '**-io.*' workflow_dispatch: +permissions: + contents: read + packages: write + jobs: push_to_registry: name: Push Docker image to GitHub Container Registry @@ -50,5 +54,5 @@ jobs: cache-from: type=registry,ref=ghcr.io/misskeyio/misskey:io-buildcache cache-to: type=registry,ref=ghcr.io/misskeyio/misskey:io-buildcache,mode=max tags: | - ghcr.io/misskeyio/misskey:latest + ghcr.io/misskeyio/misskey:io ghcr.io/misskeyio/misskey:${{ env.FORMATTED_BRANCH_NAME }} diff --git a/.github/workflows/docker-main.yml b/.github/workflows/docker-main.yml new file mode 100644 index 000000000..0b0da3e6d --- /dev/null +++ b/.github/workflows/docker-main.yml @@ -0,0 +1,56 @@ +name: Publish Docker image (main) + +on: + push: + branches: + - main + workflow_dispatch: + +permissions: + contents: read + packages: write + +jobs: + push_to_registry: + name: Push Docker image to GitHub Container Registry + runs-on: ubuntu-22.04 + if: github.repository == 'MisskeyIO/misskey' + steps: + - name: Check out the repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: true + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: linux/amd64 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/misskeyio/misskey + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Prepare image tags + run: | + echo "FORMATTED_BRANCH_NAME=$(echo ${{ github.ref_name }} | sed -e 's/\//-/g' )" >> $GITHUB_ENV + - name: Build and Push to GitHub Container Registry + uses: docker/build-push-action@v6 + with: + builder: ${{ steps.buildx.outputs.name }} + context: . + push: true + platforms: ${{ steps.buildx.outputs.platforms }} + provenance: false + labels: ${{ env.FORMATTED_BRANCH_NAME }} + cache-from: type=registry,ref=ghcr.io/misskeyio/misskey:io-buildcache + cache-to: type=registry,ref=ghcr.io/misskeyio/misskey:io-buildcache,mode=max + tags: | + ghcr.io/misskeyio/misskey:latest + ghcr.io/misskeyio/misskey:${{ env.FORMATTED_BRANCH_NAME }} diff --git a/.github/workflows/dockle.yml b/.github/workflows/dockle.yml index 48a06352e..c3ab95938 100644 --- a/.github/workflows/dockle.yml +++ b/.github/workflows/dockle.yml @@ -5,9 +5,14 @@ on: branches: - main - beta + - io - host pull_request: +permissions: + contents: read + packages: read + jobs: dockle: runs-on: ubuntu-latest diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 88e2aceae..e6f7c1c01 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -4,11 +4,12 @@ on: branches-ignore: - 'l10n_develop' +permissions: + contents: read + pull-requests: write + jobs: triage: - permissions: - contents: read - pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/labeler@v5 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c9354e06c..3067cde38 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,6 +5,7 @@ on: branches: - main - beta + - io - host paths: - packages/backend/** @@ -20,6 +21,9 @@ on: - packages/misskey-js/** - packages/shared/.eslintrc.js +permissions: + contents: read + jobs: pnpm_install: runs-on: ubuntu-latest diff --git a/.github/workflows/test-backend.yml b/.github/workflows/test-backend.yml index 507e476bc..8831ff1c4 100644 --- a/.github/workflows/test-backend.yml +++ b/.github/workflows/test-backend.yml @@ -5,6 +5,7 @@ on: branches: - main - beta + - io - host paths: - packages/backend/** @@ -16,6 +17,9 @@ on: # for permissions - packages/misskey-js/** +permissions: + contents: read + jobs: unit: runs-on: ubuntu-latest diff --git a/.github/workflows/test-frontend.yml b/.github/workflows/test-frontend.yml index 400d4f876..d623ec76f 100644 --- a/.github/workflows/test-frontend.yml +++ b/.github/workflows/test-frontend.yml @@ -5,6 +5,7 @@ on: branches: - main - beta + - io - host paths: - packages/frontend/** @@ -21,6 +22,9 @@ on: # for e2e - packages/backend/** +permissions: + contents: read + jobs: vitest: runs-on: ubuntu-latest diff --git a/.github/workflows/test-misskey-js.yml b/.github/workflows/test-misskey-js.yml index 27c804f88..a6b1ad6a4 100644 --- a/.github/workflows/test-misskey-js.yml +++ b/.github/workflows/test-misskey-js.yml @@ -8,6 +8,7 @@ on: branches: - main - beta + - io - host paths: - packages/misskey-js/** @@ -15,6 +16,9 @@ on: paths: - packages/misskey-js/** +permissions: + contents: read + jobs: test: diff --git a/.github/workflows/test-production.yml b/.github/workflows/test-production.yml index 59328851a..ad4780296 100644 --- a/.github/workflows/test-production.yml +++ b/.github/workflows/test-production.yml @@ -5,9 +5,13 @@ on: branches: - main - beta + - io - host pull_request: +permissions: + contents: read + env: NODE_ENV: production diff --git a/.github/workflows/validate-api-json.yml b/.github/workflows/validate-api-json.yml index 32952ccf5..8face6899 100644 --- a/.github/workflows/validate-api-json.yml +++ b/.github/workflows/validate-api-json.yml @@ -5,6 +5,7 @@ on: branches: - main - beta + - io - host paths: - packages/backend/** @@ -12,6 +13,9 @@ on: paths: - packages/backend/** +permissions: + contents: read + jobs: validate-api-json: runs-on: ubuntu-latest