💚(repo) fix CI and general cleanup (#12)

2026-02-21 00:49:44 +01:00
parent 4f4eccd9c8
commit 3e11794d02
30 changed files with 152 additions and 222 deletions
--- a/.github/workflows/docker-hub.yml
+++ b/.github/workflows/docker-hub.yml
@@ -24,6 +24,7 @@ jobs:
        uses: actions/checkout@v6
      -
        name: Set up QEMU
+        if: github.event_name != 'pull_request'
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
@@ -41,19 +42,13 @@ jobs:
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-      -
-        name: Run trivy scan
-        uses: numerique-gouv/action-trivy-cache@main
-        with:
-          docker-build-args: '--target backend-production -f Dockerfile'
-          docker-image-name: 'docker.io/lasuite/calendars-backend:${{ github.sha }}'
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
-          context: .
+          context: ./src/backend
          target: backend-production
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ github.event_name != 'pull_request' && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
          build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
@@ -67,6 +62,7 @@ jobs:
        uses: actions/checkout@v6
      -
        name: Set up QEMU
+        if: github.event_name != 'pull_request'
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
@@ -85,34 +81,28 @@ jobs:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
-        name: Run trivy scan
-        uses: numerique-gouv/action-trivy-cache@main
-        with:
-          docker-build-args: '-f src/frontend/Dockerfile --target frontend-production'
-          docker-image-name: 'docker.io/lasuite/calendars-frontend:${{ github.sha }}'
-      -
-        name: Build and push
+        name: Build SSG assets (platform-independent, amd64 only)
        uses: docker/build-push-action@v6
        with:
-          context: .
-          file: ./src/frontend/Dockerfile
-          target: frontend-production
-          platforms: linux/amd64,linux/arm64
+          context: ./src/frontend
+          target: calendars-builder
+          platforms: linux/amd64
+          load: true
+          tags: calendars-builder:local
+      -
+        name: Extract SSG build output
+        run: |
+          docker create --name extract calendars-builder:local
+          docker cp extract:/home/frontend/apps/calendars/out ./src/frontend/out
+          docker rm extract
+      -
+        name: Build and push nginx image (multi-arch)
+        uses: docker/build-push-action@v6
+        with:
+          context: ./src/frontend
+          file: ./src/frontend/Dockerfile.nginx
+          platforms: ${{ github.event_name != 'pull_request' && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
          build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
-
-  notify-argocd:
-    needs:
-      - build-and-push-frontend
-      - build-and-push-backend
-    runs-on: ubuntu-latest
-    if: github.event_name != 'pull_request'
-    steps:
-      - uses: numerique-gouv/action-argocd-webhook-notification@main
-        id: notify
-        with:
-          deployment_repo_path: "${{ secrets.DEPLOYMENT_REPO_URL }}"
-          argocd_webhook_secret: "${{ secrets.ARGOCD_PREPROD_WEBHOOK_SECRET }}"
-          argocd_url: "${{ vars.ARGOCD_PREPROD_WEBHOOK_URL }}"