ci: migrate to main branch only

Robert27 · Robert27 · commit fb977711691a · 2025-04-25T11:08:48.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,9 +1,9 @@
 name: CI - Biome and TypeScript
 on:
   push:
-    branches: [develop, main]
+    branches: [main]
   pull_request:
-    branches: [develop, main]
+    branches: [main]
 jobs:
   test:
     name: Run biome and typescript checks
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -13,9 +13,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: ["main", "develop"]
+    branches: "main"
   pull_request:
-    branches: ["main", "develop"]
+    branches: "main"
   schedule:
     - cron: "19 20 * * 3"
 
diff --git a/.github/workflows/deploy-webapp.yml b/.github/workflows/deploy-webapp.yml
@@ -1,11 +1,9 @@
-name: Create and publish a Docker image
+name: Build and publish alpha Docker image
 
-# Configures this workflow to run on push to the develop branch and on tag creation.
+# Only run this workflow on pushes to main branch, not on tags
 on:
   push:
-    branches: ["develop"]
-    tags:
-      - "*"
+    branches: ["main"]
 
 # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
 env:
@@ -38,6 +36,12 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # For pushes to main, add the 'alpha-latest' tag
+            type=raw,value=alpha-latest
+          flavor: |
+            # Don't use the 'latest' tag at all
+            latest=false
       # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
       # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
       # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
@@ -49,9 +53,9 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: |
             ${{ steps.meta.outputs.labels }}
-            ${{ !startsWith(github.ref, 'refs/tags/') && 'develop' || 'release' }}
+            type=alpha
           build-args: |
             EXPO_PUBLIC_THI_API_KEY=${{ secrets.EXPO_PUBLIC_THI_API_KEY }}
-            EXPO_PUBLIC_NEULAND_GRAPHQL_ENDPOINT=${{ !startsWith(github.ref, 'refs/tags/') && vars.GRAPHQL_ENDPOINT_DEV || vars.GRAPHQL_ENDPOINT_PROD }}
+            EXPO_PUBLIC_NEULAND_GRAPHQL_ENDPOINT=${{ vars.GRAPHQL_ENDPOINT_DEV }}
             EXPO_PUBLIC_APTABASE_KEY=${{ secrets.EXPO_PUBLIC_APTABASE_KEY }}
             EXPO_PUBLIC_GIT_COMMIT_HASH=${{ github.sha }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,6 +5,10 @@ on:
     tags:
       - "*"
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}/webapp
+
 jobs:
   changelog:
     name: Generate changelog
@@ -45,6 +49,66 @@ jobs:
           body: ${{ steps.git-cliff.outputs.content }}
           prerelease: ${{ env.PRERELEASE }}
 
+  build-docker-image:
+    name: Build and publish Docker image
+    runs-on: ubuntu-latest
+    needs: changelog
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Determine if prerelease
+        run: |
+          if [[ "${{ github.ref }}" =~ - ]]; then
+              echo "PRERELEASE=true" >> $GITHUB_ENV
+              echo "TAG_TYPE=beta" >> $GITHUB_ENV
+              echo "ENDPOINT=DEV" >> $GITHUB_ENV
+          else
+              echo "PRERELEASE=false" >> $GITHUB_ENV
+              echo "TAG_TYPE=release" >> $GITHUB_ENV
+              echo "ENDPOINT=PROD" >> $GITHUB_ENV
+          fi
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract tag name
+        id: tag_name
+        run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ steps.tag_name.outputs.TAG }}
+            type=raw,value=${{ env.TAG_TYPE }}-latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
+            type=${{ env.TAG_TYPE }}
+          build-args: |
+            EXPO_PUBLIC_THI_API_KEY=${{ secrets.EXPO_PUBLIC_THI_API_KEY }}
+            EXPO_PUBLIC_NEULAND_GRAPHQL_ENDPOINT=${{ vars.GRAPHQL_ENDPOINT_PROD }}
+            EXPO_PUBLIC_APTABASE_KEY=${{ secrets.EXPO_PUBLIC_APTABASE_KEY }}
+            EXPO_PUBLIC_GIT_COMMIT_HASH=${{ github.sha }}
+
   build-android:
     name: Build Android app
     runs-on: ubuntu-latest
