Skip to content
Build and Publish

chore(deps): bump picomatch from 4.0.3 to 4.0.4 in /apps/web #381

Sign in to view logs

chore(deps): bump picomatch from 4.0.3 to 4.0.4 in /apps/web

chore(deps): bump picomatch from 4.0.3 to 4.0.4 in /apps/web #381

Workflow file for this run

.github/workflows/build-publish.yml at 0905466
# ==============================================================================
# MeticAI Build and Publish Workflow
# ==============================================================================
# Builds the unified Docker image and pushes to GitHub Container Registry.
#
# Triggers:
# - Version tags (v*) — created by auto-release.yml when VERSION changes on main
# - Manual workflow dispatch (for emergency rebuilds)
#
# PR builds (no push) are triggered for validation only.
#
# Images:
# ghcr.io/hessius/meticai:latest
# ghcr.io/hessius/meticai:v2.0.0
# ==============================================================================
name: Build and Publish
on:
push:
tags:
- 'v*'
pull_request:
branches:
- main
paths:
- 'apps/**'
- 'docker/**'
workflow_dispatch:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}/meticai
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
submodules: recursive
- name: Set up QEMU
uses: docker/setup-qemu-action@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Log in to Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v4
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v6
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, 'beta') && !contains(github.ref, 'alpha') && !contains(github.ref, 'rc') }}
# Apply 'beta' tag for pre-release versions (alpha/beta/rc)
type=raw,value=beta,enable=${{ startsWith(github.ref, 'refs/tags/v') && (contains(github.ref, 'beta') || contains(github.ref, 'alpha') || contains(github.ref, 'rc')) }}
# INTENTIONAL: Also apply 'beta' tag on stable releases so that users tracking
# the beta-channel image (docker pull meticai:beta) are automatically migrated
# to the final stable release when it drops. Without this, beta-channel users
# would remain pinned to the last pre-release image indefinitely.
type=raw,value=beta,enable=${{ startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, 'beta') && !contains(github.ref, 'alpha') && !contains(github.ref, 'rc') }}
- name: Build and push
uses: docker/build-push-action@v7
with:
context: .
file: docker/Dockerfile.unified
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate SBOM
if: github.event_name != 'pull_request'
uses: anchore/sbom-action@v0
with:
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
test:
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
submodules: recursive
- name: Build test image
run: |
docker build -f docker/Dockerfile.unified -t meticai-test .
- name: Test container starts
run: |
docker run -d --name test-container \
-e GEMINI_API_KEY=test \
-e METICULOUS_IP=127.0.0.1 \
meticai-test
# Wait for container to start
sleep 10
# Check container is running
docker ps | grep test-container
# Check health endpoint
docker exec test-container curl -f http://localhost:3550/health || exit 1
- name: Cleanup
if: always()
run: |
docker stop test-container || true
docker rm test-container || true