release.yml

name: Release

on:
  push:
    branches:
      - master
  workflow_dispatch:

permissions:
  contents: write

jobs:
  release:
    runs-on: ubuntu-24.04
    outputs:
      published: ${{ steps.semantic.outputs.new_release_published }}
      version: ${{ steps.semantic.outputs.new_release_version }}
    steps:
      - uses: actions/checkout@v6

      - name: Set up Node
        uses: actions/setup-node@v6
        with:
          node-version: 24

      - name: Install dependencies
        run: |
          npm ci

      - name: Semantic Release
        id: semantic
        uses: cycjimmy/semantic-release-action@v6.0.0
        with:
          semantic_version: 24.1.0
          extra_plugins: |
            @semantic-release/commit-analyzer
            @semantic-release/release-notes-generator
            @semantic-release/github
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  publish:
    needs:
      - release
    if: needs.release.outputs.published == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    steps:
      - id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            supabase/storage-api
            public.ecr.aws/supabase/storage-api
            436098097459.dkr.ecr.us-east-1.amazonaws.com/storage-api
            646182064048.dkr.ecr.us-east-1.amazonaws.com/storage-api
            ghcr.io/supabase/storage-api
          tags: |
            type=raw,value=v${{ needs.release.outputs.version }}

      - uses: docker/setup-qemu-action@v3
        with:
          platforms: amd64,arm64
      - uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: configure aws credentials - staging
        uses: aws-actions/configure-aws-credentials@v5
        with:
          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
          aws-region: "us-east-1"

      - name: Login to ECR account - staging
        uses: docker/login-action@v3
        with:
          registry: 436098097459.dkr.ecr.us-east-1.amazonaws.com

      - name: configure aws credentials - prod
        uses: aws-actions/configure-aws-credentials@v5
        with:
          role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
          aws-region: "us-east-1"

      - name: Login to ECR - prod
        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws

      - name: Login to ECR account - prod
        uses: docker/login-action@v3
        with:
          registry: 646182064048.dkr.ecr.us-east-1.amazonaws.com

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/build-push-action@v6
        with:
          push: true
          platforms: linux/amd64,linux/arm64
          tags: ${{ steps.meta.outputs.tags }}
          build-args: |
            VERSION=${{ needs.release.outputs.version }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

  publish_pgbouncer:
    needs:
      - release
    if: needs.release.outputs.published == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@v4

      - id: meta
        uses: docker/metadata-action@v4
        with:
          images: |
            436098097459.dkr.ecr.us-east-1.amazonaws.com/storage-pgbouncer
            646182064048.dkr.ecr.us-east-1.amazonaws.com/storage-pgbouncer
          tags: |
            type=raw,value=v${{ needs.release.outputs.version }}

      - uses: docker/setup-buildx-action@v2

      - name: configure aws credentials - staging
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
          aws-region: "us-east-1"

      - name: Login to ECR account - staging
        uses: docker/login-action@v2
        with:
          registry: 436098097459.dkr.ecr.us-east-1.amazonaws.com

      - name: configure aws credentials - prod
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
          aws-region: "us-east-1"

      - name: Login to ECR account - prod
        uses: docker/login-action@v2
        with:
          registry: 646182064048.dkr.ecr.us-east-1.amazonaws.com

      - uses: docker/build-push-action@v3
        with:
          push: true
          context: .docker/pgbouncer
          platforms: linux/amd64
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha,scope=pgbouncer
          cache-to: type=gha,mode=max,scope=pgbouncer

  mirror:
    runs-on: ubuntu-latest
    needs:
      - release
      - publish
    permissions:
      contents: read
      packages: write
      id-token: write
    steps:
      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: configure aws credentials
        uses: aws-actions/configure-aws-credentials@v5
        with:
          role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
          aws-region: "us-east-1"
      - uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: akhilerm/tag-push-action@v2.2.0
        with:
          src: docker.io/supabase/storage-api:v${{ needs.release.outputs.version }}
          dst: |
            public.ecr.aws/supabase/storage-api:latest
            docker.io/supabase/storage-api:latest
            ghcr.io/supabase/storage-api:latest