openova/.github/workflows/console-build.yaml

name: Build & Deploy Catalyst Console

on:
  push:
    paths: ['core/console/**']
    branches: [main]
  workflow_dispatch:

env:
  REGISTRY: ghcr.io
  IMAGE: ghcr.io/openova-io/openova/console

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    outputs:
      sha_short: ${{ steps.vars.outputs.sha_short }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set short SHA
        id: vars
        run: echo "sha_short=$(echo $GITHUB_SHA | head -c 7)" >> "$GITHUB_OUTPUT"

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: core/console
          file: core/console/Containerfile
          push: true
          tags: |
            ${{ env.IMAGE }}:${{ steps.vars.outputs.sha_short }}
            ${{ env.IMAGE }}:latest            

  deploy:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Update deployment manifest
        run: |
          SHA=$(echo $GITHUB_SHA | head -c 7)
          FILE="products/catalyst/chart/templates/sme-services/console.yaml"
          if [ -f "$FILE" ]; then
            sed -i "s|image: ${IMAGE}:.*|image: ${IMAGE}:${SHA}|" "$FILE"
          fi          

      # TBD-V32 / openova-io/openova#2062 — race-safe push via the shared
      # composite action.
      - name: Commit and push
        uses: ./.github/actions/deploy-bump
        with:
          paths: products/catalyst/chart/templates/sme-services/console.yaml
          commit-message: "deploy: update Catalyst console image to ${{ needs.build.outputs.sha_short }}"