ci(satp-hermes): publish SDK on ghrcio

Signed-off-by: Rafael Belchior <[email protected]>

Author: RafaelAPB

.github/workflows/satp-hermes-docker.yaml

@@ -90,7 +90,6 @@ jobs:
           # Standardized image names for both registries
           BASE_IMAGE_NAME="hyperledger/cacti-satp-hermes-gateway"
           DOCKERHUB_IMAGE="${BASE_IMAGE_NAME}"
-          # GHCR requires the full path with owner
           GHCR_IMAGE="hyperledger-cacti/cacti-satp-hermes-gateway"
           
           {

.github/workflows/satp-hermes-ghcr-gateway-sdk.yaml

@@ -0,0 +1,253 @@
+name: SATP Hermes Gateway SDK - GHCR Publish
+
+# =============================================================================
+# GHCR PUBLISHING WORKFLOW
+# =============================================================================
+#
+# This workflow publishes the SATP Hermes Gateway SDK to GitHub Container Registry (GHCR)
+# with support for both development and production releases.
+#
+# PACKAGE CONFIGURATION:
+#   Organization: @hyperledger
+#   Package: @hyperledger/cactus-plugin-satp-hermes
+#   Registry: https://ghcr.io/
+#
+# VERSION STRATEGY:
+#   Version Source: package.json customMetadata.satp-package-version (0.0.3-beta)
+#   Note: package.json "version" field remains at 2.1.0 for monorepo compatibility.
+#         The workflow dynamically updates version from customMetadata before publishing.
+#   
+#   Development Builds:
+#     Format: {base-version}-dev.{timestamp}
+#     Example: 0.0.3-beta-dev.20250106120000
+#     GHCR Tag: dev
+#     Trigger: Push to main, satp-dev, or satp-stg branches
+#   
+#   Release Builds:
+#     Format: {base-version} or custom version
+#     Example: 0.0.3-beta
+#     GHCR Tags: latest (primary) + version tag (0.0.3-beta)
+#     Trigger: Manual workflow dispatch with is_release=true
+#     Note: Production releases are tagged with both 'latest' and the specific version
+#
+# REQUIRED SECRETS:
+#   GITHUB_TOKEN: Auto-provided by GitHub Actions for GHCR publishing
+#
+# USAGE:
+#   Development Release (Automatic):
+#     git push origin main
+#   
+#   Production Release (Manual):
+#     1. Go to Actions tab
+#     2. Select "SATP Hermes Gateway SDK - GHCR Publish"
+#     3. Click "Run workflow"
+#     4. Set is_release=true
+#     5. Optionally set custom_version
+#
+# VERIFICATION:
+#   ghcr.io/hyperledger-cacti/cacti-satp-hermes-gateway
+#
+# =============================================================================
+
+on:
+  workflow_call:
+    inputs:
+      skip_tests:
+        description: 'Skip test execution (for emergency releases only)'
+        required: false
+        default: false
+        type: boolean
+      is_release:
+        description: 'Create release version using package.json version'
+        required: false
+        default: false
+        type: boolean
+      custom_version:
+        description: 'Custom version tag (leave empty to use package.json version)'
+        required: false
+        type: string
+    outputs:
+      package_version:
+        description: "Package version from package.json"
+        value: ${{ jobs.set-ghcr-tags.outputs.package_version }}
+      tag_suffix:
+        description: "Tag suffix (dev or release)"
+        value: ${{ jobs.set-ghcr-tags.outputs.tag_suffix }}
+      tag_version:
+        description: "Full tag version"
+        value: ${{ jobs.set-ghcr-tags.outputs.tag_version }}
+      ghcr_image:
+        description: "GHCR image name"
+        value: ${{ jobs.set-ghcr-tags.outputs.ghcr_image }}
+      is_release:
+        description: "Whether this is a release build"
+        value: ${{ jobs.set-ghcr-tags.outputs.is_release }}
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+jobs:
+  # Set GHCR tags based on branch and commit information
+  set-ghcr-tags:
+    if: |
+      always() && (
+        (inputs.skip_tests == true && inputs.is_release == true) ||
+        (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/satp-dev' || github.ref == 'refs/heads/satp-stg')) ||
+        (github.event_name == 'pull_request' && (github.base_ref == 'main' || github.base_ref == 'satp-dev' || github.base_ref == 'satp-stg')) ||
+        github.event_name == 'workflow_dispatch'
+      )
+    runs-on: ubuntu-latest-16-cores
+    outputs:
+      package_version: ${{ steps.set_tags.outputs.package_version }}
+      tag_suffix: ${{ steps.set_tags.outputs.tag_suffix }}
+      tag_version: ${{ steps.set_tags.outputs.tag_version }}
+      ghcr_image: ${{ steps.set_tags.outputs.ghcr_image }}
+      is_release: ${{ steps.set_tags.outputs.is_release }}
+    steps:
+      - uses: actions/[email protected]  
+      - name: Set image tags
+        id: set_tags
+        run: |
+          PACKAGE_VERSION=$(node -e "console.log(require('./packages/cactus-plugin-satp-hermes/package.json').customMetadata['satp-package-version'])")
+          IS_RELEASE="${{ inputs.is_release }}"
+          if [ "$IS_RELEASE" = "true" ]; then
+            if [ -n "${{ inputs.custom_version }}" ]; then
+              TAG_VERSION="${{ inputs.custom_version }}"
+              echo "Building release version with custom version: ${{ inputs.custom_version }}"
+            else
+              TAG_VERSION="${PACKAGE_VERSION}"
+              echo "Building release version with satp-package-version: ${PACKAGE_VERSION}"
+            fi
+            TAG_SUFFIX="release"
+          else
+            TAG_SUFFIX="dev"
+            TAG_VERSION="$(date -u +"%Y-%m-%d")-${TAG_SUFFIX}-$(git rev-parse --short HEAD)"
+            echo "Building development version: ${TAG_VERSION}"
+          fi
+          GHCR_IMAGE="hyperledger-cacti/cacti-satp-hermes-gateway"
+          {
+            echo "package_version=${PACKAGE_VERSION}"
+            echo "tag_suffix=${TAG_SUFFIX}"
+            echo "tag_version=${TAG_VERSION}"
+            echo "ghcr_image=${GHCR_IMAGE}"
+            echo "is_release=${IS_RELEASE:-false}"
+          } >> "$GITHUB_OUTPUT"
+      - name: Debug Build Info
+        run: |
+          PACKAGE_VERSION=$(node -e "console.log(require('./packages/cactus-plugin-satp-hermes/package.json').customMetadata['satp-package-version'])")
+          {
+            echo "Debug: Current ref = ${{ github.ref }}"
+            echo "Debug: Event name = ${{ github.event_name }}"
+            echo "Debug: GitHub workspace = ${{ github.workspace }}"
+            echo "Debug: Repository = ${{ github.repository }}"
+            echo "Debug: Building for tag version = ${{ steps.set_tags.outputs.tag_version }}"
+            echo "Debug: Building for ghcr image = ${{ steps.set_tags.outputs.ghcr_image }}"
+            echo "Debug: Node.js version = v22.18.0"
+            echo "Debug: SATP package version = ${PACKAGE_VERSION}"
+            echo "Debug: Commit hash = $(git rev-parse --short HEAD)"
+          }
+
+  # Build Docker image for GHCR
+  build-satp-hermes-ghcr-image:
+    needs: [set-ghcr-tags]
+    if: (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/satp-dev' || github.ref == 'refs/heads/satp-stg')) || (github.event_name == 'pull_request' && (github.base_ref == 'main' || github.base_ref == 'satp-dev' || github.base_ref == 'satp-stg')) || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest-16-cores
+    steps:
+      - uses: actions/[email protected]
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'yarn'
+          cache-dependency-path: yarn.lock
+      - id: yarn-cache
+        name: Initialize Yarn Cache
+        uses: actions/cache@v4
+        with:
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
+          path: ./.yarn/
+          restore-keys: |
+            ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
+      - name: Set working directory
+        run: cd packages/cactus-plugin-satp-hermes           
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: stable
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Configure
+        run: yarn configure
+      - name: Build bundle
+        id: build
+        run: |
+          yarn lerna run build:bundle --scope=@hyperledger/cactus-plugin-satp-hermes
+          echo "success=true" >> "$GITHUB_OUTPUT"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build Docker image (no push)
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/cactus-plugin-satp-hermes
+          file: ./packages/cactus-plugin-satp-hermes/satp-hermes-gateway.Dockerfile
+          push: false
+          tags: |
+            ghcr.io/${{ needs.set-ghcr-tags.outputs.ghcr_image }}:${{ needs.set-ghcr-tags.outputs.tag_version }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  # Publish Docker image to GHCR
+  publish-satp-hermes-ghcr-image:
+    needs: [build-satp-hermes-ghcr-image, set-ghcr-tags]
+    if: (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/satp-dev' || github.ref == 'refs/heads/satp-stg')) || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest-16-cores
+    steps:
+      - uses: actions/[email protected]
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'yarn'
+          cache-dependency-path: yarn.lock
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Configure
+        run: yarn configure
+      - name: Build bundle
+        id: build
+        run: |
+          yarn lerna run build:bundle --scope=@hyperledger/cactus-plugin-satp-hermes
+          echo "success=true" >> "$GITHUB_OUTPUT"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push to GHCR (Release)
+        if: needs.set-ghcr-tags.outputs.is_release == 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/cactus-plugin-satp-hermes
+          file: ./packages/cactus-plugin-satp-hermes/satp-hermes-gateway.Dockerfile
+          push: true
+          tags: |
+            ghcr.io/${{ needs.set-ghcr-tags.outputs.ghcr_image }}:${{ needs.set-ghcr-tags.outputs.tag_version }}
+            ghcr.io/${{ needs.set-ghcr-tags.outputs.ghcr_image }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: Build and push to GHCR (Development)
+        if: needs.set-ghcr-tags.outputs.is_release != 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/cactus-plugin-satp-hermes
+          file: ./packages/cactus-plugin-satp-hermes/satp-hermes-gateway.Dockerfile
+          push: true
+          tags: |
+            ghcr.io/${{ needs.set-ghcr-tags.outputs.ghcr_image }}:${{ needs.set-ghcr-tags.outputs.tag_version }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/satp-hermes-npmjs-gateway-sdk.yaml

@@ -1,7 +1,7 @@
 name: SATP Hermes Gateway SDK - NPM Publish
 
 # =============================================================================
-# NPM PUBLISHING WORKFLOW DOCUMENTATION
+# NPM PUBLISHING WORKFLOW
 # =============================================================================
 #
 # This workflow publishes the SATP Hermes Gateway SDK to npmjs.org and GitHub