name: build-finlab # Construit l'image de la console finance (Claude Code web + toolkit finlab), la pousse sur # notre GHCR, et (sur main) bumpe le manifest k8s. Contrairement à OpenAlice, c'est NOTRE # code (tools/finlab/) : pas de clone amont, pas de patch Dockerfile. on: push: branches: ["main", "feat/**", "claude/**"] paths: - "tools/finlab/**" - ".github/workflows/build-finlab.yml" workflow_dispatch: env: IMAGE: ghcr.io/alkatrazz24/funk-finlab jobs: build: runs-on: ubuntu-latest permissions: contents: write # pour committer le bump du manifest sur main packages: write steps: - name: Checkout uses: actions/checkout@v4 - name: Calcule le tag (sha court) + la liste des tags id: vars run: | TAG="sha-$(git rev-parse --short HEAD)" echo "tag=${TAG}" >> "$GITHUB_OUTPUT" if [ "${{ github.ref }}" = "refs/heads/main" ]; then echo "tags=${IMAGE}:${TAG},${IMAGE}:latest" >> "$GITHUB_OUTPUT" else echo "tags=${IMAGE}:${TAG}" >> "$GITHUB_OUTPUT" fi - name: Log in to GHCR uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build & push uses: docker/build-push-action@v6 with: context: tools/finlab push: true tags: ${{ steps.vars.outputs.tags }} - name: Met à jour le manifest avec le tag (main uniquement) if: github.ref == 'refs/heads/main' run: | sed -i "s|image: ${IMAGE}:.*|image: ${IMAGE}:${{ steps.vars.outputs.tag }}|" \ k8s/apps/finlab/deployment.yaml git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git add k8s/apps/finlab/deployment.yaml if ! git diff --staged --quiet; then git commit -m "ci(finlab): image → ${{ steps.vars.outputs.tag }} [skip ci]" git pull --rebase origin main git push fi