dashboard.yml

name: Dashboard

on:
  pull_request:
    paths:
      - .github/workflows/dashboard.yml
      - 'frontend/dashboard/**'
  push:
    branches:
      - 'main'
    paths:
      - .github/workflows/dashboard.yml
      - 'frontend/dashboard/**'
    tags:
      - 'v*'

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: measure-sh/dashboard

jobs:
  unit-test:
    name: Run dashboard unit tests
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: frontend/dashboard
    timeout-minutes: 10
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20.x'

      - name: Install dependencies for CI
        run: npm ci

      - name: Run Jest tests
        run: npm test

  push:
    name: Build and push image
    runs-on: ubuntu-latest
    if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
    needs: [unit-test]
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Login to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - name: Build and push OCI image
        id: push
        uses: docker/build-push-action@v6
        with:
          context: frontend/dashboard
          file: frontend/dashboard/dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: |
            org.opencontainers.image.source=https://github.com/measure-sh/measure/tree/${{ github.ref_name }}/frontend/dashboard/dockerfile
            org.opencontainers.image.description=Measure Dashboard App
            org.opencontainers.image.licenses=Apache-2.0

      - name: Generate artifact attestation
        uses: actions/attest-build-provenance@v1
        with:
          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          subject-digest: ${{ steps.push.outputs.digest }}
          push-to-registry: true