portfolio/.gitea/workflows/publish.yml

name: Build And Publish
run-name: ${{ gitea.actor }} runs ci pipeline
on: [ push ]

jobs:
  BuildAndPublish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: https://github.com/actions/checkout@v4

      - name: Use Node.js
        uses: https://github.com/actions/setup-node@v3
        with:
          node-version: '18.17.0'

      - name: Decrypt secrets
        run: ./decrypt_secrets.sh
        env:
          SECRET_PASSPHRASE: ${{ secrets.SECRET_PASSPHRASE }}

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{secrets.DOCKER_HUB_USERNAME}}
          password: ${{secrets.DOCKER_HUB_PASSWORD}}

      - name: Set up Docker Buildx
        uses: https://github.com/docker/setup-buildx-action@v3
        with:
          config-inline: |
            [registry."docker.io"]
              mirrors = ["mirror.gcr.io"]                        

      - name: Build and push Docker image
        uses: https://github.com/docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1
          secrets: |
            "NEXT_PUBLIC_SUPABASE_URL=${{ secret.NEXT_PUBLIC_SUPABASE_URL }}"
            "NEXT_PUBLIC_SUPABASE_ANON_KEY=${{ secret.NEXT_PUBLIC_SUPABASE_ANON_KEY }}"
            "SUPABASE_SERVICE_ROLE_KEY=${{ secret.SUPABASE_SERVICE_ROLE_KEY }}"            

      - name: Stop the docker container
        continue-on-error: true
        run: sudo docker stop portfolio

      - name: Remove the docker container
        continue-on-error: true
        run: sudo docker rm portfolio

      - name: Pull the Docker image
        run: sudo docker pull ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1

      - name: Run the Docker container
        run: sudo docker run -d --restart unless-stopped --env-file ./.env --name portfolio -p ${{vars.TAILSCALE_IP}}:3000:3000 ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1