Setup cicd

.github/composite/build-images/action.yaml

@@ -0,0 +1,18 @@
+name: Build & deploy Docker images
+description: Builds and deploys all Docker images
+
+inputs:
+  VERSION:
+    description: 'Current GitHub tag version. if you are testing, just pass in something random like "test"'
+    required: true
+  SHOULD_UPLOAD:
+    description: '"true" or "false"'
+    required: true
+    default: "true"
+
+runs:
+  using: composite
+  steps:
+    - name: Run script
+      shell: bash
+      run: bun run .github/scripts/src/build-images --ver="${{ inputs.VERSION }}" --shouldUpload "${{ inputs.SHOULD_UPLOAD }}"

.github/composite/create-tag/action.yaml

@@ -0,0 +1,10 @@
+name: Create new tag
+description: Creates new tag and triggers continuous deployment.
+
+runs:
+  using: composite
+  steps:
+    - name: Create new tag
+      shell: bash
+      id: build-image
+      run: bun run .github/scripts/src/create-tag

.github/composite/setup/action.yaml

@@ -0,0 +1,36 @@
+name: "Setup"
+description: "Setup dependencies required to run pipelines"
+
+inputs:
+  GITHUB_TOKEN:
+    description: "GitHub token used to send message"
+    required: false
+    default: ${{ github.token }}
+  AZURE_CLIENT_ID:
+    description: "Azure client ID if azure authentication is required."
+    required: false
+  AZURE_CLIENT_SECRET:
+    description: "Azure client secret if azure authentication is required."
+    required: false
+  AZURE_TENANT_ID:
+    description: "Azure tenant ID if azure authentication is required."
+    required: false
+  AZURE_SUBSCRIPTION_ID:
+    description: "Azure subscription ID if azure authentication is required."
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup
+      uses: tahminator/pipeline/actions/setup@1.0.46
+      with:
+        AZURE_CLIENT_ID: ${{ inputs.AZURE_CLIENT_ID }}
+        AZURE_CLIENT_SECRET: ${{ inputs.AZURE_CLIENT_SECRET }}
+        AZURE_TENANT_ID: ${{ inputs.AZURE_TENANT_ID }}
+        AZURE_SUBSCRIPTION_ID: ${{ inputs.AZURE_SUBSCRIPTION_ID }}
+        INSTALL_SOPS: true
+
+    - name: Test CI scripts
+      shell: bash
+      run: bun run --cwd .github/scripts test

.github/scripts/src/build-image/index.ts → .github/scripts/src/build-images/index.ts

@@ -2,18 +2,26 @@ import {
   DockerClient,
   EnvClient,
   EnvClientStrategy,
+  Utils,
 } from "@tahminator/pipeline";
 import yargs from "yargs";
 import { hideBin } from "yargs/helpers";
 
-const { tag } = await yargs(hideBin(process.argv))
-  .option("tag", {
+const { ver, shouldUpload } = await yargs(hideBin(process.argv))
+  .option("ver", {
     type: "string",
     demandOption: true,
   })
+  .option("shouldUpload", {
+    type: "boolean",
+    demandOption: true,
+    default: true,
+  })
   .strict()
   .parse();
 
+const targets = ["pg-az"] as const;
+
 export async function main() {
   const envClient = EnvClient.create(EnvClientStrategy.SOPS);
   const { dockerHubPat, dockerHubUsername } = parseCiEnv(
@@ -24,12 +32,17 @@ export async function main() {
     dockerHubPat,
   );
 
-  await dockerClient.buildImage({
-    dockerFileLocation: "src/Dockerfile",
-    shouldUpload: true,
-    dockerRepository: "pg-az",
-    tags: ["latest", tag],
-  });
+  for (const target of targets) {
+    const dir = `src/${target}` as const;
+    const dockerFileLocation = `${dir}/Dockerfile` as const;
+    console.log(Utils.Colors.cyan(`Building ${dockerFileLocation}...`));
+    await dockerClient.buildImage({
+      dockerFileLocation,
+      shouldUpload,
+      dockerRepository: target,
+      tags: ["latest", ver],
+    });
+  }
 }
 
 function parseCiEnv(ciEnv: Record<string, string>) {
@@ -51,3 +64,12 @@ function parseCiEnv(ciEnv: Record<string, string>) {
 
   return { dockerHubPat, dockerHubUsername };
 }
+
+main()
+  .then(() => {
+    process.exit(0);
+  })
+  .catch((e) => {
+    console.error(e);
+    process.exit(1);
+  });

.github/workflows/cd.yaml

@@ -0,0 +1,35 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/refs/heads/master/src/schemas/json/github-workflow.json
+name: CD
+run-name: Running continuous deployment on ${{ github.actor }}'s commits
+
+on:
+  push:
+    tags:
+      - "*"
+
+concurrency:
+  group: cd
+  cancel-in-progress: false
+
+jobs:
+  buildAndDeploy:
+    name: Build & Deploy all Docker images
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Setup pipeline
+        uses: ./.github/composite/setup
+        with:
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Build images
+        uses: ./.github/composite/build-images
+        with:
+          VERSION: ${{ github.ref_name }}
+          SHOULD_UPLOAD: "true"

.github/workflows/ci.yaml

@@ -0,0 +1,64 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/refs/heads/master/src/schemas/json/github-workflow.json
+name: CI
+run-name: Running continuous integration on ${{ github.actor }}'s commits
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+concurrency:
+  group: ci-cd-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  testBuildImages:
+    name: Test Build All Docker images
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Setup pipeline
+        uses: ./.github/composite/setup
+        with:
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Build images
+        uses: ./.github/composite/build-images
+        with:
+          VERSION: "test"
+          SHOULD_UPLOAD: "false"
+
+  createTag:
+    name: Create new tag
+    runs-on: ubuntu-latest
+    needs: [testBuildImages]
+
+    if: github.ref_name == 'main'
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Setup pipeline
+        uses: ./.github/composite/setup
+        with:
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Create new tag
+        uses: ./.github/composite/create-tag

secrets.yaml

@@ -1,14 +1,16 @@
-GITHUB_APP_APP_ID: ENC[AES256_GCM,data:PULNlJPaOg==,iv:UkLRiY2j8ElBLhMQyWqAYMN83zOY9d/xcFedy7C+wmo=,tag:bH9Nw+5SRQ1HH3ZrOFTpiA==,type:str]
-GITHUB_APP_INSTALLATION_ID: ENC[AES256_GCM,data:eE2DQmcl4lXs,iv:A+3vDh/M2AWRH1F3lPgWLzungjR5YPpBVuOzPeVA/t4=,tag:URXFOSd9wL35qHVYC17D5A==,type:int]
-GITHUB_APP_PEM_CONTENT: ENC[AES256_GCM,data:yk+zb0A+4epMEINK4KkNN0hv1akwHJcr5nM7dLctgtAOWbkewiSPzefyr3wp/pJHe7DNTZBunBwt55k4sHMLIf/nvEQyNEAMz4mB5OCNKDNP5OcyvYvaupfLwDI+eMNx0voitjXWvkEYZZWaT4kudoGHlLosA4v8/mEUSdKJAEU/Mmvl+33pbK32fDC2cLQxPfpOhdyuxKNa8+MLkxDTYBwQIOgTdYqo4UEgleqRmesLV7cf29Y8d7/+AA3YA2qd4ERwt2PTOKE4NRSI3YIzr99enOkm2lwPrl0225b7l15LxAAIk9oEOj6KmuoYZ2JMbStx+h8j+wy6VJqxbG0vRd1vUH7UwsrbsL/XsUy9IrYMHWIv+wOsq8uBbpoHlNR4y6V3c72Elqa0IUjBM7cmxWohrNFQS8kYFV59a80kfnrb4FTZu6vD8YXN+uMIZyMcz7Z1kwWcpTwj6+bOrFIkUPWJXlTFQbxOLumKtfLER1YZxzzpVUz9mEe/EBrUZCSxppviaeNp3ZdL+g5MUemXcYYeygYRsqCt4+qZeyoU4KrzEv7fX6kyKmgDqvyHcCw2s0ep5j6zYnxBRiSJdMjqkcipaAzmTAKuJKseicrwIXs/KD6+Rss74Ps5Penf7R1yqU7TFsKH9pgQ6LiwTJ9L2We/EXjhSHBSr9/sAgN0mDcW+Qj5EBRjJID48OUQ/hvQ61aGEukmJszrQ30Xib1duqtkOUisv/ssSDHwOy4YYR7cB0YHPpqbxG04GDVeZypZnBBpFSS32glSFfLnckgM3LOEOoOrtYXPdRiY4ezCXcsX3+mD1WSVBr2w2qjXD8K1esXRQ0HOok3CnEF27aGOy/qYTUh8wpazyVSDCQ1wId25P+8L8LlKvBGFTbcPncoMMtjnzgulL78juGOS21NpFgGBFF/PKWVRROeoKi+vRW6A9O2W04sGSBkGlqaogg5N0omyZkIi0Jz5G0nFDbWG2jKFghDcf1cIEAEw7H8L0urKF4UZvhUVbyFRVbssEZ8Jh7eUZPh3kdadMBz9fPmHl4p/ULqr0Jvl4xPNiP+KMafkhyF6q7ZZE6VECIeVMgkHgU7RPhRQMcf6Q2Ja2bu6yhwQ6SArZe5byPLc3EOBaUbqDTZKc+oOrMkPcr0ho3b3KUUD782CFTiNb/zJBKHLDAs4hH8/HY9Orquce9BCgCZgMeKS9Rafi+1N3helAM5Ovxbu8T7z7pzEsB+DAdOj9Y6YnHvSXFoG9AbHdHLeMvLKXrdjKDbym5Y2NHstEuF9Dei5uQKjOQlnE+4BHQ8gj9noNsoSUJwZ6iNABGxcUaU+dvL+b5kv3cD284gHcZ4ypUU+han19Or+aPdQk+R7cpkaLAwmnKMjVJ/tSsTvux2lv8z1gGIxGhQZ3F172MYwm9PYV/j1beEAu/nTRDkaztRaD8WklGf5bTjUfA+oexbnDKkMSFtT3Vmwfjtkl5Dv/YwM5AgZAYeJFrOXVQieWz9LHWU4pJ9hvMglU/ijaF3ArqLlAR3v4PVGGeOda9MWJulJ+BcU/6Q9HpxrS/UL2vNfhQYUHMcPSm7O7Ftt8YjcdXGdvmCZdBI5fbDagUbh7fe2bCGp1MsPibLr0X3GDPguIfbJtiE4z8C930T1nlCruSBPLRJ1Qt4LtfXQZAkwDZ1eVqxEeqifU/QlZgYEReEouKymXIFJkN+nUJuroupyrPrrx/jxYIXuaOCTPFeQg4hgVYbBj0ueIK6YZrfL7uHbi+o3VvQTUBc5e0UPge34D+87fPBSKcRheSwUiRXQpE8s9XN9qEmy1SVry3ni8K8hnXFRcPsPMNp9uZ9Fh8NMMaaq/bYFkM1GVHDlsPHo9GsRr+0Z4yDopfLpcpZJFArS8A/oXeUS7G0XYIQEPfve57K5uYsw27aU+g90sr6eLfJ7/yl/ph7aS5GgMZZpK4OcMiD7uI7KxID7/fZ4aaVnwiegncO8E5i1hbLl+cAyUlGMJScilQ6ZmLo3hayYMM7krW+9M+9genCIuPljFogUtiwayAfdBV0BLhPB/qTVhI0R0PTKQiKPo3jzoMwNczdOFRWg+AufmC+GaAHrjWm57rsnoeQ8+bAVCCc6sHN/1eiFrepxqrhQRT1So5q9YKGhEoLs+1ARFZ8M/VI9HNRPaverT9c2ZFoMoYxTIDRBQQz1dVkTerDe9YI4wGT/issQbIvcnb+Af/aghgEb2uRQAzBR/275zV1uUQosxTs=,iv:0s0H8DAvgm3MBVR/+S7VzPX2ztaiI649GnINpvZ0sl4=,tag:BYRHaXnLPDOKF5ZcpQn/Lw==,type:str]
+GITHUB_APP_APP_ID: ENC[AES256_GCM,data:a6UayMcf0g==,iv:Ora5gr+bo3y5cbdV9o9cKhq2l7E9KQFIT61QsHz5pFA=,tag:a+mB7gVha1QvN3DDIsVWWw==,type:str]
+GITHUB_APP_INSTALLATION_ID: ENC[AES256_GCM,data:OKXr3XagggPm,iv:Ob7SCBJYaMSrfu5MjffIj6aGRsrRIA3Lyk/lb8UTmJo=,tag:aYWpPTV4ZVsr8EVT//nhtg==,type:int]
+GITHUB_APP_PEM_CONTENT: ENC[AES256_GCM,data:2bXF+3SrBOaJ4p4/Zz9yfN6YeStBqjAUXGcT2NiS4uRDUP5e42eApG9DaqcDpeqtekh+GO67cGzDO/LuN+bkunOXreFZtUj6tZ/IEI61nyZOoCutQdVjs+JTSmNv4gxJQwK9MLYBAYuTPdn0qbZvoVmoOniN2qnkt/och9sbUsf01lfbCXeOrYhgdsdcCeQD1OVCLOyeaX5p4NvDbg9hTO2ubY+fY8SluaDQRhfzWmpIPWIY/K4SIJJ6nFfKMIcbmDWo+5RIUCMfw6oLVitbhB9zvCPguhSaUWTCFOFIHn7U28LI3a75dObhXHE3Ja8DEiT14un2vbChNjSnIFERXzlS7uj8NdOO+XfxhRsddXgSR62FQ2Ta0ESmLqgNcsKz9wJPMd3NaQPkZElSeh7lMy2oDxw/yElGE6oarcvIqPXKkPQjRz9Rm70LgxGe797swkKj1RMjIkKsGG6+5WrFf6ljc6YetUnVpgukmpqLtOe5JAB9gy5W1IpHxz0K7M3u11WLrmsLC+NoaG86zwoHNtgOGVTOTZ4/HBG/dkYzp20NJm4wS3lpCQJBjQaGd/kC4Ec4GABZh1lQGYUcoklNrujTI1SXYm1w+Bt7IVEy8ppod/vj85U45fSqFOK8bf5ER8m/JZpAFS/6x6DNIMtzmYN2PCCo5P53zl44HWhRNSe57/iCkPCRvUrKPiSX5BKEevGWsjEOsoaoUqT+HWlh41NacjEDFY00/WnrL8vVh4a811a8poz3inlieaCZC3YmYgGCU3GYDCOJSjBKAMpyzWRTd+MYZKz3oQVZ2NwDbeNYg+wX8B9X+KO4ecRg3p8B2wyI7dKd+Gknb7KLmrKXOEWZBVjfVX+cOhPr/uBAcL5j+bfN5JtEy+zK+EHgWy32HCx2kJT1Le365+DgbRfviTLHZvaQLX1Z0Mr0OK8LFUIDDS74p8SWoRrqa+DKsBITcJXkeBeczG6rfRG2L7LTei7xT5Jm/z1qBU+F8NU7ju0WnVjTop42gzJ3dDLdD5Jw8qrwQmdURntn3t8WaQwzyGgwt0adhzjwUDnFHJfE3dydHIWsJYzzQGrVV3wPUXdLigRZLvaB4sZFNzb+eh/Ak/JlPh+SISoDzhSV/aK1bg6wOttYjRl1XzDOQGJNJqd8a3KR0B0tP6Le/g0CMtCZ5mc8XPBjCGwqL/D+yRDIBsT/8BbsKWxoaYCQt22IbEbIVtbo8DYxxpy3HdqMDd6N4/1jyZ7w9QnMvltZGbY1ZMhm6D5qmCWHpo32JySeT+Mn4eHbRl2trWYeGWEV8Jrxfsf/LhPhFizYjtTQlorP1oXFp4aFYZFuC6hG+IIyC1PlQ6ola3gp4x4ypOkYHB8UZNYwFX3yl+Ocy95o7Y0xX9+C+RZ1GA8+Jo2vQgIvJ91HiMGF7Wzbpxt0yIbUJPHzTJoHRRdy80wbKW+TYV1kcmZIwbXbcMi9P2yiA9WL50VOf7ImS6WFRw2nB9zJafj2da5kP17jZLF6Eghm1U3TtIPZZX4iyW1B8vqWxit5dvAeI+1VUm+5idrZO90Ai1zleY5slDYh/b1Bi+uGl4H7hGRDD8DJQKRWVMB68wWgsb9ZO2rG2WBbwDV4GIlaUCdS0B0M67wyQ8PeDvVcuLdPdMrBwYQUrmWe/Vtuv184F5zT+xRHRumclTZ9/V2DJdtHUvJbUD0pxjqyt7twwsv/RsUa1OLiG2XRFoDaOAxGJpkfVzlEZTrI5QoBvd6ik7xAAJ8xKV2QsbtAe0kDPkKk8vHy6EMyyEi+Wn0ZWhZT+58lu9s0SUwhbQFeklwwF95NSauizjTJ1q4Qwv8N4kIEZ/KDlpgkYQTg7tHJBKFhtsbNnbzDghYrxasagD/sFrcCEdwTyjNhxU/mRilBu9FKxG8Y77WG4L24zVvogDnL2cL9bD5xBvYsDwHXQkQQpe4nTi5xYp3U8CcskguH9A9a2YRmJGIBhXbX1JuwbClXLQSpvzQgFgLWietfJf8upVuKH53FhKPANR0YRdp8LhR3M8y/P2VhppI8nzkAIAHJBk8Df0v6hYVe/s695pdsEtcInlIxRkV+I5p7GgSB/dRGlkAWYk55vA/1LQ6a+QOrewI6hoyUpsOw0SVO2T+GJ4eOIlxNiD0kB+21JRET8LFaxstAgmWdMb/m+0niPWHJf8aQcCPQ+6gNkg9pofiaiJ6u+3n5FOmvEV2kc5EuPlj37uqWNo9OcX1FlGdnsxY06NQ=,iv:z/uhI0IuC7GiMBlClfIP0spLGC3M5orPYTsWJHKjR/g=,tag:KDcewawhSWd7w9cOpWELww==,type:str]
+DOCKER_HUB_USERNAME: ENC[AES256_GCM,data:3DU+VGZgaphXDvbv2A==,iv:e/WWxwG6I3HNoNS5kupBYYFmrUcYuXWSK0lW2vyl+EU=,tag:ei/CdHcv62dN1ICkR1BAEQ==,type:str]
+DOCKER_HUB_PAT: ENC[AES256_GCM,data:8auzDoxirFYlx+YmRpLe0eU4vGUV5tAUqCmZrkobQdWhZDJo,iv:XepoTkJzE1ilTl3fnCLc2c3VER9ePqpEgjBEbnL/UcM=,tag:fQDMP6sP6shiG6OmgyzHFQ==,type:str]
 sops:
   azure_kv:
     - vault_url: https://sops-master.vault.azure.net
       name: sops-key
       version: 90784f2986de4514934b4d1f682d3e59
-      created_at: "2026-04-22T05:26:13Z"
-      enc: db--pPth2_J54fAA10z2NwT2VsMHo0BJf1hM4_Mz0p7vIAy-reR2Bro4crcn4UkhWR8HIsCkVVX30C6t0FlD3Dvj0FRYswnXLhAAUkr5R3ZVbEVHL8alT4fX56vol6uNrAIAjrsI3QeQN2EH3axu55G4EOqBwPmvI-2Qb9ihHRkQUra5qpHJPJRXb8xor5N-alN4VRzdblFqClqKkaq8N-WIDtyvdth0A9VtR5ZmT12r4O9if56mihpo6OE1SWE1_RRefjUjtTKQt-BrVDixhNkUpQm5c-vzPOo-hpnvDIYAl3HeVlTl_Ce7zw6TS96sEdklA3jQn0R43hJ4RrahsA
-  lastmodified: "2026-04-22T05:26:16Z"
-  mac: ENC[AES256_GCM,data:LkqOmJQ3h5Kf6TZM1KY70t3DFunwigkdfySnJwLst/JJHGr/63TxAy3VTGHX/GZ8QHI6kC+iJquJsVTeqtqZq6Y2fx+wA4XCfxPR3Sukb0k4P8nPmh2QBvnhxoslaBYVRxewHiN41D1Zo9Mwfv7jgBWRwuvbde690Ildreqol5A=,iv:EZVS+LyE4BTc+0zPqnnRCSI9Fc2helDC3QYXgBm0ZWg=,tag:BhuNwd701WDdOxvIT1CVVA==,type:str]
+      created_at: "2026-04-23T04:18:28Z"
+      enc: qaqhtBjwQ-12V7KhgV6E3oKfgFQxVRt4bMMMskN1jqNrV13QcqHoBPIJzVyqQVfDZ9nKqZxOXbOwyRapT9Y6DeSB5TVN9jGAeAmTSoPmRfb9JIVqfswKxTUV9RpjUJl3jI00Humq2wjgc9jrO7Ge7-ng_A7uo12TWqYf1CHZ0vdKxQb2oXVLFOet3ouMgwvTX7LET1HYR7J-wkXvq5MlUOAINvcG6_S2iW3VAT1xVQj_0o2qoYsudsSJfCDZzecgqRmzwZvZ6VUQvhHPJ96t9wfi08fH4oS4BBcdExRJgwqeBXhiJzTlee8lEyxlEfE6wVepdXttPXcahKPvGEKmOA
+  lastmodified: "2026-04-23T04:18:31Z"
+  mac: ENC[AES256_GCM,data:UNucWEOFST7Bktk/exAHVRXYaQvjueKG1TKib1b9pvI8uZoVhKJiOz+muBfdnIZjNAY+W1CovTMSSD+qlkq6nzBbtyRn+Y0akJW3Ej0tCyMurL33bZ8BoFmieWqSFx2+hyGOK+oYfCCjZvUEgJEiGhqktUChmiMELAcE/IrGgXY=,iv:fCSsNsvI7DZl/FoMlsndm5QhNWpjq/EbhbuX3vmQGH0=,tag:J42/fCZOo5E1nPvht12HpA==,type:str]
   unencrypted_suffix: _unencrypted
   version: 3.12.1