From 207585db757e61efad479971b23e4c2b54a8121b Mon Sep 17 00:00:00 2001
From: Noritaka IZUMI <38166104+noritakaIzumi@users.noreply.github.com>
Date: Mon, 4 Nov 2024 15:53:22 +0900
Subject: [PATCH] Publish action (#35)

## Description

Automatically deploy Docker image, pip package, docs after publishing
releases.

## Impact on users using Chronovoyage

Active update of the app.
---
 .github/workflows/publish-docker-image.yml    | 10 +++-
 .../{build-docs.yml => publish-docs.yml}      | 13 +++--
 .github/workflows/publish-pip-package.yml     | 32 +++++++++++++
 .github/workflows/publish.yml                 | 47 +++++++++++++------
 4 files changed, 79 insertions(+), 23 deletions(-)
 rename .github/workflows/{build-docs.yml => publish-docs.yml} (92%)
 create mode 100644 .github/workflows/publish-pip-package.yml

diff --git a/.github/workflows/publish-docker-image.yml b/.github/workflows/publish-docker-image.yml
index 8abd8e1..8d23609 100644
--- a/.github/workflows/publish-docker-image.yml
+++ b/.github/workflows/publish-docker-image.yml
@@ -1,7 +1,11 @@
 name: Publish Docker image
 
 on:
-  workflow_dispatch:
+  workflow_call:
+    inputs:
+      tag:
+        type: string
+        required: true
 
 env:
   REGISTRY: ghcr.io
@@ -36,6 +40,10 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=true
+          tags: |
+            type=raw,value=${{ inputs.tag }}
 
       - name: Build and push Docker image
         id: push
diff --git a/.github/workflows/build-docs.yml b/.github/workflows/publish-docs.yml
similarity index 92%
rename from .github/workflows/build-docs.yml
rename to .github/workflows/publish-docs.yml
index 03b9133..0f8ef30 100644
--- a/.github/workflows/build-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -1,11 +1,7 @@
-name: Build documentation
+name: Publish documentation
 
 on:
-  workflow_dispatch:
-
-permissions:
-  id-token: write
-  contents: read
+  workflow_call:
 
 env:
   INSTANCE: 'Writerside/cd'
@@ -55,7 +51,10 @@ jobs:
   deploy:
     env:
       AWS_REGION: 'us-east-1'
-      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+      BRANCH_NAME: main
+    permissions:
+      contents: read
+      id-token: write
     needs:
       - build
       - test
diff --git a/.github/workflows/publish-pip-package.yml b/.github/workflows/publish-pip-package.yml
new file mode 100644
index 0000000..70ffbb9
--- /dev/null
+++ b/.github/workflows/publish-pip-package.yml
@@ -0,0 +1,32 @@
+name: Publish Pip Package
+
+on:
+  workflow_call:
+    inputs:
+      tag:
+        type: string
+        required: true
+
+env:
+  app-name: "chronovoyage"
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Download assets
+        uses: robinraju/release-downloader@v1
+        with:
+          tag: ${{ inputs.tag }}
+          fileName: ${{ env.app-name }}-*
+          out-file-path: dist
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 0d53df5..dcb4964 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,26 +1,43 @@
 name: Publish to PyPI
 
 on:
-  workflow_dispatch:
+  release:
+    types:
+      - published
 
-permissions:
-  contents: read
+env:
+  app-name: "chronovoyage"
 
 jobs:
-  publish:
+  check-tag-name-exists:
     runs-on: ubuntu-latest
-    environment: release
-    permissions:
-      id-token: write
+    if: ${{ github.event.release.tag_name != '' }}
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+      - run: "true"
 
-      - name: Install Hatch
-        uses: pypa/hatch@install
+  publish-pip-package:
+    needs: check-tag-name-exists
+    uses: ./.github/workflows/publish-pip-package.yml
+    with:
+      tag: ${{ github.event.release.tag_name }}
+    permissions:
+      contents: read
+      id-token: write
 
-      - name: Build Package
-        run: hatch build -c
+  publish-docker-image:
+    needs: check-tag-name-exists
+    uses: ./.github/workflows/publish-docker-image.yml
+    with:
+      tag: ${{ github.event.release.tag_name }}
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
 
-      - name: Publish package distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+  publish-docs:
+    needs: check-tag-name-exists
+    uses: ./.github/workflows/publish-docs.yml
+    permissions:
+      contents: read
+      id-token: write