Deployment

CI/CD

Continuous integration and release workflows for LAREX.

CI/CD

LAREX uses GitHub Actions workflows in .github/workflows/.

Workflows

WorkflowFilePurpose
CI.github/workflows/ci.ymlBuild/test checks on pushes and pull requests
Release.github/workflows/release.ymlVersioned release, image publishing, and version sync

CI Workflow (ci.yml)

Triggers

  • Push to main and dev
  • Pull requests targeting main

Jobs

  1. backend (Backend Tests)
  • Uses PostgreSQL 17-alpine service
  • Runs with JDK 21 (Temurin)
  • Executes ./gradlew test
  • Builds JAR via ./gradlew build -x test
  • Uploads backend test reports as artifact
  1. frontend (Frontend Checks)
  • Uses Node 20 + pnpm 10
  • Installs dependencies in frontend/
  • Runs pnpm build
  • Note: lint/typecheck steps are currently present but commented out in workflow
  1. keycloak-theme (Keycloak Theme Build)
  • Uses Node 20 + pnpm 10
  • Installs dependencies in keycloak-theme/
  • Runs pnpm run build-keycloak-theme
  • Uploads generated theme artifact (build_keycloak/)
  1. docker-build (PR-only build test)
  • Runs only on pull requests
  • Builds backend and frontend Docker images with Buildx
  • Does not push images

Release Workflow (release.yml)

Triggers

  • Push to main when VERSION changes
  • Manual dispatch (workflow_dispatch) with optional skip_tests

Pipeline

  1. version
  • Reads and normalizes VERSION
  • Exposes it as workflow output
  1. test
  • Reuses ci.yml
  • Skipped when skip_tests=true
  1. build-and-push
  • Builds and pushes backend/frontend images to ghcr.io
  • Runs after successful tests (or when tests are skipped manually)
  • Adds Docker metadata tags
  1. create-release
  • Creates GitHub release v<version>
  • Uses generated release notes
  1. sync-versions
  • Runs scripts/version-sync.sh
  • Commits and pushes version-sync changes if needed

Image Tags

Release images are tagged with Docker metadata rules, including:

  • <version>
  • <version>-<sha>
  • latest (default branch only)
  • sha-<sha>

Registry and Auth

  • Registry: ghcr.io
  • Authentication: GITHUB_TOKEN via docker/login-action

Local Validation

Useful local commands before pushing:

task test
task build

Next Steps

Copyright © 2026