name: Build and Push Docker Image on: push: branches: [ main, master ] tags: [ 'v*', 'release-*' ] workflow_dispatch: {} env: DOCKERFILE: Dockerfile jobs: docker: runs-on: docker container: image: docker:27-cli env: DOCKER_HOST: tcp://docker:2375 DOCKER_TLS_CERTDIR: "" DOCKER_BUILDKIT: "1" services: docker: image: docker:27-dind options: --privileged env: DOCKER_TLS_CERTDIR: "" steps: - name: Checkout (git) env: GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | set -eu apk add --no-cache git ca-certificates REF="$GITHUB_REF" REPO_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" if echo "$REF" | grep -q '^refs/heads/'; then NAME=${REF#refs/heads/} git -c http.extraHeader="Authorization: Bearer $GITEA_TOKEN" clone --depth 1 --branch "$NAME" "$REPO_URL" . elif echo "$REF" | grep -q '^refs/tags/'; then NAME=${REF#refs/tags/} git -c http.extraHeader="Authorization: Bearer $GITEA_TOKEN" clone --depth 1 --branch "$NAME" "$REPO_URL" . else git -c http.extraHeader="Authorization: Bearer $GITEA_TOKEN" clone --depth 1 "$REPO_URL" . git fetch --depth 1 origin "$GITHUB_SHA" git checkout --detach "$GITHUB_SHA" fi - name: Define Registry Variables id: vars env: IMAGE_NAME_VAR: ${{ vars.IMAGE_NAME }} GITEA_REGISTRY_VAR: ${{ vars.GITEA_REGISTRY }} run: | set -eu # Derive registry/namespace/image from environment provided by runner # GITHUB_REPOSITORY is like "owner/repo" OWNER=${GITHUB_REPOSITORY%%/*} REPO=${GITHUB_REPOSITORY#*/} OWNER=$(echo "$OWNER" | tr '[:upper:]' '[:lower:]') REPO=$(echo "$REPO" | tr '[:upper:]' '[:lower:]') # Allow overriding image name via repository variable IMAGE_NAME; default to repo name IMAGE_NAME="$IMAGE_NAME_VAR" if [ -z "$IMAGE_NAME" ]; then IMAGE_NAME="$REPO"; fi IMAGE_NAME=$(echo "$IMAGE_NAME" | tr '[:upper:]' '[:lower:]') # Prefer explicit var GITEA_REGISTRY; else, use the same host as server URL if [ -n "${GITEA_REGISTRY_VAR:-}" ]; then REGISTRY="$GITEA_REGISTRY_VAR" else # GITHUB_SERVER_URL like https://gitea.example.com REGISTRY=$(echo "$GITHUB_SERVER_URL" | sed -E 's#^https?://##; s#/$##') fi echo "registry=$REGISTRY" >> "$GITHUB_OUTPUT" echo "owner=$OWNER" >> "$GITHUB_OUTPUT" echo "image=$IMAGE_NAME" >> "$GITHUB_OUTPUT" - name: Compute Tags id: tags env: REGISTRY: ${{ steps.vars.outputs.registry }} OWNER: ${{ steps.vars.outputs.owner }} IMAGE: ${{ steps.vars.outputs.image }} run: | set -eu IMAGE_FULL="$REGISTRY/$OWNER/$IMAGE" REF="$GITHUB_REF" SHA_SHORT=$(echo "$GITHUB_SHA" | cut -c1-8) TAGS="" case "$REF" in refs/heads/*) BRANCH=${REF#refs/heads/} # latest for main/master if [ "$BRANCH" = "main" ] || [ "$BRANCH" = "master" ]; then TAGS="${TAGS} latest" fi # branch tag SAFE_BRANCH=$(echo "$BRANCH" | tr '/' '-' ) TAGS="${TAGS} ${SAFE_BRANCH}" ;; refs/tags/*) TAG=${REF#refs/tags/} TAGS="${TAGS} ${TAG}" ;; esac # always include short sha TAGS="${TAGS} ${SHA_SHORT}" # Build -t args TAG_ARGS="" for t in $TAGS; do TAG_ARGS="$TAG_ARGS -t $IMAGE_FULL:$t" done echo "image_full=$IMAGE_FULL" >> "$GITHUB_OUTPUT" echo "tag_args=$TAG_ARGS" >> "$GITHUB_OUTPUT" - name: Log in to Gitea Registry env: REGISTRY: ${{ steps.vars.outputs.registry }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} run: | set -eu USER_NAME="${REGISTRY_USERNAME:-$GITHUB_ACTOR}" echo "Logging into $REGISTRY as $USER_NAME" echo "${{ secrets.GITEA_TOKEN }}" | docker login "$REGISTRY" -u "$USER_NAME" --password-stdin - name: Ensure buildx builder run: | set -eu docker buildx inspect dindbuilder >/dev/null 2>&1 || docker buildx create --name dindbuilder --driver docker-container --use - name: Build and push (linux/amd64) env: DOCKERFILE: ${{ env.DOCKERFILE }} IMAGE_FULL: ${{ steps.tags.outputs.image_full }} TAG_ARGS: ${{ steps.tags.outputs.tag_args }} run: | set -eu echo "Building $IMAGE_FULL with tags: $TAG_ARGS" docker buildx build \ --platform linux/amd64 \ -f "$DOCKERFILE" \ $TAG_ARGS \ --cache-from type=registry,ref="$IMAGE_FULL:buildcache" \ --cache-to type=registry,ref="$IMAGE_FULL:buildcache",mode=max \ --push \ .