diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml new file mode 100644 index 0000000..a4c0bfe --- /dev/null +++ b/.gitea/workflows/build.yml @@ -0,0 +1,84 @@ +name: Build and Push + +on: + push: + branches: [main] + schedule: + - cron: '0 2 1 * *' + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 + + - name: Compute build metadata + id: meta + run: | + echo "build_date=$(date -u +%Y%m%d%H%M)" >> "$GITHUB_OUTPUT" + echo "tag_yymm=$(date -u +%y%m)" >> "$GITHUB_OUTPUT" + echo "git_commit=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" + echo "registry_host=$(echo '${{ github.server_url }}' | sed 's|https://||')" >> "$GITHUB_OUTPUT" + + # ── Always: login to Gitea (GITEA_TOKEN is auto-provided) ──────────────── + - name: Login to Gitea registry + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + with: + registry: ${{ steps.meta.outputs.registry_host }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITEA_TOKEN }} + + # ── Optional: login to Docker Hub when vars.DOCKER_USERNAME is configured ─ + # Login uses vars.DOCKER_USERNAME; secrets.DOCKER_PASSWORD is passed only + # via with: and never touches a shell. + - name: Login to Docker Hub + if: vars.DOCKER_USERNAME != '' + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + with: + username: ${{ vars.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + # ── Build once, push to all logged-in registries ───────────────────────── + # Image namespace uses vars.DOCKER_ORG when set, falls back to vars.DOCKER_USERNAME. + # yymm tag pushed first; latest pushed last so registries show :latest as current. + - name: Build and push + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ steps.meta.outputs.registry_host }}/${{ github.repository }}:${{ steps.meta.outputs.tag_yymm }} + ${{ vars.DOCKER_USERNAME != '' && format('{0}/{1}:{2}', vars.DOCKER_ORG || vars.DOCKER_USERNAME, github.event.repository.name, steps.meta.outputs.tag_yymm) || '' }} + ${{ steps.meta.outputs.registry_host }}/${{ github.repository }}:latest + ${{ vars.DOCKER_USERNAME != '' && format('{0}/{1}:{2}', vars.DOCKER_ORG || vars.DOCKER_USERNAME, github.event.repository.name, 'latest') || '' }} + build-args: | + BUILD_DATE=${{ steps.meta.outputs.build_date }} + GIT_COMMIT=${{ steps.meta.outputs.git_commit }} + BUILD_VERSION=${{ steps.meta.outputs.tag_yymm }} + annotations: | + org.opencontainers.image.created=${{ steps.meta.outputs.build_date }} + org.opencontainers.image.version=latest + org.opencontainers.image.revision=${{ steps.meta.outputs.git_commit }} + org.opencontainers.image.title=${{ github.event.repository.name }} + org.opencontainers.image.description=Containerized version of ${{ github.event.repository.name }} + org.opencontainers.image.vendor=CasjaysDev + org.opencontainers.image.authors=CasjaysDev + org.opencontainers.image.licenses=WTFPL + org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }} + org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} + org.opencontainers.image.documentation=${{ github.server_url }}/${{ github.repository }} + org.opencontainers.image.vcs-type=Git + com.github.containers.toolbox=false