89 lines
3.2 KiB
YAML
89 lines
3.2 KiB
YAML
# Builds and pushes a multi-arch Docker image to the Gitea container registry.
|
|
# Triggered manually via workflow_dispatch — enter an existing semver tag (e.g. 1.2.3)
|
|
# in the "Release tag" input. The workflow will fail early if the tag does not exist.
|
|
#
|
|
# Requires a repository secret REGISTRY_TOKEN — a Gitea PAT with write:package scope.
|
|
# Create it at: Settings → Applications → Generate Token (scope: write:package)
|
|
# Then add it: Repository → Settings → Secrets → Actions → REGISTRY_TOKEN
|
|
#
|
|
# After a successful run the image is available at:
|
|
# <your-gitea-host>/<owner>/<repo>:<version>
|
|
|
|
name: Docker Publish
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: 'Release tag (semver, e.g. 1.2.3)'
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
build-push:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
packages: write
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Validate tag exists
|
|
run: |
|
|
if ! git rev-parse "refs/tags/${{ inputs.tag }}" >/dev/null 2>&1; then
|
|
echo "Error: tag '${{ inputs.tag }}' does not exist in this repository."
|
|
exit 1
|
|
fi
|
|
git checkout "refs/tags/${{ inputs.tag }}"
|
|
|
|
# Strip the protocol from the server URL to get the registry hostname.
|
|
# e.g. https://gitea.example.com → gitea.example.com
|
|
- name: Derive registry hostname
|
|
run: |
|
|
echo "REGISTRY=$(echo '${{ gitea.server_url }}' | sed 's|https://||;s|http://||')" >> $GITHUB_ENV
|
|
|
|
# Generates OCI-compliant tags and labels from the provided release tag.
|
|
# 1.2.3 → image tags: 1.2.3 / 1.2 / 1
|
|
- name: Extract Docker metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ gitea.repository }}
|
|
tags: |
|
|
type=semver,pattern={{version}},value=${{ inputs.tag }}
|
|
type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag }}
|
|
type=semver,pattern={{major}},value=${{ inputs.tag }}
|
|
labels: |
|
|
org.opencontainers.image.source=${{ gitea.server_url }}/${{ gitea.repository }}
|
|
|
|
# QEMU enables emulation of arm64 on the amd64 runner.
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
# BuildKit driver required for multi-platform builds and layer caching.
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Gitea registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ gitea.actor }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
# Registry-based layer cache — survives between runs without a separate cache store.
|
|
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ gitea.repository }}:buildcache
|
|
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ gitea.repository }}:buildcache,mode=max
|