git-contribution-graph/.gitea/workflows/docker-publish.yml

# Builds and pushes a multi-arch Docker image to the Gitea container registry
# whenever a semver tag (v*.*.*) is pushed.
#
# One-time setup required:
#   1. Create a Gitea token with "package:write" scope.
#   2. Add it as a repository secret named GITEA_TOKEN
#      (Repository → Settings → Secrets → Actions).
#
# After a successful run the image is available at:
#   <your-gitea-host>/<owner>/<repo>:<version>

name: Docker Publish

on:
  push:
    tags:
      - 'v*.*.*'

jobs:
  build-push:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      # Strip the protocol from the server URL to get the registry hostname.
      # e.g. https://gitea.example.com → gitea.example.com
      - name: Derive registry hostname
        run: |
          echo "REGISTRY=$(echo '${{ gitea.server_url }}' | sed 's|https://||;s|http://||')" >> $GITHUB_ENV

      # Generates OCI-compliant tags and labels from the git tag.
      # v1.2.3 → image tags: 1.2.3 / 1.2 / 1
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ gitea.repository }}
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}

      # QEMU enables emulation of arm64 on the amd64 runner.
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      # BuildKit driver required for multi-platform builds and layer caching.
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Gitea registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ gitea.actor }}
          password: ${{ secrets.GITEA_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          # Registry-based layer cache — survives between runs without a separate cache store.
          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ gitea.repository }}:buildcache
          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ gitea.repository }}:buildcache,mode=max