Image-build: git clone + static docker-cli (T04 proof)
All checks were successful
Image Build Probe / image-build (push) Successful in 3s
/ probe (push) Successful in 0s
/ container-probe (push) Successful in 1s

This commit is contained in:
forgejo_admin 2026-07-03 22:45:18 +00:00
parent 2ec3466ab3
commit af685ba6fe

View file

@ -1,6 +1,10 @@
name: Image Build Probe name: Image Build Probe
on: on:
push:
paths:
- ".forgejo/workflows/image-build.yaml"
- "Dockerfile"
workflow_dispatch: workflow_dispatch:
env: env:
@ -12,20 +16,33 @@ jobs:
image-build: image-build:
runs-on: container-build runs-on: container-build
steps: steps:
- name: Build and push image (no checkout) - name: Build and push image
env: env:
REGISTRY_USER: ${{ secrets.REGISTRY_USER }} REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
run: | run: |
set -eux set -eu
mkdir -p "${HOME}/bin" buildctx apk add --no-cache git 2>/dev/null || true
if ! command -v git >/dev/null 2>&1; then
echo "git unavailable; using inline build context"
mkdir -p buildctx
echo forgejo-image-build-probe-ok > buildctx/probe.txt
printf 'FROM alpine:3.20\nCOPY probe.txt /\n' > buildctx/Dockerfile
else
git clone --depth 1 "https://forgejo.coulomb.social/${GITHUB_REPOSITORY}.git" buildctx
cd buildctx
fi
mkdir -p "${HOME}/bin"
wget -qO- https://download.docker.com/linux/static/stable/x86_64/docker-27.3.1.tgz | tar xz --strip-components=1 -C "${HOME}/bin" docker/docker wget -qO- https://download.docker.com/linux/static/stable/x86_64/docker-27.3.1.tgz | tar xz --strip-components=1 -C "${HOME}/bin" docker/docker
export PATH="${HOME}/bin:${PATH}" export PATH="${HOME}/bin:${PATH}"
docker version docker version
echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY}" -u "${REGISTRY_USER}" --password-stdin echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY}" -u "${REGISTRY_USER}" --password-stdin
echo forgejo-image-build-probe-ok > buildctx/probe.txt TAG="${GITHUB_SHA:-manual}"
printf 'FROM alpine:3.20\nCOPY probe.txt /\n' > buildctx/Dockerfile SHORT="${TAG:0:7}"
IMAGE="${REGISTRY}/${IMAGE_NAME}" IMAGE="${REGISTRY}/${IMAGE_NAME}"
docker build -t "${IMAGE}:dispatch-test" buildctx CTX="${PWD}"
docker push "${IMAGE}:dispatch-test" if [ -d buildctx ]; then CTX="${PWD}/buildctx"; fi
echo "pushed ${IMAGE}:dispatch-test" docker build -t "${IMAGE}:latest" -t "${IMAGE}:${SHORT}" "${CTX}"
docker push "${IMAGE}:latest"
docker push "${IMAGE}:${SHORT}"
echo "pushed ${IMAGE}:latest and ${IMAGE}:${SHORT}"