# Canonical single-repo image build template (tier 2). # Copy to: .forgejo/workflows/image.yaml and set IMAGE_NAME. # Requires org secrets: REGISTRY_USER, REGISTRY_TOKEN # Runner label: container-build (DinD sidecar on railiance01-build-01) name: Build and Publish Container Image on: push: branches: - main paths: - ".forgejo/workflows/image.yaml" - "Dockerfile" - "src/**" workflow_dispatch: env: REGISTRY: forgejo.coulomb.social # Set per repo, e.g. coulomb/key-cape IMAGE_NAME: coulomb/REPLACE_ME DOCKER_HOST: tcp://127.0.0.1:2375 jobs: build-and-push: runs-on: container-build steps: - name: Build and push image env: REGISTRY_USER: ${{ secrets.REGISTRY_USER }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} run: | set -eu REF="${GITHUB_SHA:-main}" mkdir -p buildctx "${HOME}/bin" wget -qO /tmp/repo.tar.gz \ "https://forgejo.coulomb.social/${GITHUB_REPOSITORY}/archive/${REF}.tar.gz" tar xzf /tmp/repo.tar.gz -C buildctx --strip-components=1 wget -qO- https://download.docker.com/linux/static/stable/x86_64/docker-27.3.1.tgz \ | tar xz --strip-components=1 -C "${HOME}/bin" docker/docker export PATH="${HOME}/bin:${PATH}" docker version echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY}" -u "${REGISTRY_USER}" --password-stdin SHORT="${REF:0:7}" IMAGE="${REGISTRY}/${IMAGE_NAME}" docker build -t "${IMAGE}:latest" -t "${IMAGE}:main-${SHORT}" buildctx docker push "${IMAGE}:latest" docker push "${IMAGE}:main-${SHORT}" echo "pushed ${IMAGE}:latest and ${IMAGE}:main-${SHORT}"