feat(ci): publish container images to Forgejo registry
Add image.yaml workflow targeting forgejo.coulomb.social; update Dockerfile for Forgejo PyPI secret names. Point pyproject issue-core index at Forgejo (uv.lock regen blocked until issue-core is published there).
This commit is contained in:
parent
1061f3ea3d
commit
050942ffc1
3 changed files with 73 additions and 14 deletions
59
.forgejo/workflows/image.yaml
Normal file
59
.forgejo/workflows/image.yaml
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
# Container image publish to forgejo.coulomb.social (RAILIANCE-WP-0014).
|
||||
# Org secrets: REGISTRY_USER, REGISTRY_TOKEN; optional FORGEJO_PYPI_USER, FORGEJO_PYPI_TOKEN
|
||||
name: Build and Publish Container Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- ".forgejo/workflows/image.yaml"
|
||||
- "Dockerfile"
|
||||
- "pyproject.toml"
|
||||
- "uv.lock"
|
||||
- "package.json"
|
||||
- "package-lock.json"
|
||||
- "vergabe_teilnahme/**"
|
||||
- "static/**"
|
||||
- "templates/**"
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
REGISTRY: forgejo.coulomb.social
|
||||
IMAGE_NAME: coulomb/vergabe-teilnahme
|
||||
DOCKER_HOST: tcp://127.0.0.1:2375
|
||||
|
||||
jobs:
|
||||
build-and-push:
|
||||
runs-on: container-build
|
||||
steps:
|
||||
- name: Build and push image
|
||||
env:
|
||||
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
||||
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
FORGEJO_PYPI_USER: ${{ secrets.FORGEJO_PYPI_USER }}
|
||||
FORGEJO_PYPI_TOKEN: ${{ secrets.FORGEJO_PYPI_TOKEN }}
|
||||
run: |
|
||||
set -eu
|
||||
REF="${GITHUB_SHA:-main}"
|
||||
SHORT="${REF:0:7}"
|
||||
mkdir -p buildctx "${HOME}/bin"
|
||||
wget -qO /tmp/repo.tar.gz \
|
||||
"https://forgejo.coulomb.social/${GITHUB_REPOSITORY}/archive/${SHORT}.tar.gz"
|
||||
tar xzf /tmp/repo.tar.gz -C buildctx --strip-components=1
|
||||
wget -qO- https://download.docker.com/linux/static/stable/x86_64/docker-27.3.1.tgz \
|
||||
| tar xz --strip-components=1 -C "${HOME}/bin" docker/docker
|
||||
export PATH="${HOME}/bin:${PATH}"
|
||||
echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY}" -u "${REGISTRY_USER}" --password-stdin
|
||||
IMAGE="${REGISTRY}/${IMAGE_NAME}"
|
||||
BUILD_ARGS=()
|
||||
if [ -n "${FORGEJO_PYPI_USER:-}" ] && [ -n "${FORGEJO_PYPI_TOKEN:-}" ]; then
|
||||
BUILD_ARGS+=(--secret "id=forgejo_pypi_user,env=FORGEJO_PYPI_USER")
|
||||
BUILD_ARGS+=(--secret "id=forgejo_pypi_password,env=FORGEJO_PYPI_TOKEN")
|
||||
fi
|
||||
docker build "${BUILD_ARGS[@]}" \
|
||||
-t "${IMAGE}:latest" -t "${IMAGE}:${SHORT}" -t "${IMAGE}:main-${SHORT}" buildctx
|
||||
docker push "${IMAGE}:latest"
|
||||
docker push "${IMAGE}:${SHORT}"
|
||||
docker push "${IMAGE}:main-${SHORT}"
|
||||
echo "pushed ${IMAGE}:latest ${IMAGE}:${SHORT}"
|
||||
22
Dockerfile
22
Dockerfile
|
|
@ -2,12 +2,12 @@
|
|||
#
|
||||
# Build:
|
||||
# docker build \
|
||||
# --secret id=gitea_pypi_user,env=GITEA_PYPI_USER \
|
||||
# --secret id=gitea_pypi_password,env=GITEA_PYPI_TOKEN \
|
||||
# -t gitea.coulomb.social/coulomb/vergabe-teilnahme:<tag> .
|
||||
# --secret id=forgejo_pypi_user,env=FORGEJO_PYPI_USER \
|
||||
# --secret id=forgejo_pypi_password,env=FORGEJO_PYPI_TOKEN \
|
||||
# -t forgejo.coulomb.social/coulomb/vergabe-teilnahme:<tag> .
|
||||
#
|
||||
# The optional secrets let uv authenticate to the Gitea Python package
|
||||
# registry when resolving issue-core.
|
||||
# Optional secrets authenticate to the Forgejo Python package registry
|
||||
# when resolving issue-core.
|
||||
|
||||
|
||||
# ─── Stage 1 ─── Vite + Tailwind asset build ────────────────────────────────
|
||||
|
|
@ -41,14 +41,14 @@ COPY --from=ghcr.io/astral-sh/uv:0.5.11 /uv /usr/local/bin/uv
|
|||
|
||||
WORKDIR /app
|
||||
COPY pyproject.toml uv.lock ./
|
||||
RUN --mount=type=secret,id=gitea_pypi_user,required=false \
|
||||
--mount=type=secret,id=gitea_pypi_password,required=false \
|
||||
RUN --mount=type=secret,id=forgejo_pypi_user,required=false \
|
||||
--mount=type=secret,id=forgejo_pypi_password,required=false \
|
||||
sh -eu -c '\
|
||||
if [ -f /run/secrets/gitea_pypi_user ]; then \
|
||||
export UV_INDEX_GITEA_USERNAME="$(cat /run/secrets/gitea_pypi_user)"; \
|
||||
if [ -f /run/secrets/forgejo_pypi_user ]; then \
|
||||
export UV_INDEX_FORGEJO_USERNAME="$(cat /run/secrets/forgejo_pypi_user)"; \
|
||||
fi; \
|
||||
if [ -f /run/secrets/gitea_pypi_password ]; then \
|
||||
export UV_INDEX_GITEA_PASSWORD="$(cat /run/secrets/gitea_pypi_password)"; \
|
||||
if [ -f /run/secrets/forgejo_pypi_password ]; then \
|
||||
export UV_INDEX_FORGEJO_PASSWORD="$(cat /run/secrets/forgejo_pypi_password)"; \
|
||||
fi; \
|
||||
uv sync --no-dev --no-install-project \
|
||||
'
|
||||
|
|
|
|||
|
|
@ -15,11 +15,11 @@ dependencies = [
|
|||
]
|
||||
|
||||
[tool.uv.sources]
|
||||
issue-core = { index = "gitea" }
|
||||
issue-core = { index = "forgejo" }
|
||||
|
||||
[[tool.uv.index]]
|
||||
name = "gitea"
|
||||
url = "https://gitea.coulomb.social/api/packages/coulomb/pypi/simple/"
|
||||
name = "forgejo"
|
||||
url = "https://forgejo.coulomb.social/api/packages/coulomb/pypi/simple/"
|
||||
explicit = true
|
||||
|
||||
[dependency-groups]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue