feat(ci): publish container images to Forgejo registry
Add image.yaml workflow targeting forgejo.coulomb.social; update Dockerfile for Forgejo PyPI secret names. Point pyproject issue-core index at Forgejo (uv.lock regen blocked until issue-core is published there).
This commit is contained in:
parent
1061f3ea3d
commit
050942ffc1
3 changed files with 73 additions and 14 deletions
59
.forgejo/workflows/image.yaml
Normal file
59
.forgejo/workflows/image.yaml
Normal file
|
|
@ -0,0 +1,59 @@
|
||||||
|
# Container image publish to forgejo.coulomb.social (RAILIANCE-WP-0014).
|
||||||
|
# Org secrets: REGISTRY_USER, REGISTRY_TOKEN; optional FORGEJO_PYPI_USER, FORGEJO_PYPI_TOKEN
|
||||||
|
name: Build and Publish Container Image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- ".forgejo/workflows/image.yaml"
|
||||||
|
- "Dockerfile"
|
||||||
|
- "pyproject.toml"
|
||||||
|
- "uv.lock"
|
||||||
|
- "package.json"
|
||||||
|
- "package-lock.json"
|
||||||
|
- "vergabe_teilnahme/**"
|
||||||
|
- "static/**"
|
||||||
|
- "templates/**"
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
env:
|
||||||
|
REGISTRY: forgejo.coulomb.social
|
||||||
|
IMAGE_NAME: coulomb/vergabe-teilnahme
|
||||||
|
DOCKER_HOST: tcp://127.0.0.1:2375
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-and-push:
|
||||||
|
runs-on: container-build
|
||||||
|
steps:
|
||||||
|
- name: Build and push image
|
||||||
|
env:
|
||||||
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
||||||
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
FORGEJO_PYPI_USER: ${{ secrets.FORGEJO_PYPI_USER }}
|
||||||
|
FORGEJO_PYPI_TOKEN: ${{ secrets.FORGEJO_PYPI_TOKEN }}
|
||||||
|
run: |
|
||||||
|
set -eu
|
||||||
|
REF="${GITHUB_SHA:-main}"
|
||||||
|
SHORT="${REF:0:7}"
|
||||||
|
mkdir -p buildctx "${HOME}/bin"
|
||||||
|
wget -qO /tmp/repo.tar.gz \
|
||||||
|
"https://forgejo.coulomb.social/${GITHUB_REPOSITORY}/archive/${SHORT}.tar.gz"
|
||||||
|
tar xzf /tmp/repo.tar.gz -C buildctx --strip-components=1
|
||||||
|
wget -qO- https://download.docker.com/linux/static/stable/x86_64/docker-27.3.1.tgz \
|
||||||
|
| tar xz --strip-components=1 -C "${HOME}/bin" docker/docker
|
||||||
|
export PATH="${HOME}/bin:${PATH}"
|
||||||
|
echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY}" -u "${REGISTRY_USER}" --password-stdin
|
||||||
|
IMAGE="${REGISTRY}/${IMAGE_NAME}"
|
||||||
|
BUILD_ARGS=()
|
||||||
|
if [ -n "${FORGEJO_PYPI_USER:-}" ] && [ -n "${FORGEJO_PYPI_TOKEN:-}" ]; then
|
||||||
|
BUILD_ARGS+=(--secret "id=forgejo_pypi_user,env=FORGEJO_PYPI_USER")
|
||||||
|
BUILD_ARGS+=(--secret "id=forgejo_pypi_password,env=FORGEJO_PYPI_TOKEN")
|
||||||
|
fi
|
||||||
|
docker build "${BUILD_ARGS[@]}" \
|
||||||
|
-t "${IMAGE}:latest" -t "${IMAGE}:${SHORT}" -t "${IMAGE}:main-${SHORT}" buildctx
|
||||||
|
docker push "${IMAGE}:latest"
|
||||||
|
docker push "${IMAGE}:${SHORT}"
|
||||||
|
docker push "${IMAGE}:main-${SHORT}"
|
||||||
|
echo "pushed ${IMAGE}:latest ${IMAGE}:${SHORT}"
|
||||||
22
Dockerfile
22
Dockerfile
|
|
@ -2,12 +2,12 @@
|
||||||
#
|
#
|
||||||
# Build:
|
# Build:
|
||||||
# docker build \
|
# docker build \
|
||||||
# --secret id=gitea_pypi_user,env=GITEA_PYPI_USER \
|
# --secret id=forgejo_pypi_user,env=FORGEJO_PYPI_USER \
|
||||||
# --secret id=gitea_pypi_password,env=GITEA_PYPI_TOKEN \
|
# --secret id=forgejo_pypi_password,env=FORGEJO_PYPI_TOKEN \
|
||||||
# -t gitea.coulomb.social/coulomb/vergabe-teilnahme:<tag> .
|
# -t forgejo.coulomb.social/coulomb/vergabe-teilnahme:<tag> .
|
||||||
#
|
#
|
||||||
# The optional secrets let uv authenticate to the Gitea Python package
|
# Optional secrets authenticate to the Forgejo Python package registry
|
||||||
# registry when resolving issue-core.
|
# when resolving issue-core.
|
||||||
|
|
||||||
|
|
||||||
# ─── Stage 1 ─── Vite + Tailwind asset build ────────────────────────────────
|
# ─── Stage 1 ─── Vite + Tailwind asset build ────────────────────────────────
|
||||||
|
|
@ -41,14 +41,14 @@ COPY --from=ghcr.io/astral-sh/uv:0.5.11 /uv /usr/local/bin/uv
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY pyproject.toml uv.lock ./
|
COPY pyproject.toml uv.lock ./
|
||||||
RUN --mount=type=secret,id=gitea_pypi_user,required=false \
|
RUN --mount=type=secret,id=forgejo_pypi_user,required=false \
|
||||||
--mount=type=secret,id=gitea_pypi_password,required=false \
|
--mount=type=secret,id=forgejo_pypi_password,required=false \
|
||||||
sh -eu -c '\
|
sh -eu -c '\
|
||||||
if [ -f /run/secrets/gitea_pypi_user ]; then \
|
if [ -f /run/secrets/forgejo_pypi_user ]; then \
|
||||||
export UV_INDEX_GITEA_USERNAME="$(cat /run/secrets/gitea_pypi_user)"; \
|
export UV_INDEX_FORGEJO_USERNAME="$(cat /run/secrets/forgejo_pypi_user)"; \
|
||||||
fi; \
|
fi; \
|
||||||
if [ -f /run/secrets/gitea_pypi_password ]; then \
|
if [ -f /run/secrets/forgejo_pypi_password ]; then \
|
||||||
export UV_INDEX_GITEA_PASSWORD="$(cat /run/secrets/gitea_pypi_password)"; \
|
export UV_INDEX_FORGEJO_PASSWORD="$(cat /run/secrets/forgejo_pypi_password)"; \
|
||||||
fi; \
|
fi; \
|
||||||
uv sync --no-dev --no-install-project \
|
uv sync --no-dev --no-install-project \
|
||||||
'
|
'
|
||||||
|
|
|
||||||
|
|
@ -15,11 +15,11 @@ dependencies = [
|
||||||
]
|
]
|
||||||
|
|
||||||
[tool.uv.sources]
|
[tool.uv.sources]
|
||||||
issue-core = { index = "gitea" }
|
issue-core = { index = "forgejo" }
|
||||||
|
|
||||||
[[tool.uv.index]]
|
[[tool.uv.index]]
|
||||||
name = "gitea"
|
name = "forgejo"
|
||||||
url = "https://gitea.coulomb.social/api/packages/coulomb/pypi/simple/"
|
url = "https://forgejo.coulomb.social/api/packages/coulomb/pypi/simple/"
|
||||||
explicit = true
|
explicit = true
|
||||||
|
|
||||||
[dependency-groups]
|
[dependency-groups]
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue