Wavyzz/ci-cd-workflows
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
estebanthi
2025-10-19 21:38:12 +02:00
commit d5c6a73112
4 changed files with 176 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
.idea
.secrets

3
README.md Normal file
View File

@@ -0,0 +1,3 @@
# ci-cd-workflows
Wavyzz collection of CI/CD workflows for various platforms and use cases.

90
workflows/docker-build-push/README.md Normal file
View File

@@ -0,0 +1,90 @@
# docker-build-push
This GitHub Actions workflow builds and pushes Docker images to a container registry.
It serves as a base workflow and is usable this way, but it may be customized depending on the exact use case.
## Use cases
### Build and push Docker images for CI/CD
This workflow can be used in CI/CD pipelines to automate the process of building and pushing Docker images whenever code is pushed to the repository or a pull request is created.
I use it with [watchtower](https://github.com/containrrr/watchtower) to automatically update running containers with the latest images.
### Build an upstream
You may want to build an upstream image from another repository and push it to your own container registry.
You can do this this by modifying the checkout step to pull from the external repository and pass the correct build context to the Docker build step.
```yaml
- name: Checkout external repository to ./external-src
uses: actions/checkout@v5
with:
repository: owner/repo-name
ref: main
server-url: ${{ github.server_url }}
path: external-src
fetch-depth: 0 # Fetch all history for all branches and tags
# ...
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ./external-src
# ...
```
### When SSH access is needed during build
If your Docker build process requires SSH access (for example, to clone private repositories), you can enable SSH agent, and configure the Docker build step to use it.
You will also need to change the Dockerfile to use the SSH mount.
```yaml
- name: Start ssh-agent
uses: https://github.com/webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY }}
# ...
- name: Build & push
uses: docker/build-push-action@v5
with:
ssh: default
build-args: |
GITEA_HOSTKEY=${{ secrets.SSH_GITEA_HOSTKEY }} # Pass host key as build-arg
```
And modify your Dockerfile like this:
```Dockerfile
# Install dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
git \
openssh-client \
ca-certificates \
libnss3 \
nss-plugin-pem \
libbrotli1 && \
rm -rf /var/lib/apt/lists/*
# Add Gitea host key to known_hosts
ARG GITEA_HOSTKEY
RUN set -eux; \
mkdir -p /etc/ssh; \
printf '%s\n' "$GITEA_HOSTKEY" > /etc/ssh/ssh_known_hosts; \
chmod 644 /etc/ssh/ssh_known_hosts; \
ssh-keygen -l -E sha256 -f /etc/ssh/ssh_known_hosts
# Clone private repository using SSH during build
RUN --mount=type=ssh git clone git@your-gitea-server:your-repo.git /path/to/destination
# You can do whatever you need with SSH by using the --mount=type=ssh flag
# RUN --mount=type=ssh \
# GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/etc/ssh/ssh_known_hosts' \
# pip install --no-cache-dir -r requirements.txt
```

81
workflows/docker-build-push/workflow.yml Normal file
View File

@@ -0,0 +1,81 @@
name: Build and Push Docker Image
on:
push:
branches:
- '*'
env:
REGISTRY_HOST: ${{ secrets.DOCKER_REGISTRY_HOST }}
REGISTRY_USER: ${{ secrets.DOCKER_REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.CI_GITEA_TOKEN }} # Required for Docker metadata extraction
IMAGE_NAME: "Wavyzz/myimage"
# CACHE_REF: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:buildcache # (Optional) for build cache
jobs:
build-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
# (Optional) checks if current branch is the default branch
- name: Define branch helpers
id: branch
run: |
DEFAULT="${{ github.event.repository.default_branch }}"
CURRENT="${{ github.ref_name }}"
if [ "$DEFAULT" = "$CURRENT" ]; then
echo "is_default_branch=true" >> $GITHUB_OUTPUT
else
echo "is_default_branch=false" >> $GITHUB_OUTPUT
fi
# (Optional) automatically extract tags and labels from git context
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ env.GITHUB_TOKEN }}
images: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha
type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }}
# (Optional) for multi-platform builds
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
# (Optional but recommended) for advanced builds
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with: # Adjust as needed
context: .
file: ./Dockerfile
push: true
# platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# cache-from: type=registry,ref=${{ env.CACHE_REF }}
# cache-to: type=registry,ref=${{ env.CACHE_REF }},mode=max
- name: Image details
run: |
echo "Image pushed: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}"
echo "Labels: ${{ steps.meta.outputs.labels }}"
echo "Tags: ${{ steps.meta.outputs.tags }}"
echo "Digest: ${{ steps.meta.outputs.digest }}"