Wavyzz/ci-workflows
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Documented workflow

Browse Source
This commit is contained in:
estebanthi
2025-10-19 21:36:22 +02:00
parent c0600e752d
commit 25d3bb130f
6 changed files with 174 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Dockerfile
View File

@@ -1,29 +0,0 @@
# syntax=docker/dockerfile:1.6
# --- Build stage ------------------------------------------------------------
FROM alpine:3.20 AS builder
# Example: building a tiny binary (optional)
RUN apk add --no-cache bash curl
WORKDIR /app
COPY . .
# Just a placeholder “build” step
RUN echo "Building example project..." && \
echo "version: $(date -u +%Y-%m-%dT%H:%M:%SZ)" > version.txt
# --- Runtime stage ----------------------------------------------------------
FROM alpine:3.20
LABEL org.opencontainers.image.title="CI/CD Test Image" \
org.opencontainers.image.description="Sample image to test Gitea Actions Docker build & push workflow" \
org.opencontainers.image.licenses="MIT"
# Copy artifact from builder
COPY --from=builder /app/version.txt /usr/local/share/version.txt
RUN apk add --no-cache bash curl && \
echo "Hello from the test image" > /usr/local/share/message.txt
ENTRYPOINT ["/bin/sh", "-c", "echo 'Container started ✅'; cat /usr/local/share/message.txt; cat /usr/local/share/version.txt"]

3
README.md
View File

@@ -0,0 +1,3 @@
# ci-cd-workflows
Wavyzz collection of CI/CD workflows for various platforms and use cases.

126
actions/docker-build-push/action.yml
View File

@@ -1,126 +0,0 @@
name: Build and Push Docker Image
description: >
A reusable GitHub Action to build and push Docker images to a specified container registry.
inputs:
registry:
description: 'Container registry host (e.g., ghcr.io, docker.io)'
required: true
username:
description: 'Username for the container registry'
required: true
password:
description: 'Password or token for the container registry'
required: true
image_name:
description: 'Name of the Docker image (e.g., myuser/myimage)'
required: true
context_path:
description: 'Path to the build context'
required: false
default: '.'
dockerfile_path:
description: 'Path to the Dockerfile'
required: false
default: './Dockerfile'
platforms:
description: 'Target platforms for the Docker image (e.g., linux/amd64,linux/arm64)'
required: false
default: 'linux/amd64'
cache_ref:
description: 'Reference for build cache'
required: false
default: ''
github_token:
description: 'GitHub token for metadata extraction'
required: true
repository_checkout:
description: 'Repository to checkout (if different from the current one)'
required: false
default: ''
ref_checkout:
description: 'Git ref (branch/tag/SHA) to checkout in the external repo'
required: false
default: ''
runs:
using: "composite"
steps:
- name: Checkout external repository
if: ${{ inputs.repository_checkout != '' }}
uses: actions/checkout@v5
with:
repository: ${{ inputs.repository_checkout }}
ref: ${{ inputs.ref_checkout != '' && inputs.ref_checkout || 'main' }}
server-url: ${{ github.server_url }}
path: external-src
fetch-depth: 0
- name: Checkout repository
if: ${{ inputs.repository_checkout == '' }}
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set build context path if remote specified else local
id: set-context
run: |
if [ "${{ inputs.repository_checkout }}" != "" ]; then
echo "context_path=external-src" >> $GITHUB_OUTPUT
else
echo "context_path=${{ inputs.context_path }}" >> $GITHUB_OUTPUT
fi
- name: Define branch helpers
id: branch
run: |
DEFAULT="${{ github.event.repository.default_branch }}"
CURRENT="${{ github.ref_name }}"
if [ "$DEFAULT" = "$CURRENT" ]; then
echo "is_default_branch=true" >> $GITHUB_OUTPUT
else
echo "is_default_branch=false" >> $GITHUB_OUTPUT
fi
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ inputs.github_token }}
images: ${{ inputs.registry }}/${{ inputs.image_name }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha
type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }}
- name: Set up QEMU # for multi-platform builds
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx # for advanced builds
uses: docker/setup-buildx-action@v3
- name: Log in to registry
uses: docker/login-action@v3
with:
registry: ${{ inputs.registry }}
username: ${{ inputs.username }}
password: ${{ inputs.password }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ${{ steps.set-context.outputs.context_path }}
file: ${{ inputs.dockerfile_path }}
push: true
platforms: ${{ inputs.platforms }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ inputs.cache_ref }}
cache-to: type=registry,ref=${{ inputs.cache_ref }},mode=max
- name: Image details
run: |
echo "Image pushed: ${{ inputs.registry }}/${{ inputs.image_name }}"
echo "Labels: ${{ steps.meta.outputs.labels }}"
echo "Tags: ${{ steps.meta.outputs.tags }}"
echo "Digest: ${{ steps.meta.outputs.digest }}"

90
workflows/docker-build-push/README.md Normal file
View File

@@ -0,0 +1,90 @@
# docker-build-push
This GitHub Actions workflow builds and pushes Docker images to a container registry.
It serves as a base workflow and is usable this way, but it may be customized depending on the exact use case.
## Use cases
### Build and push Docker images for CI/CD
This workflow can be used in CI/CD pipelines to automate the process of building and pushing Docker images whenever code is pushed to the repository or a pull request is created.
I use it with [watchtower](https://github.com/containrrr/watchtower) to automatically update running containers with the latest images.
### Build an upstream
You may want to build an upstream image from another repository and push it to your own container registry.
You can do this this by modifying the checkout step to pull from the external repository and pass the correct build context to the Docker build step.
```yaml
- name: Checkout external repository to ./external-src
uses: actions/checkout@v5
with:
repository: owner/repo-name
ref: main
server-url: ${{ github.server_url }}
path: external-src
fetch-depth: 0 # Fetch all history for all branches and tags
# ...
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ./external-src
# ...
```
### When SSH access is needed during build
If your Docker build process requires SSH access (for example, to clone private repositories), you can enable SSH agent, and configure the Docker build step to use it.
You will also need to change the Dockerfile to use the SSH mount.
```yaml
- name: Start ssh-agent
uses: https://github.com/webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY }}
# ...
- name: Build & push
uses: docker/build-push-action@v5
with:
ssh: default
build-args: |
GITEA_HOSTKEY=${{ secrets.SSH_GITEA_HOSTKEY }} # Pass host key as build-arg
```
And modify your Dockerfile like this:
```Dockerfile
# Install dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
git \
openssh-client \
ca-certificates \
libnss3 \
nss-plugin-pem \
libbrotli1 && \
rm -rf /var/lib/apt/lists/*
# Add Gitea host key to known_hosts
ARG GITEA_HOSTKEY
RUN set -eux; \
mkdir -p /etc/ssh; \
printf '%s\n' "$GITEA_HOSTKEY" > /etc/ssh/ssh_known_hosts; \
chmod 644 /etc/ssh/ssh_known_hosts; \
ssh-keygen -l -E sha256 -f /etc/ssh/ssh_known_hosts
# Clone private repository using SSH during build
RUN --mount=type=ssh git clone git@your-gitea-server:your-repo.git /path/to/destination
# You can do whatever you need with SSH by using the --mount=type=ssh flag
# RUN --mount=type=ssh \
# GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/etc/ssh/ssh_known_hosts' \
# pip install --no-cache-dir -r requirements.txt
```

81
workflows/docker-build-push/workflow.yml Normal file
View File

@@ -0,0 +1,81 @@
name: Build and Push Docker Image
on:
push:
branches:
- '*'
env:
REGISTRY_HOST: ${{ secrets.DOCKER_REGISTRY_HOST }}
REGISTRY_USER: ${{ secrets.DOCKER_REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.CI_GITEA_TOKEN }} # Required for Docker metadata extraction
IMAGE_NAME: "Wavyzz/myimage"
# CACHE_REF: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:buildcache # (Optional) for build cache
jobs:
build-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
# (Optional) checks if current branch is the default branch
- name: Define branch helpers
id: branch
run: |
DEFAULT="${{ github.event.repository.default_branch }}"
CURRENT="${{ github.ref_name }}"
if [ "$DEFAULT" = "$CURRENT" ]; then
echo "is_default_branch=true" >> $GITHUB_OUTPUT
else
echo "is_default_branch=false" >> $GITHUB_OUTPUT
fi
# (Optional) automatically extract tags and labels from git context
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ env.GITHUB_TOKEN }}
images: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha
type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }}
# (Optional) for multi-platform builds
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
# (Optional but recommended) for advanced builds
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with: # Adjust as needed
context: .
file: ./Dockerfile
push: true
# platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# cache-from: type=registry,ref=${{ env.CACHE_REF }}
# cache-to: type=registry,ref=${{ env.CACHE_REF }},mode=max
- name: Image details
run: |
echo "Image pushed: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}"
echo "Labels: ${{ steps.meta.outputs.labels }}"
echo "Tags: ${{ steps.meta.outputs.tags }}"
echo "Digest: ${{ steps.meta.outputs.digest }}"

71
workflows/upstream-docker-build-push/workflow.yml
View File

@@ -1,71 +0,0 @@
name: Build and Push Docker Image from External Repo
on:
schedule:
- cron: "0 2 * * 0" # build periodically
workflow_dispatch:
inputs:
external_ref:
description: "Git ref (branch/tag/SHA) to build from in the external repo"
required: false
default: "master"
env:
EXTERNAL_REPO: "Wavyzz/cf-bypass-fast" # owner/name of the other repo (in the same Gitea)
DEFAULT_EXTERNAL_REF: "master" # default branch/tag/SHA to build
IMAGE_NAME: "cf-bypass-fast" # final image name (tag appended later)
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout this repo (for context & scripts, optional)
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout external repository to ./external-src
uses: actions/checkout@v4
with:
repository: ${{ env.EXTERNAL_REPO }}
ref: ${{ github.event.inputs.external_ref || env.DEFAULT_EXTERNAL_REF }}
server-url: ${{ github.server_url }}
path: external-src
fetch-depth: 0
- name: Decide image tag
id: tag
shell: bash
run: |
if [[ -n "${{ github.event.inputs.image_tag }}" ]]; then
TAG="${{ github.event.inputs.image_tag }}"
else
TAG="latest"
fi
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
- name: Set up Buildx
uses: docker/setup-buildx-action@v3
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY_HOST }}
username: ${{ secrets.DOCKER_REGISTRY_USER }}
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
# Point to the external checkout dir
context: ./external-src
# If the Dockerfile isn't named 'Dockerfile' or isn't at repo root, set it explicitly:
# file: ./external-src/path/to/Dockerfile
push: true
tags: |
${{ secrets.DOCKER_REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:${{ gitea.sha }}
${{ secrets.DOCKER_REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}