From 25d3bb130f9a976650992dd9c2a122982c719529 Mon Sep 17 00:00:00 2001 From: estebanthi Date: Sun, 19 Oct 2025 21:36:22 +0200 Subject: [PATCH] Documented workflow --- Dockerfile | 29 ---- README.md | 3 + actions/docker-build-push/action.yml | 126 ------------------ workflows/docker-build-push/README.md | 90 +++++++++++++ workflows/docker-build-push/workflow.yml | 81 +++++++++++ .../upstream-docker-build-push/workflow.yml | 71 ---------- 6 files changed, 174 insertions(+), 226 deletions(-) delete mode 100644 Dockerfile delete mode 100644 actions/docker-build-push/action.yml create mode 100644 workflows/docker-build-push/README.md create mode 100644 workflows/docker-build-push/workflow.yml delete mode 100644 workflows/upstream-docker-build-push/workflow.yml diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 568ba63..0000000 --- a/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -# syntax=docker/dockerfile:1.6 - -# --- Build stage ------------------------------------------------------------ -FROM alpine:3.20 AS builder - -# Example: building a tiny binary (optional) -RUN apk add --no-cache bash curl - -WORKDIR /app -COPY . . - -# Just a placeholder “build” step -RUN echo "Building example project..." && \ - echo "version: $(date -u +%Y-%m-%dT%H:%M:%SZ)" > version.txt - -# --- Runtime stage ---------------------------------------------------------- -FROM alpine:3.20 - -LABEL org.opencontainers.image.title="CI/CD Test Image" \ - org.opencontainers.image.description="Sample image to test Gitea Actions Docker build & push workflow" \ - org.opencontainers.image.licenses="MIT" - -# Copy artifact from builder -COPY --from=builder /app/version.txt /usr/local/share/version.txt - -RUN apk add --no-cache bash curl && \ - echo "Hello from the test image" > /usr/local/share/message.txt - -ENTRYPOINT ["/bin/sh", "-c", "echo 'Container started ✅'; cat /usr/local/share/message.txt; cat /usr/local/share/version.txt"] diff --git a/README.md b/README.md index e69de29..4b7d546 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,3 @@ +# ci-cd-workflows + +Wavyzz collection of CI/CD workflows for various platforms and use cases. diff --git a/actions/docker-build-push/action.yml b/actions/docker-build-push/action.yml deleted file mode 100644 index 4d071d1..0000000 --- a/actions/docker-build-push/action.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: Build and Push Docker Image -description: > - A reusable GitHub Action to build and push Docker images to a specified container registry. -inputs: - registry: - description: 'Container registry host (e.g., ghcr.io, docker.io)' - required: true - username: - description: 'Username for the container registry' - required: true - password: - description: 'Password or token for the container registry' - required: true - image_name: - description: 'Name of the Docker image (e.g., myuser/myimage)' - required: true - context_path: - description: 'Path to the build context' - required: false - default: '.' - dockerfile_path: - description: 'Path to the Dockerfile' - required: false - default: './Dockerfile' - platforms: - description: 'Target platforms for the Docker image (e.g., linux/amd64,linux/arm64)' - required: false - default: 'linux/amd64' - cache_ref: - description: 'Reference for build cache' - required: false - default: '' - github_token: - description: 'GitHub token for metadata extraction' - required: true - repository_checkout: - description: 'Repository to checkout (if different from the current one)' - required: false - default: '' - ref_checkout: - description: 'Git ref (branch/tag/SHA) to checkout in the external repo' - required: false - default: '' - -runs: - using: "composite" - steps: - - name: Checkout external repository - if: ${{ inputs.repository_checkout != '' }} - uses: actions/checkout@v5 - with: - repository: ${{ inputs.repository_checkout }} - ref: ${{ inputs.ref_checkout != '' && inputs.ref_checkout || 'main' }} - server-url: ${{ github.server_url }} - path: external-src - fetch-depth: 0 - - - name: Checkout repository - if: ${{ inputs.repository_checkout == '' }} - uses: actions/checkout@v5 - with: - fetch-depth: 0 - - - name: Set build context path if remote specified else local - id: set-context - run: | - if [ "${{ inputs.repository_checkout }}" != "" ]; then - echo "context_path=external-src" >> $GITHUB_OUTPUT - else - echo "context_path=${{ inputs.context_path }}" >> $GITHUB_OUTPUT - fi - - - name: Define branch helpers - id: branch - run: | - DEFAULT="${{ github.event.repository.default_branch }}" - CURRENT="${{ github.ref_name }}" - if [ "$DEFAULT" = "$CURRENT" ]; then - echo "is_default_branch=true" >> $GITHUB_OUTPUT - else - echo "is_default_branch=false" >> $GITHUB_OUTPUT - fi - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - github-token: ${{ inputs.github_token }} - images: ${{ inputs.registry }}/${{ inputs.image_name }} - tags: | - type=ref,event=branch - type=ref,event=tag - type=sha - type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }} - - - name: Set up QEMU # for multi-platform builds - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx # for advanced builds - uses: docker/setup-buildx-action@v3 - - - name: Log in to registry - uses: docker/login-action@v3 - with: - registry: ${{ inputs.registry }} - username: ${{ inputs.username }} - password: ${{ inputs.password }} - - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: ${{ steps.set-context.outputs.context_path }} - file: ${{ inputs.dockerfile_path }} - push: true - platforms: ${{ inputs.platforms }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ inputs.cache_ref }} - cache-to: type=registry,ref=${{ inputs.cache_ref }},mode=max - - - name: Image details - run: | - echo "Image pushed: ${{ inputs.registry }}/${{ inputs.image_name }}" - echo "Labels: ${{ steps.meta.outputs.labels }}" - echo "Tags: ${{ steps.meta.outputs.tags }}" - echo "Digest: ${{ steps.meta.outputs.digest }}" diff --git a/workflows/docker-build-push/README.md b/workflows/docker-build-push/README.md new file mode 100644 index 0000000..5b7b96a --- /dev/null +++ b/workflows/docker-build-push/README.md @@ -0,0 +1,90 @@ +# docker-build-push + +This GitHub Actions workflow builds and pushes Docker images to a container registry. +It serves as a base workflow and is usable this way, but it may be customized depending on the exact use case. + +## Use cases + +### Build and push Docker images for CI/CD + +This workflow can be used in CI/CD pipelines to automate the process of building and pushing Docker images whenever code is pushed to the repository or a pull request is created. + +I use it with [watchtower](https://github.com/containrrr/watchtower) to automatically update running containers with the latest images. + +### Build an upstream + +You may want to build an upstream image from another repository and push it to your own container registry. +You can do this this by modifying the checkout step to pull from the external repository and pass the correct build context to the Docker build step. + +```yaml + - name: Checkout external repository to ./external-src + uses: actions/checkout@v5 + with: + repository: owner/repo-name + ref: main + server-url: ${{ github.server_url }} + path: external-src + fetch-depth: 0 # Fetch all history for all branches and tags + + # ... + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: ./external-src + + # ... + +``` + +### When SSH access is needed during build + +If your Docker build process requires SSH access (for example, to clone private repositories), you can enable SSH agent, and configure the Docker build step to use it. +You will also need to change the Dockerfile to use the SSH mount. + +```yaml + - name: Start ssh-agent + uses: https://github.com/webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY }} + + # ... + + - name: Build & push + uses: docker/build-push-action@v5 + with: + ssh: default + build-args: | + GITEA_HOSTKEY=${{ secrets.SSH_GITEA_HOSTKEY }} # Pass host key as build-arg +``` + +And modify your Dockerfile like this: + +```Dockerfile +# Install dependencies +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + git \ + openssh-client \ + ca-certificates \ + libnss3 \ + nss-plugin-pem \ + libbrotli1 && \ + rm -rf /var/lib/apt/lists/* + +# Add Gitea host key to known_hosts +ARG GITEA_HOSTKEY +RUN set -eux; \ + mkdir -p /etc/ssh; \ + printf '%s\n' "$GITEA_HOSTKEY" > /etc/ssh/ssh_known_hosts; \ + chmod 644 /etc/ssh/ssh_known_hosts; \ + ssh-keygen -l -E sha256 -f /etc/ssh/ssh_known_hosts + +# Clone private repository using SSH during build +RUN --mount=type=ssh git clone git@your-gitea-server:your-repo.git /path/to/destination + +# You can do whatever you need with SSH by using the --mount=type=ssh flag +# RUN --mount=type=ssh \ +# GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/etc/ssh/ssh_known_hosts' \ +# pip install --no-cache-dir -r requirements.txt +``` \ No newline at end of file diff --git a/workflows/docker-build-push/workflow.yml b/workflows/docker-build-push/workflow.yml new file mode 100644 index 0000000..4c480ff --- /dev/null +++ b/workflows/docker-build-push/workflow.yml @@ -0,0 +1,81 @@ +name: Build and Push Docker Image + +on: + push: + branches: + - '*' + +env: + REGISTRY_HOST: ${{ secrets.DOCKER_REGISTRY_HOST }} + REGISTRY_USER: ${{ secrets.DOCKER_REGISTRY_USER }} + REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} + GITHUB_TOKEN: ${{ secrets.CI_GITEA_TOKEN }} # Required for Docker metadata extraction + IMAGE_NAME: "Wavyzz/myimage" + # CACHE_REF: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:buildcache # (Optional) for build cache + +jobs: + build-push: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + # (Optional) checks if current branch is the default branch + - name: Define branch helpers + id: branch + run: | + DEFAULT="${{ github.event.repository.default_branch }}" + CURRENT="${{ github.ref_name }}" + if [ "$DEFAULT" = "$CURRENT" ]; then + echo "is_default_branch=true" >> $GITHUB_OUTPUT + else + echo "is_default_branch=false" >> $GITHUB_OUTPUT + fi + + # (Optional) automatically extract tags and labels from git context + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + github-token: ${{ env.GITHUB_TOKEN }} + images: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=tag + type=sha + type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }} + + # (Optional) for multi-platform builds + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + + # (Optional but recommended) for advanced builds + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY_HOST }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: # Adjust as needed + context: . + file: ./Dockerfile + push: true + # platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # cache-from: type=registry,ref=${{ env.CACHE_REF }} + # cache-to: type=registry,ref=${{ env.CACHE_REF }},mode=max + + - name: Image details + run: | + echo "Image pushed: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}" + echo "Labels: ${{ steps.meta.outputs.labels }}" + echo "Tags: ${{ steps.meta.outputs.tags }}" + echo "Digest: ${{ steps.meta.outputs.digest }}" diff --git a/workflows/upstream-docker-build-push/workflow.yml b/workflows/upstream-docker-build-push/workflow.yml deleted file mode 100644 index 794a454..0000000 --- a/workflows/upstream-docker-build-push/workflow.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: Build and Push Docker Image from External Repo - -on: - schedule: - - cron: "0 2 * * 0" # build periodically - workflow_dispatch: - inputs: - external_ref: - description: "Git ref (branch/tag/SHA) to build from in the external repo" - required: false - default: "master" - -env: - EXTERNAL_REPO: "Wavyzz/cf-bypass-fast" # owner/name of the other repo (in the same Gitea) - DEFAULT_EXTERNAL_REF: "master" # default branch/tag/SHA to build - IMAGE_NAME: "cf-bypass-fast" # final image name (tag appended later) - -jobs: - build: - runs-on: ubuntu-latest - - permissions: - contents: read - - steps: - - name: Checkout this repo (for context & scripts, optional) - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Checkout external repository to ./external-src - uses: actions/checkout@v4 - with: - repository: ${{ env.EXTERNAL_REPO }} - ref: ${{ github.event.inputs.external_ref || env.DEFAULT_EXTERNAL_REF }} - server-url: ${{ github.server_url }} - path: external-src - fetch-depth: 0 - - - name: Decide image tag - id: tag - shell: bash - run: | - if [[ -n "${{ github.event.inputs.image_tag }}" ]]; then - TAG="${{ github.event.inputs.image_tag }}" - else - TAG="latest" - fi - echo "tag=$TAG" >> "$GITHUB_OUTPUT" - - - name: Set up Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to registry - uses: docker/login-action@v3 - with: - registry: ${{ secrets.DOCKER_REGISTRY_HOST }} - username: ${{ secrets.DOCKER_REGISTRY_USER }} - password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - # Point to the external checkout dir - context: ./external-src - # If the Dockerfile isn't named 'Dockerfile' or isn't at repo root, set it explicitly: - # file: ./external-src/path/to/Dockerfile - push: true - tags: | - ${{ secrets.DOCKER_REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:${{ gitea.sha }} - ${{ secrets.DOCKER_REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} \ No newline at end of file