From d5c6a731121a99a86437fb324e3be3fef84c3a96 Mon Sep 17 00:00:00 2001
From: estebanthi <esteban.thilliez@gmail.com>
Date: Sun, 19 Oct 2025 21:38:12 +0200
Subject: [PATCH] Initial commit

---
 .gitignore                               |  2 +
 README.md                                |  3 +
 workflows/docker-build-push/README.md    | 90 ++++++++++++++++++++++++
 workflows/docker-build-push/workflow.yml | 81 +++++++++++++++++++++
 4 files changed, 176 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 workflows/docker-build-push/README.md
 create mode 100644 workflows/docker-build-push/workflow.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..293b497
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.idea
+.secrets
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..4b7d546
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# ci-cd-workflows
+
+Wavyzz collection of CI/CD workflows for various platforms and use cases.
diff --git a/workflows/docker-build-push/README.md b/workflows/docker-build-push/README.md
new file mode 100644
index 0000000..5b7b96a
--- /dev/null
+++ b/workflows/docker-build-push/README.md
@@ -0,0 +1,90 @@
+# docker-build-push
+
+This GitHub Actions workflow builds and pushes Docker images to a container registry.
+It serves as a base workflow and is usable this way, but it may be customized depending on the exact use case.
+
+## Use cases
+
+### Build and push Docker images for CI/CD
+
+This workflow can be used in CI/CD pipelines to automate the process of building and pushing Docker images whenever code is pushed to the repository or a pull request is created.
+
+I use it with [watchtower](https://github.com/containrrr/watchtower) to automatically update running containers with the latest images.
+
+### Build an upstream
+
+You may want to build an upstream image from another repository and push it to your own container registry.
+You can do this this by modifying the checkout step to pull from the external repository and pass the correct build context to the Docker build step.
+
+```yaml
+      - name: Checkout external repository to ./external-src
+        uses: actions/checkout@v5
+        with:
+          repository: owner/repo-name
+          ref: main
+          server-url: ${{ github.server_url }}
+          path: external-src
+          fetch-depth: 0  # Fetch all history for all branches and tags
+
+      # ...
+      
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./external-src
+      
+      # ...
+
+```
+
+### When SSH access is needed during build
+
+If your Docker build process requires SSH access (for example, to clone private repositories), you can enable SSH agent, and configure the Docker build step to use it.
+You will also need to change the Dockerfile to use the SSH mount.
+
+```yaml
+      - name: Start ssh-agent
+        uses: https://github.com/webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY }}
+
+      # ...
+      
+      - name: Build & push
+        uses: docker/build-push-action@v5
+        with:
+          ssh: default
+          build-args: |
+            GITEA_HOSTKEY=${{ secrets.SSH_GITEA_HOSTKEY }}  # Pass host key as build-arg
+```
+
+And modify your Dockerfile like this:
+
+```Dockerfile
+# Install dependencies
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        git \
+        openssh-client \
+        ca-certificates \
+        libnss3 \
+        nss-plugin-pem \
+        libbrotli1 && \
+    rm -rf /var/lib/apt/lists/*
+
+# Add Gitea host key to known_hosts
+ARG GITEA_HOSTKEY
+RUN set -eux; \
+    mkdir -p /etc/ssh; \
+    printf '%s\n' "$GITEA_HOSTKEY" > /etc/ssh/ssh_known_hosts; \
+    chmod 644 /etc/ssh/ssh_known_hosts; \
+    ssh-keygen -l -E sha256 -f /etc/ssh/ssh_known_hosts
+
+# Clone private repository using SSH during build
+RUN --mount=type=ssh git clone git@your-gitea-server:your-repo.git /path/to/destination
+
+# You can do whatever you need with SSH by using the --mount=type=ssh flag
+# RUN --mount=type=ssh \
+#     GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/etc/ssh/ssh_known_hosts' \
+#     pip install --no-cache-dir -r requirements.txt
+```
\ No newline at end of file
diff --git a/workflows/docker-build-push/workflow.yml b/workflows/docker-build-push/workflow.yml
new file mode 100644
index 0000000..4c480ff
--- /dev/null
+++ b/workflows/docker-build-push/workflow.yml
@@ -0,0 +1,81 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - '*'
+
+env:
+  REGISTRY_HOST: ${{ secrets.DOCKER_REGISTRY_HOST }}
+  REGISTRY_USER: ${{ secrets.DOCKER_REGISTRY_USER }}
+  REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+  GITHUB_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}  # Required for Docker metadata extraction
+  IMAGE_NAME: "Wavyzz/myimage"
+  # CACHE_REF: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:buildcache  # (Optional) for build cache
+
+jobs:
+  build-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      # (Optional) checks if current branch is the default branch
+      - name: Define branch helpers
+        id: branch
+        run: |
+          DEFAULT="${{ github.event.repository.default_branch }}"
+          CURRENT="${{ github.ref_name }}"
+          if [ "$DEFAULT" = "$CURRENT" ]; then
+            echo "is_default_branch=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_default_branch=false" >> $GITHUB_OUTPUT
+          fi
+
+      # (Optional) automatically extract tags and labels from git context
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          github-token: ${{ env.GITHUB_TOKEN }}
+          images: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha
+            type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }}
+
+      # (Optional) for multi-platform builds
+      # - name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v3
+
+      # (Optional but recommended) for advanced builds
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY_HOST }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:  # Adjust as needed
+          context: .
+          file: ./Dockerfile
+          push: true
+          # platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          # cache-from: type=registry,ref=${{ env.CACHE_REF }}
+          # cache-to: type=registry,ref=${{ env.CACHE_REF }},mode=max
+
+      - name: Image details
+        run: |
+          echo "Image pushed: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}"
+          echo "Labels: ${{ steps.meta.outputs.labels }}"
+          echo "Tags: ${{ steps.meta.outputs.tags }}"
+          echo "Digest: ${{ steps.meta.outputs.digest }}"