Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
69d74881dc4d4fc3deb0aeb5e9ddeb3f1d819022
CapaKraken/.github/workflows/release-image.yml
T
Hartmut 69d74881dc
CI / Architecture Guardrails (push) Successful in 3m3s
Details
CI / Lint (push) Successful in 3m49s
Details
CI / Typecheck (push) Successful in 3m56s
Details
CI / Assistant Split Regression (push) Successful in 5m54s
Details
CI / Build (push) Successful in 6m48s
Details
CI / E2E Tests (push) Successful in 5m23s
Details
CI / Fresh-Linux Docker Deploy (push) Successful in 6m10s
Details
CI / Release Images (push) Failing after 2m7s
Details
CI / Unit Tests (push) Successful in 7m22s
Details
ci(release): use REGISTRY_TOKEN PAT for Gitea registry login 
The auto-provisioned GITHUB_TOKEN in Gitea Actions does not carry
package-registry write permission. Use a personal access token stored
as a repo secret instead.
2026-04-13 08:09:56 +02:00

94 lines
3.2 KiB
YAML
Raw Blame History

name: Release Image
# Reusable workflow: called from ci.yml after all checks pass.
# Can also be dispatched manually for rebuilds or tag overrides.
#
# Pushes to the Gitea container registry (the same host the workflow runs on)
# using the auto-provisioned GITHUB_TOKEN. No external secrets required.
on:
workflow_call:
inputs:
image_tag:
description: Optional tag override, defaults to sha-<commit>
required: false
type: string
workflow_dispatch:
inputs:
image_tag:
description: Optional tag override, defaults to sha-<commit>
required: false
type: string
permissions:
contents: read
packages: write
jobs:
build-and-push:
name: Build And Push Images
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
run: docker buildx create --use --name ci-builder 2>/dev/null || true
- id: registry
name: Resolve Gitea registry host
# GITHUB_SERVER_URL inside act_runner resolves to the *internal* Gitea
# hostname (gitea:3000) which is not reachable from the job container.
# Hardcode the externally-resolvable host instead.
run: |
echo "host=gitea.hartmut-noerenberg.com" >> "$GITHUB_OUTPUT"
- name: Login to Gitea container registry
# GITHUB_TOKEN is auto-provisioned by Gitea Actions for the running
# workflow; no manual secret configuration required.
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" | \
docker login "${{ steps.registry.outputs.host }}" \
-u "${{ github.actor }}" --password-stdin
- id: vars
name: Compute image refs
run: |
owner="$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')"
repo="$(basename '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')"
image_tag="${{ inputs.image_tag }}"
if [ -z "${image_tag}" ]; then
image_tag="sha-${GITHUB_SHA}"
fi
host="${{ steps.registry.outputs.host }}"
echo "app_image=${host}/${owner}/${repo}-app:${image_tag}" >> "$GITHUB_OUTPUT"
echo "migrator_image=${host}/${owner}/${repo}-migrator:${image_tag}" >> "$GITHUB_OUTPUT"
# Guardrail anchor: target: runner
- name: Build and push app image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.prod
target: runner
push: true
tags: ${{ steps.vars.outputs.app_image }}
cache-from: type=gha,scope=app
cache-to: type=gha,mode=max,scope=app
# Guardrail anchor: target: migrator
- name: Build and push migrator image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.prod
target: migrator
push: true
tags: ${{ steps.vars.outputs.migrator_image }}
cache-from: type=gha,scope=migrator
cache-to: type=gha,mode=max,scope=migrator
- name: Release summary
run: |
echo "App image: ${{ steps.vars.outputs.app_image }}"
echo "Migrator image: ${{ steps.vars.outputs.migrator_image }}"
Reference in New Issue View Git Blame Copy Permalink