diff --git a/.gitea/workflows/docker-build.yml b/.gitea/workflows/docker-build.yml index 952ad05..8964adc 100644 --- a/.gitea/workflows/docker-build.yml +++ b/.gitea/workflows/docker-build.yml @@ -25,21 +25,22 @@ jobs: run: | set -e RAW_REPO="${GITHUB_REPOSITORY:-${GITEA_REPOSITORY:-}}" - if [ -z "$RAW_REPO" ]; then - echo "RAW_REPO not set (expected GITHUB_REPOSITORY or GITEA_REPOSITORY)"; exit 1 + if [ -z "$RAW_REPO" ]; then echo "Missing GITHUB_REPOSITORY/GITEA_REPOSITORY"; exit 1; fi + OWNER="${RAW_REPO%%/*}"; REPO="${RAW_REPO#*/}" + REG_HOST_RAW="${GITEA_SERVER_URL:-${GITHUB_SERVER_URL:-}}" + if [ -z "$REG_HOST_RAW" ]; then echo "Missing GITEA_SERVER_URL/GITHUB_SERVER_URL"; exit 1; fi + REG_HOST="${REG_HOST_RAW#http://}"; REG_HOST="${REG_HOST#https://}"; REG_HOST="${REG_HOST%%/*}" + # Allow explicit override via secrets or env + OVERRIDE="${{ secrets.GITEA_REGISTRY_HOST }}"; [ -z "$OVERRIDE" ] && OVERRIDE="${GITEA_REGISTRY_HOST}" + [ -z "$OVERRIDE" ] && OVERRIDE="${{ secrets.REGISTRY_HOST }}" + [ -z "$OVERRIDE" ] && OVERRIDE="${REGISTRY_HOST}" + if [ "$REG_HOST" = "gitea" ] && [ -n "$OVERRIDE" ]; then + echo "Replacing unresolved host 'gitea' with override '$OVERRIDE'" + REG_HOST="$OVERRIDE" fi - OWNER="${RAW_REPO%%/*}" - REPO="${RAW_REPO#*/}" - if [ -z "$OWNER" ] || [ "$OWNER" = "$RAW_REPO" ]; then - echo "Failed to parse owner from '$RAW_REPO'"; exit 1 + if [ "$REG_HOST" = "gitea" ]; then + REG_HOST="git.thumeit.com"; fi - REG_HOST="${GITEA_SERVER_URL:-${GITHUB_SERVER_URL:-}}" - if [ -z "$REG_HOST" ]; then - echo "GITEA_SERVER_URL/GITHUB_SERVER_URL not set"; exit 1 - fi - REG_HOST="${REG_HOST#http://}" - REG_HOST="${REG_HOST#https://}" - REG_HOST="${REG_HOST%%/*}" echo "owner=$OWNER" >> $GITHUB_OUTPUT echo "repo=$REPO" >> $GITHUB_OUTPUT echo "host=$REG_HOST" >> $GITHUB_OUTPUT @@ -50,37 +51,56 @@ jobs: run: | SHA_TAG=sha-${GITHUB_SHA::7} echo "sha_tag=$SHA_TAG" >> $GITHUB_OUTPUT - if [[ "$GITHUB_REF" == refs/heads/main || "$GITHUB_REF" == refs/heads/master ]]; then - echo "latest_tag=latest" >> $GITHUB_OUTPUT - fi - if [[ "$GITHUB_REF" == refs/tags/v* ]]; then - VERSION_TAG=${GITHUB_REF#refs/tags/} - echo "version_tag=$VERSION_TAG" >> $GITHUB_OUTPUT - fi + if [[ "$GITHUB_REF" =~ refs/heads/(main|master)$ ]]; then echo "latest_tag=latest" >> $GITHUB_OUTPUT; fi + if [[ "$GITHUB_REF" == refs/tags/v* ]]; then VERSION_TAG=${GITHUB_REF#refs/tags/}; echo "version_tag=$VERSION_TAG" >> $GITHUB_OUTPUT; fi - name: Show build plan run: | echo "Registry host: ${{ steps.repo.outputs.host }}" - echo "Namespace (owner): ${{ steps.repo.outputs.owner }}" - echo "Backend image: ${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${BACKEND_IMAGE}" - echo "Frontend image: ${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${FRONTEND_IMAGE}" + echo "Namespace: ${{ steps.repo.outputs.owner }}" + echo "Images: ${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${BACKEND_IMAGE} and frontend" - - name: Login to local Gitea registry + - name: Login (optional) + id: login run: | - if [ -z "${{ secrets.CR_USERNAME }}" ] || [ -z "${{ secrets.CR_PASSWORD }}" ]; then - echo "CR_USERNAME / CR_PASSWORD secrets missing"; exit 1 + set -e + HOST="${{ steps.repo.outputs.host }}" + if [ -n "${{ secrets.CR_USERNAME }}" ] && [ -n "${{ secrets.CR_PASSWORD }}" ]; then + echo "${{ secrets.CR_PASSWORD }}" | docker login "$HOST" -u "${{ secrets.CR_USERNAME }}" --password-stdin + echo "authenticated=1" >> $GITHUB_OUTPUT; exit 0 fi - echo "${{ secrets.CR_PASSWORD }}" | docker login "${{ steps.repo.outputs.host }}" -u "${{ secrets.CR_USERNAME }}" --password-stdin + if [ -n "${{ secrets.GITEA_REGISTRY_TOKEN }}" ]; then + ACTOR="${GITHUB_ACTOR:-${GITEA_ACTOR:-$OWNER}}" + echo "${{ secrets.GITEA_REGISTRY_TOKEN }}" | docker login "$HOST" -u "$ACTOR" --password-stdin + echo "authenticated=1" >> $GITHUB_OUTPUT; exit 0 + fi + echo "No credentials; will skip push."; echo "authenticated=0" >> $GITHUB_OUTPUT - name: Build backend run: | BASE="${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${BACKEND_IMAGE}" docker build -t ${BASE}:${{ steps.meta.outputs.sha_tag }} ./backend - if [ -n "${{ steps.meta.outputs.latest_tag }}" ]; then docker tag ${BASE}:${{ steps.meta.outputs.sha_tag }} ${BASE}:latest; fi - if [ -n "${{ steps.meta.outputs.version_tag }}" ]; then docker tag ${BASE}:${{ steps.meta.outputs.sha_tag }} ${BASE}:${{ steps.meta.outputs.version_tag }}; fi + [ -n "${{ steps.meta.outputs.latest_tag }}" ] && docker tag ${BASE}:${{ steps.meta.outputs.sha_tag }} ${BASE}:latest + [ -n "${{ steps.meta.outputs.version_tag }}" ] && docker tag ${BASE}:${{ steps.meta.outputs.sha_tag }} ${BASE}:${{ steps.meta.outputs.version_tag }} - name: Build frontend run: | + BASE="${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${FRONTEND_IMAGE}" + docker build -t ${BASE}:${{ steps.meta.outputs.sha_tag }} ./frontend + [ -n "${{ steps.meta.outputs.latest_tag }}" ] && docker tag ${BASE}:${{ steps.meta.outputs.sha_tag }} ${BASE}:latest + [ -n "${{ steps.meta.outputs.version_tag }}" ] && docker tag ${BASE}:${{ steps.meta.outputs.sha_tag }} ${BASE}:${{ steps.meta.outputs.version_tag }} + + - name: Push images + if: github.event_name != 'pull_request' + run: | + if [ "${{ steps.login.outputs.authenticated }}" != "1" ]; then + echo "Skipping push (unauthenticated)"; exit 0; fi + for IMG in ${BACKEND_IMAGE} ${FRONTEND_IMAGE}; do + BASE="${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${IMG}" + docker push ${BASE}:${{ steps.meta.outputs.sha_tag }} + [ -n "${{ steps.meta.outputs.latest_tag }}" ] && docker push ${BASE}:latest + [ -n "${{ steps.meta.outputs.version_tag }}" ] && docker push ${BASE}:${{ steps.meta.outputs.version_tag }} + done BASE="${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${FRONTEND_IMAGE}" docker build -t ${BASE}:${{ steps.meta.outputs.sha_tag }} ./frontend if [ -n "${{ steps.meta.outputs.latest_tag }}" ]; then docker tag ${BASE}:${{ steps.meta.outputs.sha_tag }} ${BASE}:latest; fi @@ -89,6 +109,10 @@ jobs: - name: Push images if: github.event_name != 'pull_request' run: | + if [ "${{ steps.login.outputs.authenticated }}" != "1" ]; then + echo "Skipping push attempt (not authenticated). Provide CR_USERNAME/CR_PASSWORD or GITEA_REGISTRY_TOKEN to enable." + exit 0 + fi for IMG in ${BACKEND_IMAGE} ${FRONTEND_IMAGE}; do BASE="${{ steps.repo.outputs.host }}/${{ steps.repo.outputs.owner }}/${IMG}" docker push ${BASE}:${{ steps.meta.outputs.sha_tag }}