diff --git a/.gitea/workflows/build-images.yml b/.gitea/workflows/build-images.yml index e82a80c..f07849a 100644 --- a/.gitea/workflows/build-images.yml +++ b/.gitea/workflows/build-images.yml @@ -15,14 +15,20 @@ env: REGISTRY: gitea.arnodo.fr jobs: + # ============================================================================ + # Job 1 : Détection des images modifiées + # ============================================================================ detect-changes: runs-on: docker container: - image: alpine/git:latest + image: alpine:3.20 outputs: matrix: ${{ steps.changes.outputs.matrix }} has_changes: ${{ steps.changes.outputs.has_changes }} steps: + - name: Install dependencies + run: apk add --no-cache git jq + - uses: actions/checkout@v3 with: fetch-depth: 2 @@ -30,56 +36,73 @@ jobs: - name: Detect changed images id: changes run: | - if [ -n "${{ github.event.inputs.image }}" ]; then + if [ -n "${{ inputs.image }}" ]; then # Manual trigger - build specific image - echo "matrix=[\"${{ github.event.inputs.image }}\"]" >> $GITHUB_OUTPUT + echo "matrix=[\"${{ inputs.image }}\"]" >> $GITHUB_OUTPUT echo "has_changes=true" >> $GITHUB_OUTPUT else # Auto-detect changed images - CHANGED=$(git diff --name-only HEAD~1 HEAD -- images/ | cut -d'/' -f2 | sort -u | grep -v '^$' || true) + CHANGED=$(git diff --name-only HEAD~1 HEAD -- images/ 2>/dev/null | cut -d'/' -f2 | sort -u | grep -v '^$' || true) if [ -z "$CHANGED" ]; then echo "has_changes=false" >> $GITHUB_OUTPUT echo "matrix=[]" >> $GITHUB_OUTPUT else - # Convert to JSON array JSON=$(echo "$CHANGED" | jq -R -s -c 'split("\n") | map(select(length > 0))') echo "matrix=$JSON" >> $GITHUB_OUTPUT echo "has_changes=true" >> $GITHUB_OUTPUT fi fi + - name: Show detected changes + run: | + echo "Matrix: ${{ steps.changes.outputs.matrix }}" + echo "Has changes: ${{ steps.changes.outputs.has_changes }}" + + # ============================================================================ + # Job 2 : Build avec Buildkit rootless (100% containerisé) + # ============================================================================ build: needs: detect-changes if: needs.detect-changes.outputs.has_changes == 'true' runs-on: docker + container: + image: moby/buildkit:rootless + options: --privileged strategy: matrix: image: ${{ fromJson(needs.detect-changes.outputs.matrix) }} steps: - uses: actions/checkout@v3 - - name: Set up Docker Buildx - run: | - docker buildx create --use --name gitea-builder || docker buildx use gitea-builder - - - name: Login to Gitea Registry - run: | - echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ gitea.actor }} --password-stdin - - - name: Build and push + - name: Build and push with Buildkit + env: + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + REGISTRY_USER: ${{ gitea.actor }} run: | IMAGE_NAME="${{ env.REGISTRY }}/damien/${{ matrix.image }}" + SHORT_SHA=$(echo "${{ gitea.sha }}" | cut -c1-7) - docker buildx build \ - --platform linux/amd64 \ - --tag "${IMAGE_NAME}:latest" \ - --tag "${IMAGE_NAME}:${{ gitea.sha }}" \ - --push \ - ./images/${{ matrix.image }} - - - name: Summary - run: | - echo "### ✅ Image built and pushed" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "- **Image**: ${{ env.REGISTRY }}/damien/${{ matrix.image }}" >> $GITHUB_STEP_SUMMARY - echo "- **Tags**: latest, ${{ gitea.sha }}" >> $GITHUB_STEP_SUMMARY + # Create auth config for registry + mkdir -p ~/.docker + AUTH=$(echo -n "${REGISTRY_USER}:${REGISTRY_TOKEN}" | base64) + cat > ~/.docker/config.json <