123 lines
4.0 KiB
YAML
123 lines
4.0 KiB
YAML
name: Build and Push Docker Images
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'images/**'
|
|
workflow_dispatch:
|
|
inputs:
|
|
image:
|
|
description: 'Image to build (e.g., terraform-ci)'
|
|
required: false
|
|
|
|
env:
|
|
REGISTRY: gitea.arnodo.fr
|
|
|
|
jobs:
|
|
# ============================================================================
|
|
# Job 1 : Détection des images modifiées
|
|
# ============================================================================
|
|
detect-changes:
|
|
runs-on: docker
|
|
container:
|
|
image: alpine:3.20
|
|
outputs:
|
|
matrix: ${{ steps.changes.outputs.matrix }}
|
|
has_changes: ${{ steps.changes.outputs.has_changes }}
|
|
steps:
|
|
- name: Install dependencies
|
|
run: apk add --no-cache git jq
|
|
|
|
- name: Checkout repository
|
|
run: |
|
|
git clone --depth 2 https://gitea.arnodo.fr/${{ gitea.repository }}.git .
|
|
git checkout ${{ gitea.sha }}
|
|
|
|
- name: Detect changed images
|
|
id: changes
|
|
run: |
|
|
if [ -n "${{ inputs.image }}" ]; then
|
|
echo "matrix=[\"${{ inputs.image }}\"]" >> $GITHUB_OUTPUT
|
|
echo "has_changes=true" >> $GITHUB_OUTPUT
|
|
else
|
|
CHANGED=$(git diff --name-only HEAD~1 HEAD -- images/ 2>/dev/null | cut -d'/' -f2 | sort -u | grep -v '^$' || true)
|
|
if [ -z "$CHANGED" ]; then
|
|
echo "has_changes=false" >> $GITHUB_OUTPUT
|
|
echo "matrix=[]" >> $GITHUB_OUTPUT
|
|
else
|
|
JSON=$(echo "$CHANGED" | jq -R -s -c 'split("\n") | map(select(length > 0))')
|
|
echo "matrix=$JSON" >> $GITHUB_OUTPUT
|
|
echo "has_changes=true" >> $GITHUB_OUTPUT
|
|
fi
|
|
fi
|
|
|
|
- name: Show detected changes
|
|
run: |
|
|
echo "Matrix: ${{ steps.changes.outputs.matrix }}"
|
|
echo "Has changes: ${{ steps.changes.outputs.has_changes }}"
|
|
|
|
# ============================================================================
|
|
# Job 2 : Build avec Buildkit (tout dans un seul container)
|
|
# ============================================================================
|
|
build:
|
|
needs: detect-changes
|
|
if: needs.detect-changes.outputs.has_changes == 'true'
|
|
runs-on: docker
|
|
container:
|
|
image: docker:cli
|
|
strategy:
|
|
matrix:
|
|
image: ${{ fromJson(needs.detect-changes.outputs.matrix) }}
|
|
steps:
|
|
- name: Build and push with Buildkit
|
|
env:
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
REGISTRY_USER: ${{ gitea.actor }}
|
|
run: |
|
|
IMAGE_NAME="${{ env.REGISTRY }}/damien/${{ matrix.image }}"
|
|
REPO_URL="https://gitea.arnodo.fr/${{ gitea.repository }}.git"
|
|
IMAGE_PATH="images/${{ matrix.image }}"
|
|
|
|
echo "Building ${IMAGE_NAME}:latest ..."
|
|
|
|
# Tout se passe dans le container buildkit : clone + build + push
|
|
docker run --rm --privileged \
|
|
--entrypoint sh \
|
|
moby/buildkit:master \
|
|
-c "
|
|
set -e
|
|
|
|
# Install git
|
|
apk add --no-cache git
|
|
|
|
# Clone repo
|
|
git clone --depth 1 ${REPO_URL} /src
|
|
|
|
# Setup registry auth
|
|
mkdir -p /root/.docker
|
|
AUTH=\$(echo -n '${REGISTRY_USER}:${REGISTRY_TOKEN}' | base64 | tr -d '\n')
|
|
cat > /root/.docker/config.json <<EOF
|
|
{
|
|
\"auths\": {
|
|
\"${{ env.REGISTRY }}\": {
|
|
\"auth\": \"\${AUTH}\"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Debug
|
|
echo 'Context content:'
|
|
ls -la /src/${IMAGE_PATH}/
|
|
|
|
# Build and push
|
|
buildctl-daemonless.sh build \
|
|
--frontend dockerfile.v0 \
|
|
--local context=/src/${IMAGE_PATH} \
|
|
--local dockerfile=/src/${IMAGE_PATH} \
|
|
--output type=image,name=${IMAGE_NAME}:latest,push=true
|
|
"
|
|
|
|
echo "✅ Pushed ${IMAGE_NAME}:latest"
|