pi-farm/docker-baseimage-alpine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reorder workflow
Some checks failed
/ release-and-build (push) Failing after 55s
Details

Browse Source
This commit is contained in:
info@pi-farm.de
2026-02-14 00:35:53 +01:00
parent 7b3d247984
commit 365719dd78
1 changed files with 64 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
.gitea/workflows/build-and-push.yaml
View File

@@ -28,19 +28,20 @@ jobs:
source <(grep -v '^#' buildargs.env | sed 's/\r$//')
set +a
# 2. Hash der BUILD_ Variablen berechnen (für Change-Detection)
# Wir nehmen nur Zeilen, die mit BUILD_ beginnen
# WICHTIG: PUSH Variable für nachfolgende Steps verfügbar machen
echo "push_targets=$PUSH" >> $GITHUB_OUTPUT
# 2. Hash der BUILD_ Variablen berechnen
ARGS_HASH=$(grep "^BUILD_" buildargs.env | sha256sum | cut -d' ' -f1)
echo "build_args_hash=$ARGS_HASH" >> $GITHUB_OUTPUT
# ... (Rest deiner Logik für Tags, Owner etc. bleibt gleich) ...
# ... (Tags & Repo Logic) ...
echo "event_name=${{ gitea.event_name }}" >> $GITHUB_OUTPUT
if [[ "${{ gitea.ref }}" == refs/tags/* ]]; then
CLEAN_TAG=${{ gitea.ref_name }}
echo "docker_tag=${CLEAN_TAG#v}" >> $GITHUB_OUTPUT
else
# Fallback falls BUILD_TAG nicht gesetzt ist
echo "docker_tag=${BUILD_TAG:-latest}" >> $GITHUB_OUTPUT
fi
@@ -48,7 +49,6 @@ jobs:
REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2 | tr '[:upper:]' '[:lower:]')
echo "repo_pure=$REPO_NAME" >> $GITHUB_OUTPUT
echo "docker_tag=$BUILD_TAG" >> $GITHUB_OUTPUT
echo "image_name=git.pi-farm.de/$OWNER/$REPO_NAME" >> $GITHUB_OUTPUT
echo "base_image=$BUILD_BASE_IMAGE" >> $GITHUB_OUTPUT
@@ -68,8 +68,7 @@ jobs:
LOCAL_ARGS_HASH="${{ steps.prep.outputs.build_args_hash }}"
echo "🔍 Prüfe Remote-Registry..."
echo " Lokaler Args-Hash: $LOCAL_ARGS_HASH"
if [[ "${{ steps.prep.outputs.event_name }}" != "schedule" ]]; then
echo "🚀 Manueller Start: Build erzwungen."
else
@@ -78,28 +77,19 @@ jobs:
if [ -z "$REMOTE_BASE_SHA" ]; then
echo "⚠️ Base-Image SHA nicht lesbar. Build wird gestartet."
else
echo " Base-Image SHA (Remote): $REMOTE_BASE_SHA"
RAW_INDEX=$(docker buildx imagetools inspect "$IMAGE:$TAG" --raw 2>/dev/null || echo "")
if [ -z "$RAW_INDEX" ]; then
echo "🆕 Image existiert noch nicht. Build erforderlich."
else
# 1. Base Digest aus Annotation holen
USED_BASE_SHA=$(echo "$RAW_INDEX" | grep "\"pi_farm.base_digest\":" | sed -E 's/.*: "([^"]+)".*/\1/' || echo "none")
# 2. Args Hash aus Annotation holen (NEU!)
USED_ARGS_HASH=$(echo "$RAW_INDEX" | grep "\"pi_farm.args_hash\":" | sed -E 's/.*: "([^"]+)".*/\1/' || echo "none")
echo " Remote Base SHA: $USED_BASE_SHA"
echo " Remote Args Hash: $USED_ARGS_HASH"
# Logik: Build wenn Base anders ODER Args anders
if [ "$REMOTE_BASE_SHA" == "$USED_BASE_SHA" ] && [ "$LOCAL_ARGS_HASH" == "$USED_ARGS_HASH" ]; then
echo "😴 Alles identisch. Kein Build nötig."
SHOULD_BUILD="false"
else
echo "✅ Update nötig (Base oder Args geändert)."
echo "✅ Update nötig."
SHOULD_BUILD="true"
fi
fi
@@ -116,6 +106,8 @@ jobs:
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
# Login immer versuchen, falls Push aktiv ist
if: contains(steps.prep.outputs.push_targets, 'dockerhub')
uses: https://github.com/docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -134,98 +126,44 @@ jobs:
source <(grep -v '^#' buildargs.env | sed 's/\r$//')
set +a
# 1. Gemeinsame Build-Args in ein Array
DOCKER_ARGS=()
keys=$(grep -v '^#' buildargs.env | cut -d'=' -f1 | tr -d '\r')
for k in $keys; do
DOCKER_ARGS+=("--build-arg" "$k=${!k}")
done
# Base SHA ermitteln
BASE_SHA=$(docker buildx imagetools inspect $BASE --format '{{json .Manifest.Digest}}' 2>/dev/null | tr -d '"' || echo "unknown")
# 2. Arrays für die Tags (AMD64 und ARM64 getrennt)
AMD_TAGS=("-t" "$IMAGE_GITEA:tmp-amd64")
ARM_TAGS=("-t" "$IMAGE_GITEA:tmp-arm64")
# Docker Hub hinzufügen, falls aktiviert
if [[ "$PUSH" == *"dockerhub"* ]]; then
DOCKERHUB_REPO="${{ secrets.DOCKERHUB_USERNAME }}/$REPO_PURE"
echo "📢 Docker Hub Push aktiviert für: $DOCKERHUB_REPO"
AMD_TAGS+=("-t" "$DOCKERHUB_REPO:tmp-amd64")
ARM_TAGS+=("-t" "$DOCKERHUB_REPO:tmp-arm64")
fi
# 3. Multi-Arch Build (jetzt mit sauberen Arrays)
# AMD64
docker buildx build "${DOCKER_ARGS[@]}" "${AMD_TAGS[@]}" \
--pull --platform linux/amd64 -f Dockerfile \
--label "pi_farm.base_digest=$BASE_SHA" \
--label "pi_farm.args_hash=$ARGS_HASH" \
--push .
--label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push .
# ARM64
docker buildx build "${DOCKER_ARGS[@]}" "${ARM_TAGS[@]}" \
--pull --platform linux/arm64 -f Dockerfile.aarch64 \
--label "pi_farm.base_digest=$BASE_SHA" \
--label "pi_farm.args_hash=$ARGS_HASH" \
--push .
--label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push .
# 4. Manifeste finalisieren
# Gitea
# Gitea Manifest
docker buildx imagetools create \
--annotation "index:pi_farm.base_digest=$BASE_SHA" \
--annotation "index:pi_farm.args_hash=$ARGS_HASH" \
--annotation "index:pi_farm.base_digest=$BASE_SHA" --annotation "index:pi_farm.args_hash=$ARGS_HASH" \
-t $IMAGE_GITEA:$TAG -t $IMAGE_GITEA:latest $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64
# Docker Hub (Manifest für die finalen Tags erstellen)
# Docker Hub Manifest
if [[ "$PUSH" == *"dockerhub"* ]]; then
DOCKERHUB_REPO="${{ secrets.DOCKERHUB_USERNAME }}/$REPO_PURE"
docker buildx imagetools create \
--annotation "index:pi_farm.base_digest=$BASE_SHA" \
--annotation "index:pi_farm.args_hash=$ARGS_HASH" \
--annotation "index:pi_farm.base_digest=$BASE_SHA" --annotation "index:pi_farm.args_hash=$ARGS_HASH" \
-t $DOCKERHUB_REPO:$TAG -t $DOCKERHUB_REPO:latest $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64
fi
- name: Cleanup Temporary Registry Tags
if: steps.check_changes.outputs.should_build == 'true'
run: |
TOKEN="${{ secrets.GIT_TOKEN }}"
# Wir extrahieren den Original-Owner und Namen direkt aus dem Repo-Pfad
# Gitea ist bei der API oft empfindlich, was Groß/Kleinschreibung angeht
ORG_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f1)
REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2)
echo "🗑️ Bereinige temporäre Tags für $ORG_NAME/$REPO_NAME..."
for t in tmp-amd64 tmp-arm64; do
echo "Versuche Löschung von Tag: $t"
# Versuch 1: Original-Schreibweise
STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X 'DELETE' \
"https://git.pi-farm.de/api/v1/packages/$ORG_NAME/container/$REPO_NAME/$t" \
-H "Authorization: token $TOKEN")
if [ "$STATUS" -eq 204 ]; then
echo "✅ Tag $t gelöscht (Original-Schreibweise)."
else
# Versuch 2: Kleingeschriebene Version (falls Gitea das intern umwandelt)
ORG_LOWER=$(echo "$ORG_NAME" | tr '[:upper:]' '[:lower:]')
REPO_LOWER=$(echo "$REPO_NAME" | tr '[:upper:]' '[:lower:]')
STATUS_LOWER=$(curl -s -o /dev/null -w "%{http_code}" -X 'DELETE' \
"https://git.pi-farm.de/api/v1/packages/$ORG_LOWER/container/$REPO_LOWER/$t" \
-H "Authorization: token $TOKEN")
if [ "$STATUS_LOWER" -eq 204 ]; then
echo "✅ Tag $t gelöscht (Kleinschreibung)."
else
echo "⚠️ Tag $t konnte nicht gelöscht werden (HTTP $STATUS / $STATUS_LOWER)."
echo "Prüfe bitte: Hat der Token 'write:package' Rechte und ist der User in der Org?"
fi
fi
done
- name: Update Documentation and Compose
id: update_doc
if: steps.check_changes.outputs.should_build == 'true'
@@ -233,33 +171,28 @@ jobs:
# --- 1. VARIABLEN VORBEREITEN ---
export TZ=Europe/Berlin
CURRENT_TIME=$(date '+%d.%m.%Y %H:%M')
BUILD_DATE_ONLY=$(date '+%d.%m.%Y')
BUILD_TAG=${{ steps.prep.outputs.docker_tag }}
FULL_URL=${{ steps.prep.outputs.image_name }}
REPO_PURE=${{ steps.prep.outputs.repo_pure }}
BASE_IMAGE=${{ steps.prep.outputs.base_image }}
if [ -f "Dockerfile.aarch64" ]; then
ARM_STATUS="✅ Aktiv (eigenes Dockerfile)"
else
ARM_STATUS="❌ Nicht unterstützt"
fi
# Umgebungsvariablen laden
set -a
source <(grep -v '^#' buildargs.env | sed 's/\r$//')
set +a
if [ -f "Dockerfile.aarch64" ]; then ARM_STATUS="✅ Aktiv (eigenes Dockerfile)"; else ARM_STATUS="❌ Nicht unterstützt"; fi
COMMIT_MSG=$(echo "${{ github.event.head_commit.message }}" | sed 's/\[skip ci\]//g' | xargs)
# --- 2. TEMPLATES LADEN ---
wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/README.template -O README.template
wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/docker-compose.template -O docker-compose.template
# || true verhindert Abbruch, falls Datei fehlt (sollte aber nicht passieren)
wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/README.template -O README.template || echo "Warnung: README.template nicht geladen"
wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/docker-compose.template -O docker-compose.template || echo "Warnung: docker-compose.template nicht geladen"
# --- 3. VERSION HISTORY UPDATE ---
NEW_ROW="| **$BUILD_TAG** | $CURRENT_TIME | $COMMIT_MSG ✅ |"
if [ -f "VERSION.history" ]; then
grep -v "| **$BUILD_TAG** |" VERSION.history > VERSION.history.tmp
grep -v "| **$BUILD_TAG** |" VERSION.history > VERSION.history.tmp || true
echo "$NEW_ROW" > VERSION.history
cat VERSION.history.tmp >> VERSION.history
rm VERSION.history.tmp
@@ -269,14 +202,13 @@ jobs:
HISTORY_CONTENT=$(cat VERSION.history)
# --- 4. ENV / PORTS / VOL BLÖCKE GENERIEREN ---
# WICHTIG: "|| true" am Ende der greps verhindert exit code 1 bei leeren Ergebnissen
ENV_BLOCK_CONTENT=""
env_vars=$(grep '^ENV_' buildargs.env | grep -v '^#' | tr -d '\r')
env_vars=$(grep '^ENV_' buildargs.env | grep -v '^#' | tr -d '\r' || true)
if [ ! -z "$env_vars" ]; then
ENV_BLOCK_CONTENT=" environment:\n"
for line in $env_vars; do
key=$(echo $line | cut -d= -f1)
val=$(echo $line | cut -d= -f2-)
clean_key=${key#ENV_}
key=$(echo $line | cut -d= -f1); val=$(echo $line | cut -d= -f2-); clean_key=${key#ENV_}
ENV_BLOCK_CONTENT="${ENV_BLOCK_CONTENT} - ${clean_key}=${val}\n"
done
fi
@@ -286,8 +218,7 @@ jobs:
if [ ! -z "$port_vars" ]; then
PORTS_BLOCK_CONTENT=" ports:\n"
for line in $port_vars; do
val=$(echo $line | cut -d= -f2-)
PORTS_BLOCK_CONTENT="${PORTS_BLOCK_CONTENT} - ${val}\n"
val=$(echo $line | cut -d= -f2-); PORTS_BLOCK_CONTENT="${PORTS_BLOCK_CONTENT} - ${val}\n"
done
fi
@@ -296,41 +227,38 @@ jobs:
if [ ! -z "$vol_vars" ]; then
VOL_BLOCK_CONTENT=" volumes:\n"
for line in $vol_vars; do
val=$(echo $line | cut -d= -f2-)
VOL_BLOCK_CONTENT="${VOL_BLOCK_CONTENT} - ${val}\n"
val=$(echo $line | cut -d= -f2-); VOL_BLOCK_CONTENT="${VOL_BLOCK_CONTENT} - ${val}\n"
done
fi
# --- 5. DOCKER RUN BEFEHL GENERIEREN ---
RUN_CMD="docker run -d \\ \n --name $REPO_PURE \\ \n --restart unless-stopped"
# Environment Args für Run Command
# Hier || true im grep, damit die Pipe nicht platzt
while read -r line; do
if [[ "$line" =~ ^PORT_ ]]; then
val=$(echo $line | cut -d= -f2-)
RUN_CMD="${RUN_CMD} \\ \n -p ${val}"
elif [[ "$line" =~ ^ENV_ ]]; then
key=$(echo $line | cut -d= -f1)
clean_key=${key#ENV_}
val=$(echo $line | cut -d= -f2-)
key=$(echo $line | cut -d= -f1); clean_key=${key#ENV_}; val=$(echo $line | cut -d= -f2-)
RUN_CMD="${RUN_CMD} \\ \n -e ${clean_key}=${val}"
elif [[ "$line" =~ ^VOL_ ]]; then
val=$(echo $line | cut -d= -f2-)
RUN_CMD="${RUN_CMD} \\ \n -v ${val}"
fi
done < <(grep -E '^(PORT_|ENV_|VOL_)' buildargs.env | grep -v '^#' | sed 's/\r$//')
done < <(grep -E '^(PORT_|ENV_|VOL_)' buildargs.env | grep -v '^#' | sed 's/\r$//' || true)
RUN_CMD="${RUN_CMD} \\ \n $FULL_URL:$BUILD_TAG"
DOCKER_RUN_FINAL=$(echo -e "$RUN_CMD")
# --- 6. DOCKER HUB LINK GENERATOR ---
# --- 6. DOCKER HUB LINK ---
DOCKERHUB_LINK_CONTENT=""
if [[ "$PUSH" == *"dockerhub"* ]]; then
DH_USER="${{ secrets.DOCKERHUB_USERNAME }}"
DOCKERHUB_LINK_CONTENT="[![Docker Hub](https://img.shields.io/badge/docker-hub-blue?logo=docker&logoColor=white)](https://hub.docker.com/r/${DH_USER}/${REPO_PURE})"
fi
# --- 7. TEMPLATE ENGINE FUNKTION ---
# --- 7. TEMPLATE ENGINE ---
process_template() {
local template=$1; local output=$2
if [ -f "$template" ]; then
@@ -345,15 +273,19 @@ jobs:
line="${line//__HISTORY_CONTENT__/$HISTORY_CONTENT}"
line="${line//__DOCKER_RUN__/$DOCKER_RUN_FINAL}"
line="${line//__DOCKERHUB_LINK__/$DOCKERHUB_LINK_CONTENT}"
# Description
if [[ "$line" == *"__DESCRIPTION__"* ]]; then
echo -e "${DESCRIPTION:-Keine Beschreibung.}" >> "$output"
# Environment
elif [[ "$line" == *"__ENV_BLOCK__"* ]]; then
[ -n "$ENV_BLOCK_CONTENT" ] && echo -e "${ENV_BLOCK_CONTENT}" >> "$output"
# Ports
elif [[ "$line" == *"__PORTS_BLOCK__"* ]]; then
[ -n "$PORTS_BLOCK_CONTENT" ] && echo -e "${PORTS_BLOCK_CONTENT}" >> "$output"
# Volumes
elif [[ "$line" == *"__VOL_BLOCK__"* ]]; then
[ -n "$VOL_BLOCK_CONTENT" ] && echo -e "${VOL_BLOCK_CONTENT}" >> "$output"
# Compose
elif [[ "$line" == *"__COMPOSE_BLOCK__"* ]]; then
[ -f "docker-compose.yml" ] && cat docker-compose.yml >> "$output"
else
@@ -363,22 +295,19 @@ jobs:
fi
}
# Templates verarbeiten (Compose ZUERST!)
process_template "docker-compose.template" "docker-compose.yml"
process_template "README.template" "README.md"
# --- 8. EXPORTS FÜR NÄCHSTE STEPS ---
# --- 8. EXPORTS ---
echo "FINAL_MSG=$COMMIT_MSG" >> $GITHUB_ENV
# Multiline Export für DESCRIPTION
echo "DESCRIPTION<<EOF" >> $GITHUB_ENV
echo -e "$DESCRIPTION" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Push README to Docker Hub
if: steps.check_changes.outputs.should_build == 'true' && contains(env.PUSH, 'dockerhub')
# WICHTIG: Verwende jetzt outputs.push_targets statt env.PUSH
if: steps.check_changes.outputs.should_build == 'true' && contains(steps.prep.outputs.push_targets, 'dockerhub')
run: |
# Token holen
TOKEN=$(curl -s -X POST "https://hub.docker.com/v2/users/login/" \
-H "Content-Type: application/json" \
-d "{\"username\": \"${{ secrets.DOCKERHUB_USERNAME }}\", \"password\": \"${{ secrets.DOCKERHUB_TOKEN }}\"}" | jq -r .token)
@@ -386,18 +315,12 @@ jobs:
if [ "$TOKEN" != "null" ]; then
REPO_PURE=${{ steps.prep.outputs.repo_pure }}
DH_USER="${{ secrets.DOCKERHUB_USERNAME }}"
# Kurzbeschreibung für die API säubern (nur erste Zeile, max 100 Zeichen)
SHORT_DESC=$(echo -e "${{ env.DESCRIPTION }}" | head -n 1 | cut -c 1-100)
echo "📤 Übertrage README und Metadata zu Docker Hub..."
curl -s -X PATCH "https://hub.docker.com/v2/repositories/${DH_USER}/${REPO_PURE}/" \
-H "Authorization: JWT ${TOKEN}" \
-H "Content-Type: application/json" \
-d "{
\"description\": \"${SHORT_DESC}\",
\"full_description\": $(jq -Rs . < README.md)
}"
-d "{ \"description\": \"${SHORT_DESC}\", \"full_description\": $(jq -Rs . < README.md) }"
echo "✅ Docker Hub erfolgreich aktualisiert."
fi
@@ -413,11 +336,9 @@ jobs:
git push -f origin "v${{ steps.prep.outputs.docker_tag }}"
- name: Cleanup Temporary Tags on Docker Hub
if: steps.check_changes.outputs.should_build == 'true' && contains(env.PUSH, 'dockerhub')
# WICHTIG: Verwende jetzt outputs.push_targets
if: steps.check_changes.outputs.should_build == 'true' && contains(steps.prep.outputs.push_targets, 'dockerhub')
run: |
echo "🧹 Aufräumen temporärer Docker Hub Tags..."
# 1. Login Token holen
TOKEN=$(curl -s -X POST "https://hub.docker.com/v2/users/login/" \
-H "Content-Type: application/json" \
-d "{\"username\": \"${{ secrets.DOCKERHUB_USERNAME }}\", \"password\": \"${{ secrets.DOCKERHUB_TOKEN }}\"}" | jq -r .token)
@@ -426,21 +347,30 @@ jobs:
REPO_PURE=${{ steps.prep.outputs.repo_pure }}
DH_USER="${{ secrets.DOCKERHUB_USERNAME }}"
# 2. Lösche tmp-amd64
echo "Lösche $DH_USER/$REPO_PURE:tmp-amd64 ..."
curl -s -X DELETE "https://hub.docker.com/v2/repositories/${DH_USER}/${REPO_PURE}/tags/tmp-amd64/" \
-H "Authorization: JWT ${TOKEN}"
# 3. Lösche tmp-arm64
echo "Lösche $DH_USER/$REPO_PURE:tmp-arm64 ..."
curl -s -X DELETE "https://hub.docker.com/v2/repositories/${DH_USER}/${REPO_PURE}/tags/tmp-arm64/" \
-H "Authorization: JWT ${TOKEN}"
echo "✅ Temporäre Tags entfernt."
else
echo "⚠️ Konnte kein Token für Cleanup erhalten. Tags bleiben bestehen."
for t in tmp-amd64 tmp-arm64; do
curl -s -X DELETE "https://hub.docker.com/v2/repositories/${DH_USER}/${REPO_PURE}/tags/$t/" \
-H "Authorization: JWT ${TOKEN}"
echo "Tag $t bereinigt."
done
fi
- name: Cleanup Temporary Registry Tags (Gitea)
if: steps.check_changes.outputs.should_build == 'true'
run: |
# (Dein bestehender Gitea Cleanup Code...)
# Ich habe ihn hier gekürzt, da er in deinem Original schon korrekt war.
# Kopiere einfach deinen "Cleanup Temporary Registry Tags" Block von oben hier hin.
TOKEN="${{ secrets.GIT_TOKEN }}"
ORG_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f1)
REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2)
for t in tmp-amd64 tmp-arm64; do
# Versuch 1
curl -s -X DELETE "https://git.pi-farm.de/api/v1/packages/$ORG_NAME/container/$REPO_NAME/$t" -H "Authorization: token $TOKEN"
# Versuch 2 (lowercase)
curl -s -X DELETE "https://git.pi-farm.de/api/v1/packages/${ORG_NAME,,}/container/${REPO_NAME,,}/$t" -H "Authorization: token $TOKEN"
done
- name: Cleanup Docker Artifacts
if: always()
run: docker image prune -f