on: push: branches: - 'main' tags: - '*' schedule: - cron: '0 5 * * 0' workflow_dispatch: jobs: release-and-build: runs-on: buildx-multiarch if: "!contains(gitea.event.head_commit.message, '[skip ci]')" steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Prepare Environment and Read Config id: prep run: | export TZ=Europe/Berlin # 1. Env laden set -a source <(grep -v '^#' buildargs.env | sed 's/\r$//') set +a # WICHTIG: PUSH Variable für nachfolgende Steps verfügbar machen echo "push_targets=$PUSH" >> $GITHUB_OUTPUT # 2. Hash der BUILD_ Variablen berechnen ARGS_HASH=$(grep "^BUILD_" buildargs.env | sha256sum | cut -d' ' -f1) echo "build_args_hash=$ARGS_HASH" >> $GITHUB_OUTPUT # ... (Tags & Repo Logic) ... echo "event_name=${{ gitea.event_name }}" >> $GITHUB_OUTPUT if [[ "${{ gitea.ref }}" == refs/tags/* ]]; then CLEAN_TAG=${{ gitea.ref_name }} echo "docker_tag=${CLEAN_TAG#v}" >> $GITHUB_OUTPUT else echo "docker_tag=${BUILD_TAG:-latest}" >> $GITHUB_OUTPUT fi OWNER=$(echo "${{ gitea.repository }}" | cut -d'/' -f1 | tr '[:upper:]' '[:lower:]') REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2 | tr '[:upper:]' '[:lower:]') echo "repo_pure=$REPO_NAME" >> $GITHUB_OUTPUT echo "image_name=git.pi-farm.de/$OWNER/$REPO_NAME" >> $GITHUB_OUTPUT echo "base_image=$BUILD_BASE_IMAGE" >> $GITHUB_OUTPUT - name: Login to Gitea Registry run: | echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login \ git.pi-farm.de -u ${{ secrets.REGISTRY_USER }} --password-stdin - name: Check for Real Changes id: check_changes shell: bash run: | SHOULD_BUILD="true" IMAGE="${{ steps.prep.outputs.image_name }}" TAG="${{ steps.prep.outputs.docker_tag }}" BASE="${{ steps.prep.outputs.base_image }}" LOCAL_ARGS_HASH="${{ steps.prep.outputs.build_args_hash }}" echo "🔍 Prüfe Remote-Registry..." if [[ "${{ steps.prep.outputs.event_name }}" != "schedule" ]]; then echo "🚀 Manueller Start: Build erzwungen." else REMOTE_BASE_SHA=$(docker buildx imagetools inspect "$BASE" --format '{{json .Manifest.Digest}}' 2>/dev/null | tr -d '"' || echo "") if [ -z "$REMOTE_BASE_SHA" ]; then echo "⚠️ Base-Image SHA nicht lesbar. Build wird gestartet." else RAW_INDEX=$(docker buildx imagetools inspect "$IMAGE:$TAG" --raw 2>/dev/null || echo "") if [ -z "$RAW_INDEX" ]; then echo "🆕 Image existiert noch nicht. Build erforderlich." else USED_BASE_SHA=$(echo "$RAW_INDEX" | grep "\"pi_farm.base_digest\":" | sed -E 's/.*: "([^"]+)".*/\1/' || echo "none") USED_ARGS_HASH=$(echo "$RAW_INDEX" | grep "\"pi_farm.args_hash\":" | sed -E 's/.*: "([^"]+)".*/\1/' || echo "none") if [ "$REMOTE_BASE_SHA" == "$USED_BASE_SHA" ] && [ "$LOCAL_ARGS_HASH" == "$USED_ARGS_HASH" ]; then echo "😴 Alles identisch. Kein Build nötig." SHOULD_BUILD="false" else echo "✅ Update nötig." SHOULD_BUILD="true" fi fi fi fi echo "should_build=$SHOULD_BUILD" >> $GITHUB_OUTPUT - name: Set up QEMU if: steps.check_changes.outputs.should_build == 'true' uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx if: steps.check_changes.outputs.should_build == 'true' uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub # Login immer versuchen, falls Push aktiv ist if: contains(steps.prep.outputs.push_targets, 'dockerhub') uses: https://github.com/docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and Push Docker Image if: steps.check_changes.outputs.should_build == 'true' run: | IMAGE_GITEA=${{ steps.prep.outputs.image_name }} TAG=${{ steps.prep.outputs.docker_tag }} ARGS_HASH=${{ steps.prep.outputs.build_args_hash }} BASE=${{ steps.prep.outputs.base_image }} REPO_PURE=${{ steps.prep.outputs.repo_pure }} set -a source <(grep -v '^#' buildargs.env | sed 's/\r$//') set +a DOCKER_ARGS=() keys=$(grep -v '^#' buildargs.env | cut -d'=' -f1 | tr -d '\r') for k in $keys; do DOCKER_ARGS+=("--build-arg" "$k=${!k}") done BASE_SHA=$(docker buildx imagetools inspect $BASE --format '{{json .Manifest.Digest}}' 2>/dev/null | tr -d '"' || echo "unknown") AMD_TAGS=("-t" "$IMAGE_GITEA:tmp-amd64") ARM_TAGS=("-t" "$IMAGE_GITEA:tmp-arm64") if [[ "$PUSH" == *"dockerhub"* ]]; then DOCKERHUB_REPO="${{ secrets.DOCKERHUB_USERNAME }}/$REPO_PURE" AMD_TAGS+=("-t" "$DOCKERHUB_REPO:tmp-amd64") ARM_TAGS+=("-t" "$DOCKERHUB_REPO:tmp-arm64") fi docker buildx build "${DOCKER_ARGS[@]}" "${AMD_TAGS[@]}" \ --pull --platform linux/amd64 -f Dockerfile \ --label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push . docker buildx build "${DOCKER_ARGS[@]}" "${ARM_TAGS[@]}" \ --pull --platform linux/arm64 -f Dockerfile.aarch64 \ --label "pi_farm.base_digest=$BASE_SHA" --label "pi_farm.args_hash=$ARGS_HASH" --push . # Gitea Manifest docker buildx imagetools create \ --annotation "index:pi_farm.base_digest=$BASE_SHA" --annotation "index:pi_farm.args_hash=$ARGS_HASH" \ -t $IMAGE_GITEA:$TAG -t $IMAGE_GITEA:latest $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64 # Docker Hub Manifest if [[ "$PUSH" == *"dockerhub"* ]]; then DOCKERHUB_REPO="${{ secrets.DOCKERHUB_USERNAME }}/$REPO_PURE" docker buildx imagetools create \ --annotation "index:pi_farm.base_digest=$BASE_SHA" --annotation "index:pi_farm.args_hash=$ARGS_HASH" \ -t $DOCKERHUB_REPO:$TAG -t $DOCKERHUB_REPO:latest $IMAGE_GITEA:tmp-amd64 $IMAGE_GITEA:tmp-arm64 fi - name: Update Documentation and Compose id: update_doc if: steps.check_changes.outputs.should_build == 'true' run: | set -x # Aktiviert Debug-Modus, um den Fehler genau zu sehen # --- 1. VARIABLEN VORBEREITEN --- export TZ=Europe/Berlin CURRENT_TIME=$(date '+%d.%m.%Y %H:%M') BUILD_TAG="${{ steps.prep.outputs.docker_tag }}" FULL_URL="${{ steps.prep.outputs.image_name }}" REPO_PURE="${{ steps.prep.outputs.repo_pure }}" BASE_IMAGE="${{ steps.prep.outputs.base_image }}" # Sicherstellen, dass buildargs.env da ist if [ ! -f "buildargs.env" ]; then echo "❌ buildargs.env fehlt!"; exit 1; fi # Env sauber laden (ohne Subshell-Source) grep -v '^#' buildargs.env | sed 's/\r$//' > cleaned_env.sh set -a source ./cleaned_env.sh set +a if [ -f "Dockerfile.aarch64" ]; then ARM_STATUS="✅ Aktiv (eigenes Dockerfile)"; else ARM_STATUS="❌ Nicht unterstützt"; fi # COMMIT_MSG sicher abfangen (verhindert Fehler durch Sonderzeichen) cat << 'EOF' > commit_msg.txt ${{ gitea.event.head_commit.message }} EOF COMMIT_MSG=$(sed 's/\[skip ci\]//g' commit_msg.txt | xargs) # --- 2. TEMPLATES LADEN --- wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/README.template -O README.template || echo "Templates konnten nicht geladen werden" wget -q https://git.pi-farm.de/pi-farm/templates/raw/branch/main/docker-compose.template -O docker-compose.template || echo "Templates konnten nicht geladen werden" # --- 3. VERSION HISTORY UPDATE --- NEW_ROW="| **$BUILD_TAG** | $CURRENT_TIME | $COMMIT_MSG ✅ |" if [ -f "VERSION.history" ]; then grep -v "| **$BUILD_TAG** |" VERSION.history > VERSION.history.tmp || true echo "$NEW_ROW" > VERSION.history cat VERSION.history.tmp >> VERSION.history rm VERSION.history.tmp else echo "$NEW_ROW" > VERSION.history fi HISTORY_CONTENT=$(cat VERSION.history) # --- 4. ENV / PORTS / VOL BLÖCKE GENERIEREN --- ENV_BLOCK_CONTENT="" env_vars=$(grep '^ENV_' buildargs.env | grep -v '^#' | tr -d '\r' || true) if [ -n "$env_vars" ]; then ENV_BLOCK_CONTENT=" environment:\n" while read -r line; do [ -z "$line" ] && continue key=$(echo "$line" | cut -d= -f1); val=$(echo "$line" | cut -d= -f2-); clean_key=${key#ENV_} ENV_BLOCK_CONTENT="${ENV_BLOCK_CONTENT} - ${clean_key}=${val}\n" done <<< "$env_vars" fi PORTS_BLOCK_CONTENT="" port_vars=$(grep '^PORT_' buildargs.env | grep -v '^#' | tr -d '\r' || true) if [ -n "$port_vars" ]; then PORTS_BLOCK_CONTENT=" ports:\n" while read -r line; do [ -z "$line" ] && continue val=$(echo "$line" | cut -d= -f2-); PORTS_BLOCK_CONTENT="${PORTS_BLOCK_CONTENT} - ${val}\n" done <<< "$port_vars" fi VOL_BLOCK_CONTENT="" vol_vars=$(grep '^VOL_' buildargs.env | grep -v '^#' | tr -d '\r' || true) if [ -n "$vol_vars" ]; then VOL_BLOCK_CONTENT=" volumes:\n" while read -r line; do [ -z "$line" ] && continue val=$(echo "$line" | cut -d= -f2-); VOL_BLOCK_CONTENT="${VOL_BLOCK_CONTENT} - ${val}\n" done <<< "$vol_vars" fi # --- 5. DOCKER RUN BEFEHL --- RUN_CMD="docker run -d \\ \n --name $REPO_PURE \\ \n --restart unless-stopped" all_params=$(grep -E '^(PORT_|ENV_|VOL_)' buildargs.env | grep -v '^#' | sed 's/\r$//' || true) if [ -n "$all_params" ]; then while read -r line; do [ -z "$line" ] && continue if [[ "$line" =~ ^PORT_ ]]; then val=$(echo "$line" | cut -d= -f2-); RUN_CMD="${RUN_CMD} \\ \n -p ${val}" elif [[ "$line" =~ ^ENV_ ]]; then key=$(echo "$line" | cut -d= -f1); clean_key=${key#ENV_}; val=$(echo "$line" | cut -d= -f2-); RUN_CMD="${RUN_CMD} \\ \n -e ${clean_key}=${val}" elif [[ "$line" =~ ^VOL_ ]]; then val=$(echo "$line" | cut -d= -f2-); RUN_CMD="${RUN_CMD} \\ \n -v ${val}" fi done <<< "$all_params" fi RUN_CMD="${RUN_CMD} \\ \n $FULL_URL:$BUILD_TAG" DOCKER_RUN_FINAL=$(echo -e "$RUN_CMD") # --- 6. DOCKER HUB LINK --- DOCKERHUB_LINK_CONTENT="" if [[ "${{ steps.prep.outputs.push_targets }}" == *"dockerhub"* ]]; then DH_USER="${{ secrets.DOCKERHUB_USERNAME }}" DOCKERHUB_LINK_CONTENT="[![Docker Hub](https://img.shields.io/badge/docker-hub-blue?logo=docker&logoColor=white)](https://hub.docker.com/r/${DH_USER}/${REPO_PURE})" fi # --- 7. TEMPLATE ENGINE --- # Wir nutzen einen temp-Ordner für die Ersetzungen, um Sonderzeichen-Probleme zu vermeiden process_template() { local template=$1; local output=$2 [ ! -f "$template" ] && return cp "$template" "$output" # Einfache Ersetzungen sed -i "s|__REPO_NAME__|$REPO_PURE|g" "$output" sed -i "s|__FULL_URL__|$FULL_URL|g" "$output" sed -i "s|__BUILD_TAG__|$BUILD_TAG|g" "$output" sed -i "s|__BASE_IMAGE__|$BASE_IMAGE|g" "$output" sed -i "s|__ARM_STATUS__|$ARM_STATUS|g" "$output" sed -i "s|__CURRENT_DATE__|$CURRENT_TIME|g" "$output" # Komplexe Blöcke über ein temporäres File einfügen (verhindert Shell-Interpretationsfehler) awk -v r="$HISTORY_CONTENT" '{gsub(/__HISTORY_CONTENT__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output" awk -v r="$DOCKER_RUN_FINAL" '{gsub(/__DOCKER_RUN__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output" awk -v r="$DOCKERHUB_LINK_CONTENT" '{gsub(/__DOCKERHUB_LINK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output" # Multiline DESCRIPTION & Blocks if grep -q "__DESCRIPTION__" "$output"; then awk -v r="$(echo -e "${DESCRIPTION:-Keine Beschreibung.}")" '{gsub(/__DESCRIPTION__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output" fi if grep -q "__ENV_BLOCK__" "$output"; then awk -v r="$(echo -e "$ENV_BLOCK_CONTENT")" '{gsub(/__ENV_BLOCK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output" fi # ... analog für Ports und Volumes ... awk -v r="$(echo -e "$PORTS_BLOCK_CONTENT")" '{gsub(/__PORTS_BLOCK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output" awk -v r="$(echo -e "$VOL_BLOCK_CONTENT")" '{gsub(/__VOL_BLOCK__/, r)}1' "$output" > "$output.tmp" && mv "$output.tmp" "$output" # Compose-Inhalt am Ende einfügen, falls das Tag da ist if grep -q "__COMPOSE_BLOCK__" "$output" && [ -f "docker-compose.yml" ]; then sed -e '/__COMPOSE_BLOCK__/{r docker-compose.yml' -e 'd;}' "$output" > "$output.tmp" && mv "$output.tmp" "$output" fi } process_template "docker-compose.template" "docker-compose.yml" process_template "README.template" "README.md" # --- 8. EXPORTS --- echo "FINAL_MSG=$COMMIT_MSG" >> $GITHUB_ENV echo "DESCRIPTION<> $GITHUB_ENV echo -e "$DESCRIPTION" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Push README to Docker Hub if: steps.check_changes.outputs.should_build == 'true' && contains(steps.prep.outputs.push_targets, 'dockerhub') run: | # Tool Check & Install if ! command -v jq &> /dev/null; then echo "Installing jq..." (apt-get update && apt-get install -y jq) || (apk add --no-cache jq) || echo "Could not install jq" fi # Token holen TOKEN=$(curl -s -X POST "https://hub.docker.com/v2/users/login/" \ -H "Content-Type: application/json" \ -d "{\"username\": \"${{ secrets.DOCKERHUB_USERNAME }}\", \"password\": \"${{ secrets.DOCKERHUB_TOKEN }}\"}" | jq -r .token) if [ "$TOKEN" != "null" ] && [ -n "$TOKEN" ]; then REPO_PURE=${{ steps.prep.outputs.repo_pure }} DH_USER="${{ secrets.DOCKERHUB_USERNAME }}" # Kurzbeschreibung sicher für JSON formatieren SHORT_DESC=$(echo -e "${{ env.DESCRIPTION }}" | head -n 1 | cut -c 1-100) echo "📤 Übertrage README und Metadata zu Docker Hub..." # Wir nutzen jq, um das gesamte JSON-Objekt sicher zu bauen (verhindert Quotes-Fehler) JSON_PAYLOAD=$(jq -n \ --arg desc "$SHORT_DESC" \ --arg full_desc "$(cat README.md)" \ '{description: $desc, full_description: $full_desc}') curl -s -X PATCH "https://hub.docker.com/v2/repositories/${DH_USER}/${REPO_PURE}/" \ -H "Authorization: JWT ${TOKEN}" \ -H "Content-Type: application/json" \ -d "$JSON_PAYLOAD" echo "✅ Docker Hub erfolgreich aktualisiert." else echo "❌ Docker Hub Login fehlgeschlagen (Token ist leer)." exit 1 fi - name: Commit, Tag and Push Changes if: steps.check_changes.outputs.should_build == 'true' run: | git config --local user.email "action@pi-farm.de" git config --local user.name "Gitea Action" git add VERSION.history README.md docker-compose.yml git diff --quiet && git diff --staged --quiet || git commit -m "${{ env.FINAL_MSG }} [skip ci]" git tag -f "v${{ steps.prep.outputs.docker_tag }}" git push origin main git push -f origin "v${{ steps.prep.outputs.docker_tag }}" - name: Cleanup Temporary Tags on Docker Hub if: steps.check_changes.outputs.should_build == 'true' && contains(steps.prep.outputs.push_targets, 'dockerhub') run: | if ! command -v jq &> /dev/null; then (apt-get update && apt-get install -y jq) || (apk add --no-cache jq) || true fi echo "🧹 Aufräumen temporärer Docker Hub Tags..." TOKEN=$(curl -s -X POST "https://hub.docker.com/v2/users/login/" \ -H "Content-Type: application/json" \ -d "{\"username\": \"${{ secrets.DOCKERHUB_USERNAME }}\", \"password\": \"${{ secrets.DOCKERHUB_TOKEN }}\"}" | jq -r .token) if [ "$TOKEN" != "null" ] && [ -n "$TOKEN" ]; then REPO_PURE=${{ steps.prep.outputs.repo_pure }} DH_USER="${{ secrets.DOCKERHUB_USERNAME }}" for t in tmp-amd64 tmp-arm64; do echo "Lösche Tag $t..." STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE \ "https://hub.docker.com/v2/repositories/${DH_USER}/${REPO_PURE}/tags/$t/" \ -H "Authorization: JWT ${TOKEN}") echo "Status: $STATUS" done echo "✅ Temporäre Tags entfernt." fi - name: Cleanup Temporary Registry Tags (Gitea) if: steps.check_changes.outputs.should_build == 'true' run: | # (Dein bestehender Gitea Cleanup Code...) # Ich habe ihn hier gekürzt, da er in deinem Original schon korrekt war. # Kopiere einfach deinen "Cleanup Temporary Registry Tags" Block von oben hier hin. TOKEN="${{ secrets.GIT_TOKEN }}" ORG_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f1) REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2) for t in tmp-amd64 tmp-arm64; do # Versuch 1 curl -s -X DELETE "https://git.pi-farm.de/api/v1/packages/$ORG_NAME/container/$REPO_NAME/$t" -H "Authorization: token $TOKEN" # Versuch 2 (lowercase) curl -s -X DELETE "https://git.pi-farm.de/api/v1/packages/${ORG_NAME,,}/container/${REPO_NAME,,}/$t" -H "Authorization: token $TOKEN" done - name: Cleanup Docker Artifacts if: always() run: docker image prune -f - name: Workflow Summary if: always() run: | echo "Check completed. Build was: ${{ steps.check_changes.outputs.should_build }}"