diff --git a/.gitea/workflows/docker-builder.yml b/.gitea/workflows/docker-builder.yml index 9a790c9..eb64fcf 100644 --- a/.gitea/workflows/docker-builder.yml +++ b/.gitea/workflows/docker-builder.yml @@ -8,7 +8,6 @@ on: - 'v*' workflow_dispatch: - env: REGISTRY_HOST: git.pi-farm.de IMAGE_BASE: ${{ gitea.repository }} @@ -19,28 +18,17 @@ jobs: runs-on: buildx-multiarch steps: - - name: Checkout repository uses: http://git.pi-farm.de/pi-farm/checkout@v4 with: fetch-depth: 0 fetch-tags: true - - name: Dump context - run: env | sort - - - name: Show ref info - run: | - echo "REF=$GITHUB_REF" - echo "REF_TYPE=$GITHUB_REF_TYPE" - echo "REF_NAME=$GITHUB_REF_NAME" - - name: Dynamic Template Fix id: template_fix run: | if grep -q "{{.RepoName}}" README.md 2>/dev/null; then - echo "Ersetze Platzhalter in README, docker-compose und LICENSE..." - + echo "Ersetze Platzhalter..." REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2) OWNER_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f1) BRANCH_NAME="${{ gitea.ref_name }}" @@ -52,198 +40,122 @@ jobs: git config user.name "Gitea Bot" git config user.email "bot@gitea.local" git add README.md docker-compose.yml LICENSE - - if git diff --staged --quiet; then - echo "Keine Änderungen zum Committen." - else + if ! git diff --staged --quiet; then git commit -m "docs: fix template placeholders [skip ci]" git push origin HEAD:${{ gitea.ref_name }} fi - else - echo "Platzhalter bereits ersetzt." fi - - name: Detect version - id: detect_version + - name: Detect version and Prepare Files + id: prepare run: | - echo "== Detect version ==" - # Prüfen, ob wir auf einem Tag oder main-Branch sind + # Versionierung if [ "$GITHUB_REF_TYPE" = "tag" ]; then VERSION="$GITHUB_REF_NAME" - CLEAN_VERSION="${VERSION#v}" # entfernt führendes 'v' IS_TAG=true else VERSION="main" - CLEAN_VERSION="main" IS_TAG=false fi - - echo "VERSION=$VERSION" - echo "CLEAN_VERSION=$CLEAN_VERSION" - echo "IS_TAG=$IS_TAG" - - # Env für alle weiteren Steps exportieren - echo "VERSION=$VERSION" >> $GITHUB_ENV - echo "CLEAN_VERSION=$CLEAN_VERSION" >> $GITHUB_ENV - echo "IS_TAG=$IS_TAG" >> $GITHUB_ENV - - - - name: Set dynamic variables and check Dockerfiles - id: check_files - run: | - if [ -s "Dockerfile" ]; then - echo "Dockerfile gefunden und nicht leer. Build wird vorbereitet." - echo "should_build=true" >> $GITEA_OUTPUT - else - echo "Dockerfile ist leer oder fehlt. Build wird übersprungen." + + # Dockerfile Auswahl + if [ ! -s "Dockerfile" ]; then echo "should_build=false" >> $GITEA_OUTPUT exit 0 fi + echo "should_build=true" >> $GITEA_OUTPUT - AMD64_FILE="Dockerfile" - if [ -s "Dockerfile.aarch64" ]; then - echo "Spezielles Dockerfile.aarch64 erkannt." - ARM64_FILE="Dockerfile.aarch64" - else - ARM64_FILE="Dockerfile" - fi - - echo "IMAGE_NAME=${{ env.REGISTRY_HOST }}/${{ env.IMAGE_BASE }}" >> $GITEA_ENV - echo "CACHE_IMAGE_NAME=${{ env.REGISTRY_HOST }}/${{ env.IMAGE_BASE }}-cache" >> $GITEA_ENV - echo "AMD64_DOCKERFILE=$AMD64_FILE" >> $GITEA_ENV - echo "ARM64_DOCKERFILE=$ARM64_FILE" >> $GITEA_ENV + # Multiarch Files + echo "AMD64_DOCKERFILE=Dockerfile" >> $GITEA_ENV + echo "ARM64_DOCKERFILE=$([ -s Dockerfile.aarch64 ] && echo Dockerfile.aarch64 || echo Dockerfile)" >> $GITEA_ENV + + # Global Env + echo "VERSION=$VERSION" >> $GITEA_ENV + echo "IS_TAG=$IS_TAG" >> $GITEA_ENV + echo "IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}" >> $GITEA_ENV + echo "CACHE_IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}-cache" >> $GITEA_ENV echo "BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITEA_ENV - name: Login to registry - if: steps.check_files.outputs.should_build == 'true' + if: steps.prepare.outputs.should_build == 'true' run: | echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login \ ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - name: Setup buildx - if: steps.check_files.outputs.should_build == 'true' + if: steps.prepare.outputs.should_build == 'true' run: | docker buildx rm multiarch || true docker buildx create --name multiarch --driver docker-container --use docker buildx inspect --bootstrap - - name: Compute Docker tags + - name: Build & push multiarch + if: steps.prepare.outputs.should_build == 'true' + shell: bash run: | + echo "== Universeller Multiarch Build Start ==" + + # 1. Dynamisches Laden aller Variablen aus versions.env als Build-Args + BUILD_ARGS="" + while IFS='=' read -r key value || [ -n "$key" ]; do + [[ "$key" =~ ^#.*$ || -z "$key" ]] && continue + clean_value=$(echo "$value" | xargs) + # Exportiere für Script-Nutzung UND baue Build-Args String + export "$key=$clean_value" + BUILD_ARGS="$BUILD_ARGS --build-arg $key=$clean_value" + done < versions.env + + # 2. Zusätzliche System-Args hinzufügen + BUILD_ARGS="$BUILD_ARGS --build-arg VERSION=$VERSION --build-arg BUILD_DATE=$BUILD_DATE" + + # 3. Tags berechnen if [[ "$IS_TAG" == "true" ]]; then - DOCKER_TAGS="${IMAGE_NAME}:${VERSION},${IMAGE_NAME}:latest" + DOCKER_TAGS="${IMAGE_NAME}:${VERSION} ${IMAGE_NAME}:latest" else DOCKER_TAGS="${IMAGE_NAME}:main" fi - echo "DOCKER_TAGS=$DOCKER_TAGS" >> $GITEA_ENV + # 4. Builds ausführen + CACHE_REF="${CACHE_IMAGE_NAME}" - - name: Load versions.env safely - shell: bash - run: | - echo "== Load versions.env ==" - - # Funktion zum sauberen Parsen - parse_env() { - grep -v '^#' versions.env | grep -v '^$' | while IFS='=' read -r key value; do - # Entferne mögliche Whitespaces - key=$(echo $key | xargs) - value=$(echo $value | xargs) - export $key="$value" - done - } - - parse_env - - # Fixen von Workflow-Variablen - CLEAN_VERSION="${VERSION#v}" - BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) - - # Write to Gitea env - echo "BASE_IMAGE=$BASE_IMAGE" >> $GITEA_ENV - echo "APP_VERSION=$APP_VERSION" >> $GITEA_ENV - echo "TARGET_PLATFORMS=$TARGET_PLATFORMS" >> $GITEA_ENV - echo "IMAGE_NAME=${REGISTRY_HOST}/$IMAGE_BASE" >> $GITEA_ENV - echo "CACHE_IMAGE_NAME=${REGISTRY_HOST}/$IMAGE_BASE-cache" >> $GITEA_ENV - echo "VERSION=$VERSION" >> $GITEA_ENV - echo "CLEAN_VERSION=$CLEAN_VERSION" >> $GITEA_ENV - echo "BUILD_DATE=$BUILD_DATE" >> $GITEA_ENV - - - - name: Build & push multiarch - if: steps.check_files.outputs.should_build == 'true' - shell: bash - run: | - echo "== Multiarch Build Start ==" - - # versions.env direkt hier laden - BASE_IMAGE=$(grep ^BASE_IMAGE= versions.env | cut -d '=' -f2-) - APP_VERSION=$(grep ^APP_VERSION= versions.env | cut -d '=' -f2-) - - echo "BASE_IMAGE=$BASE_IMAGE" - echo "APP_VERSION=$APP_VERSION" - - if [ -z "$BASE_IMAGE" ]; then - echo "BASE_IMAGE is empty → abort" - exit 1 - fi - - # Cache-Definitionen für bessere Übersicht - CACHE_REF="${REGISTRY_HOST}/${IMAGE_BASE}-cache" - - # amd64 build mit Registry-Cache (mode=min für weniger Fragmente) + echo "Starte AMD64 Build..." docker buildx build \ --platform linux/amd64 \ -f ${AMD64_DOCKERFILE} \ - --build-arg BASE_IMAGE="$BASE_IMAGE" \ - --build-arg APP_VERSION="$APP_VERSION" \ - --label org.opencontainers.image.version="$APP_VERSION" \ - --label org.opencontainers.image.created="$BUILD_DATE" \ + ${BUILD_ARGS} \ --cache-from type=registry,ref=${CACHE_REF}:amd64 \ --cache-to type=registry,ref=${CACHE_REF}:amd64,mode=min \ -t ${CACHE_IMAGE_NAME}:${VERSION}-amd64 \ --push . - # arm64 build mit Registry-Cache (mode=min für weniger Fragmente) - #docker buildx build \ - # --platform linux/arm64 \ - # -f ${ARM64_DOCKERFILE} \ - # --build-arg BASE_IMAGE="$BASE_IMAGE" \ - # --build-arg APP_VERSION="$APP_VERSION" \ - # --label org.opencontainers.image.version="$APP_VERSION" \ - # --label org.opencontainers.image.created="$BUILD_DATE" \ - # --cache-from type=registry,ref=${CACHE_REF}:arm64 \ - # --cache-to type=registry,ref=${CACHE_REF}:arm64,mode=min \ - # -t ${CACHE_IMAGE_NAME}:${VERSION}-arm64 \ - # --push . + echo "Starte ARM64 Build..." + docker buildx build \ + --platform linux/arm64 \ + -f ${ARM64_DOCKERFILE} \ + ${BUILD_ARGS} \ + --cache-from type=registry,ref=${CACHE_REF}:arm64 \ + --cache-to type=registry,ref=${CACHE_REF}:arm64,mode=min \ + -t ${CACHE_IMAGE_NAME}:${VERSION}-arm64 \ + --push . - # Manifest-Erstellung (verbindet die Architekturen zu den finalen Tags) - for TAG in $(echo $DOCKER_TAGS | tr ',' ' '); do - echo "Creating manifest for tag: $TAG" + # 5. Manifest Erstellung + for TAG in $DOCKER_TAGS; do + echo "Creating manifest for: $TAG" docker buildx imagetools create -t $TAG \ ${CACHE_IMAGE_NAME}:${VERSION}-amd64 \ ${CACHE_IMAGE_NAME}:${VERSION}-arm64 done - echo "== Multiarch Build Complete ==" - - - name: Install syft - run: | - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh \ - | sh -s -- -b /usr/local/bin - - name: Generate SBOM + if: steps.prepare.outputs.should_build == 'true' run: | - # Benutze die Build-Variable DOCKER_TAGS oder IMAGE_NAME + VERSION - if [[ "$IS_TAG" == "true" ]]; then - TARGET_IMAGE="${IMAGE_NAME}:${VERSION}" - else - TARGET_IMAGE="${IMAGE_NAME}:main" - fi - + curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin + TARGET_IMAGE="${IMAGE_NAME}:${VERSION}" echo "Generating SBOM for $TARGET_IMAGE" syft $TARGET_IMAGE -o spdx-json > sbom.spdx.json || true - name: Upload SBOM + if: steps.prepare.outputs.should_build == 'true' uses: actions/upload-artifact@v3 with: name: sbom