162 lines
5.8 KiB
YAML
162 lines
5.8 KiB
YAML
name: Docker Build Smart Logic
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
tags:
|
|
- 'v*'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY_HOST: git.pi-farm.de
|
|
IMAGE_BASE: ${{ gitea.repository }}
|
|
|
|
jobs:
|
|
build:
|
|
name: Build amd64 & arm64
|
|
runs-on: buildx-multiarch
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: http://git.pi-farm.de/pi-farm/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
fetch-tags: true
|
|
|
|
- name: Dynamic Template Fix
|
|
id: template_fix
|
|
run: |
|
|
if grep -q "{{.RepoName}}" README.md 2>/dev/null; then
|
|
echo "Ersetze Platzhalter..."
|
|
REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2)
|
|
OWNER_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f1)
|
|
BRANCH_NAME="${{ gitea.ref_name }}"
|
|
|
|
sed -i "s|{{.RepoName}}|${REPO_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true
|
|
sed -i "s|{{.OwnerName}}|${OWNER_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true
|
|
sed -i "s|{{.BranchName}}|${BRANCH_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true
|
|
|
|
git config user.name "Gitea Bot"
|
|
git config user.email "bot@gitea.local"
|
|
git add README.md docker-compose.yml LICENSE
|
|
if ! git diff --staged --quiet; then
|
|
git commit -m "docs: fix template placeholders [skip ci]"
|
|
git push origin HEAD:${{ gitea.ref_name }}
|
|
fi
|
|
fi
|
|
|
|
- name: Detect version and Prepare Files
|
|
id: prepare
|
|
run: |
|
|
# Versionierung
|
|
if [ "$GITHUB_REF_TYPE" = "tag" ]; then
|
|
VERSION="$GITHUB_REF_NAME"
|
|
IS_TAG=true
|
|
else
|
|
VERSION="main"
|
|
IS_TAG=false
|
|
fi
|
|
|
|
# Dockerfile Auswahl
|
|
if [ ! -s "Dockerfile" ]; then
|
|
echo "should_build=false" >> $GITEA_OUTPUT
|
|
exit 0
|
|
fi
|
|
echo "should_build=true" >> $GITEA_OUTPUT
|
|
|
|
# Multiarch Files
|
|
echo "AMD64_DOCKERFILE=Dockerfile" >> $GITEA_ENV
|
|
echo "ARM64_DOCKERFILE=$([ -s Dockerfile.aarch64 ] && echo Dockerfile.aarch64 || echo Dockerfile)" >> $GITEA_ENV
|
|
|
|
# Global Env
|
|
echo "VERSION=$VERSION" >> $GITEA_ENV
|
|
echo "IS_TAG=$IS_TAG" >> $GITEA_ENV
|
|
echo "IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}" >> $GITEA_ENV
|
|
echo "CACHE_IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}-cache" >> $GITEA_ENV
|
|
echo "BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITEA_ENV
|
|
|
|
- name: Login to registry
|
|
if: steps.prepare.outputs.should_build == 'true'
|
|
run: |
|
|
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login \
|
|
${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin
|
|
|
|
- name: Setup buildx
|
|
if: steps.prepare.outputs.should_build == 'true'
|
|
run: |
|
|
docker buildx rm multiarch || true
|
|
docker buildx create --name multiarch --driver docker-container --use
|
|
docker buildx inspect --bootstrap
|
|
|
|
- name: Build & push multiarch
|
|
if: steps.prepare.outputs.should_build == 'true'
|
|
shell: bash
|
|
run: |
|
|
echo "== Universeller Multiarch Build Start =="
|
|
|
|
# 1. Dynamisches Laden aller Variablen aus versions.env als Build-Args
|
|
BUILD_ARGS=""
|
|
while IFS='=' read -r key value || [ -n "$key" ]; do
|
|
[[ "$key" =~ ^#.*$ || -z "$key" ]] && continue
|
|
clean_value=$(echo "$value" | xargs)
|
|
# Exportiere für Script-Nutzung UND baue Build-Args String
|
|
export "$key=$clean_value"
|
|
BUILD_ARGS="$BUILD_ARGS --build-arg $key=$clean_value"
|
|
done < versions.env
|
|
|
|
# 2. Zusätzliche System-Args hinzufügen
|
|
BUILD_ARGS="$BUILD_ARGS --build-arg VERSION=$VERSION --build-arg BUILD_DATE=$BUILD_DATE"
|
|
|
|
# 3. Tags berechnen
|
|
if [[ "$IS_TAG" == "true" ]]; then
|
|
DOCKER_TAGS="${IMAGE_NAME}:${VERSION} ${IMAGE_NAME}:latest"
|
|
else
|
|
DOCKER_TAGS="${IMAGE_NAME}:main"
|
|
fi
|
|
|
|
# 4. Builds ausführen
|
|
CACHE_REF="${CACHE_IMAGE_NAME}"
|
|
|
|
echo "Starte AMD64 Build..."
|
|
docker buildx build \
|
|
--platform linux/amd64 \
|
|
-f ${AMD64_DOCKERFILE} \
|
|
${BUILD_ARGS} \
|
|
--cache-from type=registry,ref=${CACHE_REF}:amd64 \
|
|
--cache-to type=registry,ref=${CACHE_REF}:amd64,mode=min \
|
|
-t ${CACHE_IMAGE_NAME}:${VERSION}-amd64 \
|
|
--push .
|
|
|
|
echo "Starte ARM64 Build..."
|
|
docker buildx build \
|
|
--platform linux/arm64 \
|
|
-f ${ARM64_DOCKERFILE} \
|
|
${BUILD_ARGS} \
|
|
--cache-from type=registry,ref=${CACHE_REF}:arm64 \
|
|
--cache-to type=registry,ref=${CACHE_REF}:arm64,mode=min \
|
|
-t ${CACHE_IMAGE_NAME}:${VERSION}-arm64 \
|
|
--push .
|
|
|
|
# 5. Manifest Erstellung
|
|
for TAG in $DOCKER_TAGS; do
|
|
echo "Creating manifest for: $TAG"
|
|
docker buildx imagetools create -t $TAG \
|
|
${CACHE_IMAGE_NAME}:${VERSION}-amd64 \
|
|
${CACHE_IMAGE_NAME}:${VERSION}-arm64
|
|
done
|
|
|
|
- name: Generate SBOM
|
|
if: steps.prepare.outputs.should_build == 'true'
|
|
run: |
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
|
|
TARGET_IMAGE="${IMAGE_NAME}:${VERSION}"
|
|
echo "Generating SBOM for $TARGET_IMAGE"
|
|
syft $TARGET_IMAGE -o spdx-json > sbom.spdx.json || true
|
|
|
|
- name: Upload SBOM
|
|
if: steps.prepare.outputs.should_build == 'true'
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: sbom
|
|
path: sbom.spdx.json |