name: Docker Build Smart Logic on: push: branches: - main tags: - 'v*' workflow_dispatch: env: REGISTRY_HOST: git.pi-farm.de IMAGE_BASE: ${{ gitea.repository }} jobs: build: name: Build amd64 & arm64 runs-on: buildx-multiarch steps: - name: Checkout repository uses: http://git.pi-farm.de/pi-farm/checkout@v4 with: fetch-depth: 0 fetch-tags: true - name: Dump context run: env | sort - name: Show ref info run: | echo "REF=$GITHUB_REF" echo "REF_TYPE=$GITHUB_REF_TYPE" echo "REF_NAME=$GITHUB_REF_NAME" - name: Dynamic Template Fix id: template_fix run: | if grep -q "{{.RepoName}}" README.md 2>/dev/null; then echo "Ersetze Platzhalter in README, docker-compose und LICENSE..." REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2) OWNER_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f1) BRANCH_NAME="${{ gitea.ref_name }}" sed -i "s|{{.RepoName}}|${REPO_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true sed -i "s|{{.OwnerName}}|${OWNER_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true sed -i "s|{{.BranchName}}|${BRANCH_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true git config user.name "Gitea Bot" git config user.email "bot@gitea.local" git add README.md docker-compose.yml LICENSE if git diff --staged --quiet; then echo "Keine Änderungen zum Committen." else git commit -m "docs: fix template placeholders [skip ci]" git push origin HEAD:${{ gitea.ref_name }} fi else echo "Platzhalter bereits ersetzt." fi - name: Detect version run: | if [ "$GITHUB_REF_TYPE" = "tag" ]; then VERSION="$GITHUB_REF_NAME" CLEAN_VERSION="${VERSION#v}" IS_TAG=true else VERSION="edge" CLEAN_VERSION="edge" IS_TAG=false fi echo "VERSION=$VERSION" >> $GITHUB_ENV echo "CLEAN_VERSION=$CLEAN_VERSION" >> $GITHUB_ENV echo "IS_TAG=$IS_TAG" >> $GITHUB_ENV - name: Set dynamic variables and check Dockerfiles id: check_files run: | if [ -s "Dockerfile" ]; then echo "Dockerfile gefunden und nicht leer. Build wird vorbereitet." echo "should_build=true" >> $GITEA_OUTPUT else echo "Dockerfile ist leer oder fehlt. Build wird übersprungen." echo "should_build=false" >> $GITEA_OUTPUT exit 0 fi AMD64_FILE="Dockerfile" if [ -s "Dockerfile.aarch64" ]; then echo "Spezielles Dockerfile.aarch64 erkannt." ARM64_FILE="Dockerfile.aarch64" else ARM64_FILE="Dockerfile" fi echo "IMAGE_NAME=${{ env.REGISTRY_HOST }}/${{ env.IMAGE_BASE }}" >> $GITEA_ENV echo "CACHE_IMAGE_NAME=${{ env.REGISTRY_HOST }}/${{ env.IMAGE_BASE }}-cache" >> $GITEA_ENV echo "AMD64_DOCKERFILE=$AMD64_FILE" >> $GITEA_ENV echo "ARM64_DOCKERFILE=$ARM64_FILE" >> $GITEA_ENV echo "BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITEA_ENV - name: Login to registry if: steps.check_files.outputs.should_build == 'true' run: | echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login \ ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - name: Setup buildx if: steps.check_files.outputs.should_build == 'true' run: | docker buildx rm multiarch || true docker buildx create --name multiarch --driver docker-container --use docker buildx inspect --bootstrap - name: Compute Docker tags run: | TAGS="${IMAGE_NAME}:${VERSION}" if [[ "$IS_TAG" == "true" ]]; then MAJOR=$(echo $CLEAN_VERSION | cut -d. -f1) MINOR=$(echo $CLEAN_VERSION | cut -d. -f1,2) TAGS="$TAGS,${IMAGE_NAME}:${MINOR}" TAGS="$TAGS,${IMAGE_NAME}:${MAJOR}" TAGS="$TAGS,${IMAGE_NAME}:latest" else TAGS="$TAGS,${IMAGE_NAME}:main" fi echo "DOCKER_TAGS=$TAGS" >> $GITEA_ENV - name: Load versions.env id: load_env run: | echo "Lade versions.env" set -a source versions.env set +a # Schreibe die wichtigsten Variablen ins GITEA_ENV für weitere Steps echo "BASE_IMAGE=$BASE_IMAGE" >> $GITEA_ENV echo "APP_VERSION=$APP_VERSION" >> $GITEA_ENV echo "TARGET_PLATFORMS=$TARGET_PLATFORMS" >> $GITEA_ENV echo "IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}" >> $GITEA_ENV echo "CACHE_IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}-cache" >> $GITEA_ENV echo "VERSION=${{ gitea.ref_name }}" >> $GITEA_ENV echo "BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITEA_ENV - name: Build & push multiarch if: steps.check_files.outputs.should_build == 'true' run: | echo "== Multiarch Build Start ==" # Build amd64 docker buildx build \ --platform linux/amd64 \ -f ${AMD64_DOCKERFILE} \ --build-arg BASE_IMAGE=$BASE_IMAGE \ --build-arg APP_VERSION=$APP_VERSION \ --label org.opencontainers.image.version=$APP_VERSION \ --label org.opencontainers.image.created=$BUILD_DATE \ -t ${CACHE_IMAGE_NAME}:${VERSION}-amd64 \ --push . # Build arm64 docker buildx build \ --platform linux/arm64 \ -f ${ARM64_DOCKERFILE} \ --build-arg BASE_IMAGE=$BASE_IMAGE \ --build-arg APP_VERSION=$APP_VERSION \ --label org.opencontainers.image.version=$APP_VERSION \ --label org.opencontainers.image.created=$BUILD_DATE \ -t ${CACHE_IMAGE_NAME}:${VERSION}-arm64 \ --push . # Merge into manifest docker buildx imagetools create -t ${IMAGE_NAME}:${VERSION} \ ${CACHE_IMAGE_NAME}:${VERSION}-amd64 \ ${CACHE_IMAGE_NAME}:${VERSION}-arm64 echo "== Multiarch Build Complete ==" - name: Generate SBOM run: | docker sbom ${IMAGE_NAME}:edge > sbom.spdx.json || true - name: Sign image run: cosign sign --key ${{ secrets.COSIGN_KEY }} ${IMAGE_NAME}:v${VERSION}