name: 🏗️ Build Container Image on: workflow_call: inputs: # --- Required --- image_name: description: 'Image name without registry/org (e.g. ansible-act-runner)' required: true type: string dockerfile_path: description: 'Path to Dockerfile relative to repo root (e.g. docker/Dockerfile)' required: true type: string context_path: description: 'Build context directory relative to repo root (e.g. docker/)' required: true type: string # --- Optional overrides --- registry: description: 'Registry to push to (default: gitea.mod.home)' required: false type: string default: 'gitea.mod.home' image_org: description: 'Registry org/namespace (default: calling repo owner)' required: false type: string default: '' extra_tag: description: 'Additional tag besides latest and SHA (e.g. stable)' required: false type: string default: '' no_cache: description: 'Disable build cache' required: false type: boolean default: false secrets: TOKEN: required: true TELEGRAM_BOT_TOKEN: required: false TELEGRAM_CHAT_ID: required: false # Optional — override default REGISTRY_USER/REGISTRY_PASSWORD REGISTRY_USER_OVERRIDE: required: false REGISTRY_PASSWORD_OVERRIDE: required: false jobs: build: # Runs directly on runner host (docker:host) # Kaniko executor available via tools volume (initContainer in deployment) runs-on: docker steps: - name: 🔎 Checkout run: | rm -rf /workspace git clone \ --depth 1 \ --branch "${{ gitea.ref_name }}" \ "http://${{ secrets.TOKEN }}@gitea.mod.home/${{ gitea.repository_owner }}/${{ gitea.event.repository.name }}.git" \ /workspace - name: 🏷️ Resolve Image Destination id: meta run: | # Registry REGISTRY="${{ inputs.registry }}" # Org: use override if provided, otherwise calling repo owner ORG="${{ inputs.image_org }}" if [ -z "${ORG}" ]; then ORG="${{ gitea.repository_owner }}" fi # Credentials: use override if provided, otherwise defaults USER="${{ secrets.REGISTRY_USER_OVERRIDE }}" if [ -z "${USER}" ]; then USER="${{ secrets.REGISTRY_USER }}" fi PASS="${{ secrets.REGISTRY_PASSWORD_OVERRIDE }}" if [ -z "${PASS}" ]; then PASS="${{ secrets.REGISTRY_PASSWORD }}" fi IMAGE="${REGISTRY}/${ORG}/${{ inputs.image_name }}" SHORT_SHA="${{ gitea.sha }}" SHORT_SHA="${SHORT_SHA:0:8}" echo "image=${IMAGE}" >> $GITHUB_OUTPUT echo "tag_latest=${IMAGE}:latest" >> $GITHUB_OUTPUT echo "tag_sha=${IMAGE}:${SHORT_SHA}" >> $GITHUB_OUTPUT echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT echo "registry=${REGISTRY}" >> $GITHUB_OUTPUT echo "user=${USER}" >> $GITHUB_OUTPUT echo "pass=${PASS}" >> $GITHUB_OUTPUT - name: 🔑 Create Kaniko Registry Config run: | mkdir -p /kaniko/.docker AUTH=$(echo -n "${{ steps.meta.outputs.user }}:${{ steps.meta.outputs.pass }}" | base64 | tr -d "\n\r") cat > /kaniko/.docker/config.json << DOCKEREOF {"auths":{"${{ steps.meta.outputs.registry }}":{"auth":"${AUTH}"}}} DOCKEREOF echo "config.json written:" cat /kaniko/.docker/config.json - name: 🔨 Build + Push Image run: | DESTINATIONS="--destination ${{ steps.meta.outputs.tag_latest }} \ --destination ${{ steps.meta.outputs.tag_sha }}" if [ -n "${{ inputs.extra_tag }}" ]; then DESTINATIONS="${DESTINATIONS} --destination ${{ steps.meta.outputs.image }}:${{ inputs.extra_tag }}" fi NO_CACHE="" if [ "${{ inputs.no_cache }}" = "true" ]; then NO_CACHE="--no-push-cache --cache=false" fi # Kaniko executor is in /tools (copied by initContainer) /tools/executor \ --context=dir:///workspace/${{ inputs.context_path }} \ --dockerfile=/workspace/${{ inputs.dockerfile_path }} \ ${DESTINATIONS} \ ${NO_CACHE} \ --insecure \ --skip-tls-verify \ --compressed-caching=false \ --kaniko-dir=/kaniko - name: 📨 Telegram Notification if: always() run: | STATUS="${{ job.status }}" IMAGE="${{ steps.meta.outputs.tag_latest }}" SHA="${{ steps.meta.outputs.short_sha }}" # Use wget — available in gitea/act_runner base image (busybox) wget -q -O- \ --post-data="chat_id=${{ secrets.TELEGRAM_CHAT_ID }}&text=🏗️ Build: ${IMAGE} SHA:${SHA} Status:${STATUS}" \ "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" || true