devops/gitea-actions-templates
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1e70af74d0f9cf9cdaf6002fee09fe02919c621
gitea-actions-templates/.gitea/workflows/docker-build-and-push.yaml
Greedy.Death d1e70af74d revert 342558e3e6 
revert Update .gitea/workflows/docker-build-and-push.yaml
2025-11-25 06:12:31 +00:00

134 lines
4.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Workflow to build and push docker image to registry
on:
workflow_call:
inputs:
APP_NAME:
required: true
type: string
description: Application name which would be the name of Docker and Helm release
REGISTRY:
required: true
type: string
DOCKERFILE_PATH:
type: string
default: Dockerfile
USER_FOR_IMAGE_STORE:
type: string
default: registry-bot
VAULT_SECRETS_PATH:
type: string
default: ""
description: "Path in Vault to fetch build-time secrets (e.g., cicd/data/gmt-client)"
BUILD_ARG_NAMES:
type: string
default: ""
description: "Comma-separated list of build arg names to fetch from Vault"
secrets:
VAULT_TOKEN:
required: true
jobs:
build:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-22.04
steps:
- name: Import Secrets
uses: hashicorp/vault-action@v2
with:
url: https://vault.project-quest-dev.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
cicd/data/docker password | REGISTRY_PASSWORD ;
cicd/data/docker username | REGISTRY_USERNAME ;
cicd/data/submodule token | SUBMODULE_TOKEN ;
cicd/data/submodule npm_token | NPM_TOKEN ;
- name: Import Build Args from Vault
if: ${{ inputs.VAULT_SECRETS_PATH != '' && inputs.BUILD_ARG_NAMES != '' }}
uses: hashicorp/vault-action@v2
with:
url: https://vault.project-quest-dev.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
${{ inputs.VAULT_SECRETS_PATH }} * | BUILD_SECRETS_RAW ;
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
token: ${{ env.SUBMODULE_TOKEN }}
- name: Set up Docker BuildX
uses: docker/setup-buildx-action@v2
with:
driver-opts: network=host
config-inline: |
[registries.insecure]
"${{ inputs.REGISTRY }}" = true
- &get_version
name: Extract version from tag or set commit SHA
id: vars
run: |
if [ "${{ github.ref_type }}" = "tag" ]; then
echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
else
VERSION=$(echo "${{ github.sha }}" | cut -c1-7)
echo "VERSION=$VERSION" >> $GITHUB_ENV
fi
- name: Prepare Build Args
if: ${{ inputs.BUILD_ARG_NAMES != '' }}
run: |
BUILD_ARGS_FLAGS=""
# Разбираем comma-separated список имен аргументов
IFS=',' read -ra ARG_NAMES <<< "${{ inputs.BUILD_ARG_NAMES }}"
for arg_name in "${ARG_NAMES[@]}"; do
# Убираем пробелы
arg_name=$(echo "$arg_name" | xargs)
# Получаем значение из импортированных секретов
# В Vault Action каждый ключ экспортируется как отдельная env переменная
arg_value=$(printenv "$arg_name" || echo "")
if [ -n "$arg_value" ]; then
BUILD_ARGS_FLAGS="$BUILD_ARGS_FLAGS --build-arg $arg_name=$arg_value"
echo "✓ Build arg added: $arg_name"
else
echo "⚠ Warning: $arg_name not found in Vault secrets"
fi
done
echo "BUILD_ARGS_FLAGS=$BUILD_ARGS_FLAGS" >> $GITHUB_ENV
echo "Build args flags: $BUILD_ARGS_FLAGS"
- name: Login to Docker registry
uses: docker/login-action@v2
with:
registry: ${{ inputs.REGISTRY }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Build Docker image
run: |
docker build \
--build-arg SUBMODULE_TOKEN=${{ env.NPM_TOKEN }} \
$BUILD_ARGS_FLAGS \
-f ${{ inputs.DOCKERFILE_PATH }} \
-t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} \
.
- name: Push Docker image
run: |
docker push ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }}
- name: Logout from Docker registry
run: docker logout ${{ inputs.REGISTRY }}
Reference in New Issue View Git Blame Copy Permalink