# reusable-docker-build — build a Docker image (999_testing candidates C1/C5). # # A REUSABLE workflow (on: workflow_call) downstream repos call: # jobs: # image: # runs-on: docker # REQUIRED on Forgejo 11 (pre-v15 reusable-workflow quirk; see README) # uses: olsitec/foundation/.forgejo/workflows/reusable-docker-build.yml@master # with: { image: "olsitec/seaspots-homepage:ci", push: false } # # Builds against the HOST Docker daemon via the mounted socket (the foundation-ci # image ships the docker CLI; the runner's valid_volumes allows the mount). NOTE # (R5): the host socket is root-equivalent on the forge VM — this is acceptable # ONLY for trusted first-party repos until the runner is fenced to its own VM. # # Candidates C1 (seaspots-homepage) and C5 (token-service) depend on @olsitec # packages from a private registry that is not published yet (Stage-2). Their real # builds need a registry / npmrc; this workflow proves the docker-build path and # accepts a `build-args`/`npmrc` hook for when the registry exists. name: reusable-docker-build on: workflow_call: inputs: context: type: string default: "." dockerfile: type: string default: "Dockerfile" image: description: "image ref to tag, e.g. name:tag" type: string required: true build-args: description: "newline-separated KEY=VALUE docker --build-arg pairs" type: string default: "" push: description: "push to the foundation registry after build (registry must exist)" type: boolean default: false jobs: image: runs-on: docker container: image: foundation-ci:latest volumes: - /var/run/docker.sock:/var/run/docker.sock steps: - uses: actions/checkout@v4 - name: Docker build run: | args="" if [ -n "${{ inputs.build-args }}" ]; then while IFS= read -r kv; do [ -z "$kv" ] && continue args="$args --build-arg $kv" done <<'EOF' ${{ inputs.build-args }} EOF fi echo "+ docker build -f ${{ inputs.dockerfile }} -t ${{ inputs.image }} $args ${{ inputs.context }}" docker build -f "${{ inputs.dockerfile }}" -t "${{ inputs.image }}" $args "${{ inputs.context }}" - name: Push if: ${{ inputs.push }} run: docker push "${{ inputs.image }}"