foundation/.forgejo/workflows/reusable-docker-build.yml
Andreas Niemann 290f48ba18
All checks were successful
CI / preflight (push) Successful in 4s
CI / typecheck (push) Successful in 15s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 12s
ecosystem-selftest / eslint-gate (push) Successful in 4s
ecosystem-selftest / yamllint-gate (push) Successful in 4s
pulumi-preview / preview (push) Successful in 18s
revert(ci): reusable workflows after all — Forgejo 11 supports them
Correction to the previous commit. Forgejo 11.0.15 DOES support reusable
workflows; my earlier "not supported" was a false negative — the test caller
omitted `runs-on`, and the pre-v15 "limited" implementation REQUIRES `runs-on`
on the calling job (omitting it makes Forgejo silently schedule no run). Verified
live: a caller with `runs-on` runs green, same-repo and cross-repo (short ref);
the full-URL form fails for reusable workflows (it was only needed for composite
ACTIONS, which resolve via DEFAULT_ACTIONS_URL).

- Restore the four reusable-*.yml (on: workflow_call), the architecture the
  handover + 999_testing chose; fix the caller examples to include `runs-on`.
- Remove the composite-action layer (actions/) — single mechanism, no redundancy.
- .forgejo/workflows/README.md documents the v11 caller-`runs-on` + short-ref
  quirks (both removed by a future Forgejo v15 upgrade) and the candidate coverage.
- ecosystem-selftest paths filter back to reusable-*.yml.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 01:48:29 +02:00

68 lines
2.4 KiB
YAML

# reusable-docker-build — build a Docker image (999_testing candidates C1/C5).
#
# A REUSABLE workflow (on: workflow_call) downstream repos call:
# jobs:
# image:
# runs-on: docker # REQUIRED on Forgejo 11 (pre-v15 reusable-workflow quirk; see README)
# uses: olsitec/foundation/.forgejo/workflows/reusable-docker-build.yml@master
# with: { image: "olsitec/seaspots-homepage:ci", push: false }
#
# Builds against the HOST Docker daemon via the mounted socket (the foundation-ci
# image ships the docker CLI; the runner's valid_volumes allows the mount). NOTE
# (R5): the host socket is root-equivalent on the forge VM — this is acceptable
# ONLY for trusted first-party repos until the runner is fenced to its own VM.
#
# Candidates C1 (seaspots-homepage) and C5 (token-service) depend on @olsitec
# packages from a private registry that is not published yet (Stage-2). Their real
# builds need a registry / npmrc; this workflow proves the docker-build path and
# accepts a `build-args`/`npmrc` hook for when the registry exists.
name: reusable-docker-build
on:
workflow_call:
inputs:
context:
type: string
default: "."
dockerfile:
type: string
default: "Dockerfile"
image:
description: "image ref to tag, e.g. name:tag"
type: string
required: true
build-args:
description: "newline-separated KEY=VALUE docker --build-arg pairs"
type: string
default: ""
push:
description: "push to the foundation registry after build (registry must exist)"
type: boolean
default: false
jobs:
image:
runs-on: docker
container:
image: foundation-ci:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
steps:
- uses: actions/checkout@v4
- name: Docker build
run: |
args=""
if [ -n "${{ inputs.build-args }}" ]; then
while IFS= read -r kv; do
[ -z "$kv" ] && continue
args="$args --build-arg $kv"
done <<'EOF'
${{ inputs.build-args }}
EOF
fi
echo "+ docker build -f ${{ inputs.dockerfile }} -t ${{ inputs.image }} $args ${{ inputs.context }}"
docker build -f "${{ inputs.dockerfile }}" -t "${{ inputs.image }}" $args "${{ inputs.context }}"
- name: Push
if: ${{ inputs.push }}
run: docker push "${{ inputs.image }}"