foundation/actions/docker-build/action.yml
Andreas Niemann 35dc008759
All checks were successful
CI / preflight (push) Successful in 5s
CI / typecheck (push) Successful in 15s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 13s
ecosystem-selftest / eslint-gate (push) Successful in 3s
ecosystem-selftest / yamllint-gate (push) Successful in 3s
pulumi-preview / preview (push) Successful in 16s
refactor(ci): composite actions instead of reusable workflows (Forgejo 11)
Forgejo 11.0.15 does NOT support reusable workflows (job-level `uses:` /
`workflow_call`): the call is silently dropped and no run is scheduled (verified
live — a same-repo and a cross-repo reusable call both produced zero runs, while
an equivalent inline job ran green). The working cross-repo reuse primitive here
is the COMPOSITE ACTION referenced by FULL URL (a short-form
`uses: olsitec/foundation/...@master` resolves against the runner's
DEFAULT_ACTIONS_URL = data.forgejo.org, not the local instance, and 404s; the
full-URL form `uses: https://forge.olsitec.net/olsitec/foundation/actions/<x>@master`
was verified green).

- Replace the four reusable-*.yml with composite actions under actions/:
  node-build, docker-build, lint, semantic-release-version (same logic + inputs).
- actions/README.md documents the pattern, the Forgejo-11 limitation, and the
  999_testing candidate coverage (C2/C3/C4 self-contained; C1/C5 blocked on the
  not-yet-published @olsitec package registry).
- ecosystem-selftest paths filter: actions/** (was reusable-*.yml).

The capabilities that need no external repo (semantic-release bump sequence,
eslint/yamllint gates) keep running green via ecosystem-selftest's inline jobs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 01:14:51 +02:00

56 lines
2 KiB
YAML

# docker-build — build a Docker image (999_testing candidates C1/C5). Composite
# action (see actions/node-build). Builds against the HOST Docker daemon via the
# mounted socket, so the CALLER's job MUST mount it:
#
# jobs:
# image:
# runs-on: docker
# container:
# image: foundation-ci:latest
# volumes: [ /var/run/docker.sock:/var/run/docker.sock ]
# steps:
# - uses: actions/checkout@v4
# - uses: https://forge.olsitec.net/olsitec/foundation/actions/docker-build@master
# with: { image: "olsitec/token-service:ci" }
#
# R5: the host socket is root-equivalent on the forge VM — trusted first-party repos
# only until the runner is fenced. Candidates C1 (seaspots-homepage) and C5
# (token-service) also need @olsitec packages from a registry that is not published
# yet (Stage-2); their real builds need an npmrc via `build-args` once it exists.
name: docker-build
description: Build (optionally push) a Docker image via the host daemon.
inputs:
context:
default: "."
dockerfile:
default: "Dockerfile"
image:
description: "image ref to tag, e.g. name:tag"
required: true
build-args:
description: "newline-separated KEY=VALUE docker --build-arg pairs"
default: ""
push:
description: "push after build (true/false; registry must exist)"
default: "false"
runs:
using: composite
steps:
- name: Docker build
shell: bash
run: |
args=""
if [ -n "${{ inputs.build-args }}" ]; then
while IFS= read -r kv; do
[ -z "$kv" ] && continue
args="$args --build-arg $kv"
done <<'EOF'
${{ inputs.build-args }}
EOF
fi
echo "+ docker build -f ${{ inputs.dockerfile }} -t ${{ inputs.image }} $args ${{ inputs.context }}"
docker build -f "${{ inputs.dockerfile }}" -t "${{ inputs.image }}" $args "${{ inputs.context }}"
- name: Push
if: ${{ inputs.push == 'true' }}
shell: bash
run: docker push "${{ inputs.image }}"