campenbe/workflows
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: campenbe:2025-09-25-1
Branches Tags
campenbe:main
campenbe:2026-02-11 campenbe:2025-12-16 campenbe:2025-10-01-2 campenbe:2025-10-01-1 campenbe:2025-09-25-1 campenbe:2025-09-13-1
..
compare: campenbe:2026-02-11
Branches Tags
campenbe:main
campenbe:2026-02-11 campenbe:2025-12-16 campenbe:2025-10-01-2 campenbe:2025-10-01-1 campenbe:2025-09-25-1 campenbe:2025-09-13-1

5 Commits
2025-09-25 ... 2026-02-11

Author SHA1 Message Date
Ampenberger, Chris
ec0a641f39 add support for building in sub container 2026-02-11 15:38:21 -05:00
Chris Ampenberger
2c40422ef2 act-runner examples 2025-12-19 15:54:22 -05:00
Chris Ampenberger
5bc1018327 allow for extra build-args 2025-12-16 18:50:43 -05:00
Ampenberger, Chris
45b69d5b8d Added readme and fixed credential refral 2025-10-01 16:49:28 -04:00
Ampenberger, Chris
7a244ff662 Added initial version for building a golang artifact and a container from an artifact 2025-10-01 16:26:52 -04:00
4 changed files with 314 additions and 18 deletions
Expand all files Collapse all files

99
.gitea/workflows/container-from-artifact.yaml Normal file
View File

@@ -0,0 +1,99 @@
# This workflow builds a container image from a specified artifact and a given
# Dockerfile using Buildah and pushes it to a container registry.
name: Build a container from an artifact
on:
workflow_call:
inputs:
artifact_name:
description: "Name of the artifact to download"
required: true
type: string
package-name:
description: "Name of the package to build"
required: true
type: string
package-label:
description: "Label to use for the package"
required: true
type: string
builder-image:
description: "Container image to use for the build"
required: false
type: string
default: gitea.ampenberger.com/campenbe/img-builder:3.21-1.24
dockerfile:
description: "Dockerfile to use for the build"
required: false
type: string
default: Dockerfile
version:
description: "Version string passed to the Docker build as build-arg"
required: false
type: string
default: development
git_user:
description: "Git user to use for checkout and the container registry"
required: false
type: string
default: campenbe
secrets:
# Password to log into the container registry
PASSWORD:
required: true
# Token to access the git repository
GIT_TOKEN:
required: true
env:
PACKAGE_NAME: ${{ inputs.package-name }}
PACKAGE_LABEL: ${{ inputs.package-label }}
VERSION: ${{ inputs.version }}
LABEL: ${{ inputs.package-label }}
ARTIFACT_UPLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/upload-artifact@v2' || 'actions/upload-artifact@v3' }}
ARTIFACT_DOWNLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/download-artifact@v2' || 'actions/download-artifact@v3' }}
jobs:
container:
runs-on: ubuntu-latest
container:
image: ${{inputs.builder-image}}
credentials:
username: ${{inputs.git_user}}
password: ${{secrets.PASSWORD}}
steps:
- name: Install tools
run : |
gitea_addr.sh
env | sort
- name: Fix git access
run: |
git config --global url."https://git:${{secrets.GIT_TOKEN}}@gitea.ampenberger.com/${{inputs.git_user}}/.insteadOf" git://git.ampenberger.com/
- uses: actions/checkout@v4
with:
submodules: false
- name: Download the artifact
uses: "${{env.ARTIFACT_DOWNLOAD}}"
with:
name: ${{inputs.artifact_name}}
path: build/
- name: Build container
run: |
find build
set -x
buildah build -f ${{inputs.dockerfile}} --build-arg GIT_TOKEN=${{secrets.GIT_TOKEN}} --build-arg VERSION=${VERSION} -t gitea.ampenberger.com/${{inputs.git_user}}/${PACKAGE_NAME}:${LABEL} .
echo "Built ${PACKAGE_NAME}:${LABEL}"
buildah images
- name: Publish the container to the registry
run: |
buildah login -u ${{inputs.git_user}} -p ${{secrets.GIT_TOKEN}} gitea.ampenberger.com
buildah push gitea.ampenberger.com/${{inputs.git_user}}/${PACKAGE_NAME}:${LABEL}

102
.gitea/workflows/go-binary.yaml Normal file
View File

@@ -0,0 +1,102 @@
# This is a shared workflow that will build a go binary by executing
# the following steps:
#
# - checkout the code
# - download the go modules
# - run go vet
# - run the unit tests and generate a coverage report
# - build the binary
# - upload the binary as an artifact
#
# A number of input params are used to customize the build.
name: Build a go binary
on:
workflow_call:
inputs:
package-name:
description: "Name of the package/binary that will be built"
required: true
type: string
builder-image:
description: "Container image to use for the build"
required: false
type: string
default: gitea.ampenberger.com/campenbe/img-builder:3.22-1.24
version:
description: "Version string to embed in the binary"
required: false
type: string
default: development
git_user:
description: "Git user to use for checkout and the container registry"
required: false
type: string
default: campenbe
secrets:
# Password to log into the container registry
PASSWORD:
required: true
# Token to access the git repository
GIT_TOKEN:
required: true
env:
PACKAGE_NAME: ${{ inputs.package-name }}
ARTIFACT_UPLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/upload-artifact@v2' || 'actions/upload-artifact@v3' }}
ARTIFACT_DOWNLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/download-artifact@v2' || 'actions/download-artifact@v3' }}
VERSION: ${{ inputs.version }}
jobs:
go:
runs-on: ubuntu-latest
container:
image: ${{inputs.builder-image}}
credentials:
username: ${{inputs.git_user}}
password: ${{secrets.PASSWORD}}
steps:
- name: Install tools
run : |
apk add vips-dev
gitea_addr.sh
env | sort
- name: Fix git access
run: |
git config --global url."https://git:${{secrets.GIT_TOKEN}}@gitea.ampenberger.com/${{inputs.git_user}}/.insteadOf" git://git.ampenberger.com/
- uses: actions/checkout@v4
with:
submodules: false
- name: Download modules
run: |
git config --global url."https://git:${{secrets.GIT_TOKEN}}@gitea.ampenberger.com/${{inputs.git_user}}/.insteadOf" ssh://git.ampenberger.com/
go mod download -x
- name: vet the code
run: mage -v vet
- name: unit tests and coverage
run: mage -v coverReport
- name: coverage artifact
uses: "${{env.ARTIFACT_UPLOAD}}"
with:
name: coverage
path: build/coverage.html
- name: build the binary
run: |
[ -d build ] || mkdir build
go build -v -o build/${PACKAGE_NAME} -ldflags "-X main.Version=${VERSION:-development}" .
echo "Built binary: ${PACKAGE_NAME}"
- name: Upload artifact
uses: "${{env.ARTIFACT_UPLOAD}}"
with:
name: ${{env.PACKAGE_NAME}}
path: build/

57
.gitea/workflows/simple-container.yaml
View File

@@ -3,20 +3,44 @@ name: Build and Publisch a Simple Container
on:
workflow_call:
inputs:
dockerfile:
description: "Dockerfile to use for the build"
required: true
type: string
default: Dockerfile
git_user:
description: "Git user to use for checkout and the container registry"
required: true
type: string
default: campenbe
package-name:
description: "Name of the package to build"
required: true
type: string
package-label:
description: "Label to use for the package"
required: true
type: string
builder-image:
description: "Container image to use for the build"
required: false
type: string
default: gitea.ampenberger.com/campenbe/img-builder:3.21-1.24
version:
description: "Version string passed to the Docker build as build-arg"
required: false
type: string
default: development
extra-build-args:
description: "Extra build args to pass to the Docker build, separate by space"
required: false
type: string
default: ""
subdirectory:
description: "Subdirectory to use for the build context"
required: false
type: string
default: ""
secrets:
PASSWORD:
@@ -29,6 +53,7 @@ env:
LABEL: ${{ inputs.package-label }}
ARTIFACT_UPLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/upload-artifact@v2' || 'actions/upload-artifact@v3' }}
ARTIFACT_DOWNLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/download-artifact@v2' || 'actions/download-artifact@v3' }}
EXTRA_ARGS: ${{ inputs.extra-build-args }}
jobs:
@@ -37,7 +62,7 @@ jobs:
container:
image: ${{inputs.builder-image}}
credentials:
username: campenbe
username: ${{inputs.git_user}}
password: ${{secrets.PASSWORD}}
steps:
@@ -49,7 +74,7 @@ jobs:
- name: Fix git access
run: |
git config --global url."https://git:${{secrets.GIT_TOKEN}}@gitea.ampenberger.com/campenbe/.insteadOf" git://git.ampenberger.com/
git config --global url."https://git:${{secrets.GIT_TOKEN}}@gitea.ampenberger.com/${{inputs.git_user}}/.insteadOf" git://git.ampenberger.com/
- uses: actions/checkout@v4
with:
@@ -57,25 +82,21 @@ jobs:
- name: Build container
run: |
buildah build -f Dockerfile --build-arg GIT_TOKEN=${{secrets.GIT_TOKEN}} --build-arg VERSION=${{inputs.version}} -t gitea.ampenberger.com/campenbe/${PACKAGE_NAME}:${LABEL}
[ -n "${{inputs.subdirectory}}" ] && cd ${{inputs.subdirectory}}
# split the extra-args and construct build-arg parameters
set -- ${EXTRA_ARGS}
args=""
for p in "$@"; do
args="$args --build-arg ${p}"
done
buildah build -f ${{inputs.dockerfile}} --build-arg GIT_TOKEN=${{secrets.GIT_TOKEN}} --build-arg VERSION=${{inputs.version}} ${args} -t gitea.ampenberger.com/${{inputs.git_user}}/${PACKAGE_NAME}:${LABEL}
echo "Built ${PACKAGE_NAME}:${LABEL}"
buildah images
- name: export the image
run: |
buildah push --format docker gitea.ampenberger.com/campenbe/${PACKAGE_NAME}:${LABEL} docker-archive:${PACKAGE_NAME}-${LABEL}.tar
echo "Exported gitea.ampenberger.com/campenbe/${PACKAGE_NAME}:${LABEL} to ${PACKAGE_NAME}-${LABEL}.tar"
- name: Upload container image
uses: "${{env.ARTIFACT_UPLOAD}}"
with:
name: ${{env.PACKAGE_NAME}}-${{ env.LABEL }}
path: "${{env.PACKAGE_NAME}}-${{ env.LABEL }}.tar"
if-no-files-found: error
compression-level: 0
- name: Publish the container to the registry
run: |
buildah login -u campenbe -p ${{secrets.GIT_TOKEN}} gitea.ampenberger.com
buildah push gitea.ampenberger.com/campenbe/${PACKAGE_NAME}:${LABEL}
buildah login -u ${{inputs.git_user}} -p ${{secrets.GIT_TOKEN}} gitea.ampenberger.com
buildah push gitea.ampenberger.com/${{inputs.git_user}}/${PACKAGE_NAME}:${LABEL}

74
README.md Normal file
View File

@@ -0,0 +1,74 @@
This repository is public and contains shared workflows that are used
in other builds. Each workflow takes a number of parameters and
secrets as inputs. Parameters and secrets are documented in the
respective workflows.
At this point the the following workflows are available:
- ```simple-container.yaml``` - One shot of build of a container through
a given Dockerfile.
- ```go-binary.yaml``` - Builds a golang binary and uploads the binary
as artifact.
- ```container-from-artifact.yaml``` - Builds and uploads a container from
a given artifact and a given Dockerfile.
## Usage
The workflows are used with in a master workflow through a workflow
call, like below. Also see [build.yaml](https://gitea.ampenberger.com/campenbe/synauth/src/branch/main/.gitea/workflows/build.yaml)
for an example
```
....
build-container:
uses: https://gitea.ampenberger.com/campenbe/workflows/.gitea/workflows/container-from-artifact.yaml@2025-10-01-1
with:
artifact_name: my_source_artifact
dockerfile: Dockerfile.small
package-name: cool-project
package-label: v1
version: v1-r1
secrets:
PASSWORD: ${{ secrets.PASSWORD }}
GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
```
## Development
It is possible to refer to a local version of an workflow in the `uses:` clause
for testing purposes:
```
...
uses: './../workflows/.gitea/workflows/simple-container.yaml
...
```
To avoid caching issues always tag a new version and refer to the respective
version with the tag in the consuming workflow.
## act-runner
I use `act_runner` to execute builds on the build server. It is possible
to test workflows by downloading a version from [gitea.com/gitea/act_runner/releases](https://gitea.com/gitea/act_runner/releases).
Following are a few use cases that might be helpful for testing:
```
# Default command for running the first workflow matching a push even
act-runner exec \
--artifact-server-path build \ # where to store artifacts
--secret "GIT_TOKEN=${GITEA_TOKEN}" \ # access token for Gitea access
--secret "PASSWORD=${PASSWORD}" \ # to pull the img-builder images
--privileged \ # needed for building containers
--env "GITEA_IP_ADDR=72.74.26.168" \ # need on my ADI mac to resolve the gitea address
--container-daemon-socket /run/docker.sock # location of the podman socket
# When testing a tag push
act-runner exec --privileged --secret GIT_TOKEN=$GITEA_TOKEN --secret PASSWORD=$PASSWORD --artifact-server-path ./build --env "GITHUB_REFS=rests/tags/...."
# to run a particular workflow
act-runner exec --privileged --secret GIT_TOKEN=$GITEA_TOKEN --secret PASSWORD=$PASSWORD --artifact-server-path ./build -W .gitea/workflows/test.yaml
# To test a particular event
act-runner exec --privileged --secret GIT_TOKEN=$GITEA_TOKEN --secret PASSWORD=$PASSWORD --artifact-server-path ./build -E workfow_dispatch
```