add support for building in sub container

.gitea/workflows/simple-container.yaml

@@ -4,27 +4,43 @@ on:
   workflow_call:
     inputs:
       dockerfile:
+        description: "Dockerfile to use for the build"
         required: true
         type: string
         default: Dockerfile
       git_user:
-        require: true
+        description: "Git user to use for checkout and the container registry"
+        required: true
         type: string
         default: campenbe
       package-name:
+        description: "Name of the package to build"
         required: true
         type: string
       package-label:
+        description: "Label to use for the package"
         required: true
         type: string
       builder-image:
+        description: "Container image to use for the build" 
         required: false
         type: string
         default: gitea.ampenberger.com/campenbe/img-builder:3.21-1.24
       version:
+        description: "Version string passed to the Docker build as build-arg"
         required: false
         type: string
         default: development
+      extra-build-args:
+        description: "Extra build args to pass to the Docker build, separate by space"
+        required: false
+        type: string
+        default: ""
+      subdirectory:
+        description: "Subdirectory to use for the build context"
+        required: false
+        type: string
+        default: ""
         
     secrets:
       PASSWORD:
@@ -37,6 +53,7 @@ env:
   LABEL: ${{ inputs.package-label }}
   ARTIFACT_UPLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/upload-artifact@v2' || 'actions/upload-artifact@v3' }}
   ARTIFACT_DOWNLOAD: ${{ env.ACT_EXEC == 'true' && 'actions/download-artifact@v2' || 'actions/download-artifact@v3' }}
+  EXTRA_ARGS: ${{ inputs.extra-build-args }}
 
 jobs:
 
@@ -45,7 +62,7 @@ jobs:
       container:
         image: ${{inputs.builder-image}}
         credentials:
-          username: campenbe
+          username: ${{inputs.git_user}}
           password: ${{secrets.PASSWORD}}
 
       steps:
@@ -65,7 +82,16 @@ jobs:
 
       - name: Build container
         run: |
-          buildah build -f ${{inputs.dockerfile}} --build-arg GIT_TOKEN=${{secrets.GIT_TOKEN}} --build-arg VERSION=${{inputs.version}} -t gitea.ampenberger.com/campenbe/${PACKAGE_NAME}:${LABEL}
+          [ -n "${{inputs.subdirectory}}" ] && cd ${{inputs.subdirectory}}
+
+          # split the extra-args and construct build-arg parameters
+          set -- ${EXTRA_ARGS}
+          args=""
+          for p in "$@"; do
+            args="$args --build-arg ${p}"
+          done
+
+          buildah build -f ${{inputs.dockerfile}} --build-arg GIT_TOKEN=${{secrets.GIT_TOKEN}} --build-arg VERSION=${{inputs.version}} ${args} -t gitea.ampenberger.com/${{inputs.git_user}}/${PACKAGE_NAME}:${LABEL}
           
           echo "Built ${PACKAGE_NAME}:${LABEL}"
           buildah images

README.md

@@ -0,0 +1,74 @@
+This repository is public and contains shared workflows that are used
+in other builds. Each workflow takes a number of parameters and
+secrets as inputs. Parameters and secrets are documented in the
+respective workflows.
+
+At this point the the following workflows are available:
+
+- ```simple-container.yaml``` - One shot of build of a container through
+  a given Dockerfile.
+- ```go-binary.yaml``` - Builds a golang binary and uploads the binary
+  as artifact.
+- ```container-from-artifact.yaml``` - Builds and uploads a container from
+  a given artifact and a given Dockerfile.
+
+## Usage
+
+The workflows are used with in a master workflow through a workflow
+call, like below. Also see [build.yaml](https://gitea.ampenberger.com/campenbe/synauth/src/branch/main/.gitea/workflows/build.yaml)
+for an example
+
+  ```
+    ....
+    build-container:
+      uses: https://gitea.ampenberger.com/campenbe/workflows/.gitea/workflows/container-from-artifact.yaml@2025-10-01-1
+      with:
+        artifact_name: my_source_artifact
+        dockerfile: Dockerfile.small
+        package-name: cool-project
+        package-label: v1
+        version: v1-r1
+      secrets:
+        PASSWORD: ${{ secrets.PASSWORD }}
+        GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
+  ```
+
+## Development
+
+It is possible to refer to a local version of an workflow in the `uses:` clause
+for testing purposes:
+
+  ```
+  ...
+    uses: './../workflows/.gitea/workflows/simple-container.yaml
+  ...
+  ```
+
+To avoid caching issues always tag a new version and refer to the respective
+version with the tag in the consuming workflow.
+
+## act-runner
+
+I use `act_runner` to execute builds on the build server. It is possible
+to test workflows by downloading a version from [gitea.com/gitea/act_runner/releases](https://gitea.com/gitea/act_runner/releases).
+Following are a few use cases that might be helpful for testing:
+
+  ```
+  # Default command for running the first workflow matching a push even
+  act-runner exec \
+    --artifact-server-path build \              # where to store artifacts
+    --secret "GIT_TOKEN=${GITEA_TOKEN}" \       # access token for Gitea access
+    --secret "PASSWORD=${PASSWORD}" \           # to pull the img-builder images
+    --privileged \                              # needed for building containers
+    --env "GITEA_IP_ADDR=72.74.26.168" \        # need on my ADI mac to resolve the gitea address
+    --container-daemon-socket /run/docker.sock  # location of the podman socket
+
+  # When testing a tag push
+  act-runner exec --privileged --secret GIT_TOKEN=$GITEA_TOKEN --secret PASSWORD=$PASSWORD --artifact-server-path ./build --env "GITHUB_REFS=rests/tags/...."
+
+  # to run a particular workflow
+  act-runner exec --privileged --secret GIT_TOKEN=$GITEA_TOKEN --secret PASSWORD=$PASSWORD --artifact-server-path ./build -W .gitea/workflows/test.yaml
+  
+  # To test a particular event
+  act-runner exec --privileged --secret GIT_TOKEN=$GITEA_TOKEN --secret PASSWORD=$PASSWORD --artifact-server-path ./build -E workfow_dispatch
+  ```