ci: optimise docker workflows
This commit is contained in:
@@ -4,7 +4,7 @@ run-name: Build Image - ${{ github.ref_name }} - ${{ github.sha }}
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main, develop, staging ]
|
||||
branches: [ main, staging ]
|
||||
paths-ignore:
|
||||
- '**.md'
|
||||
- 'docs/**'
|
||||
@@ -14,35 +14,433 @@ on:
|
||||
description: 'Branch to build from'
|
||||
required: false
|
||||
default: 'main'
|
||||
force_build:
|
||||
description: 'Force image build even if no runtime changes detected'
|
||||
type: boolean
|
||||
required: false
|
||||
default: false
|
||||
|
||||
env:
|
||||
REGISTRY: registry.michaelschiemer.de
|
||||
IMAGE_NAME: framework
|
||||
RUNTIME_IMAGE_NAME: framework-runtime
|
||||
|
||||
jobs:
|
||||
# Job 0: Detect if a new image build is required
|
||||
changes:
|
||||
name: Determine Build Necessity
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
needs_build: ${{ steps.filter.outputs.needs_build }}
|
||||
changed_files: ${{ steps.filter.outputs.changed_files }}
|
||||
needs_runtime_build: ${{ steps.filter.outputs.needs_runtime_build }}
|
||||
steps:
|
||||
- name: Download CI helpers
|
||||
shell: bash
|
||||
env:
|
||||
CI_TOKEN: ${{ secrets.CI_TOKEN }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
REF="${{ github.sha }}"
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ github.ref_name }}"
|
||||
fi
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ inputs.branch || 'main' }}"
|
||||
fi
|
||||
URL="https://git.michaelschiemer.de/${{ github.repository }}/raw/${REF}/scripts/ci/clone_repo.sh"
|
||||
mkdir -p /tmp/ci-tools
|
||||
if [ -n "$CI_TOKEN" ]; then
|
||||
curl -sfL -u "$CI_TOKEN:x-oauth-basic" "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
else
|
||||
curl -sfL "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
fi
|
||||
chmod +x /tmp/ci-tools/clone_repo.sh
|
||||
|
||||
- name: Analyse changed files
|
||||
id: filter
|
||||
shell: bash
|
||||
env:
|
||||
FORCE_BUILD: ${{ inputs.force_build }}
|
||||
EVENT_NAME: ${{ github.event_name }}
|
||||
EVENT_BEFORE: ${{ github.event.before }}
|
||||
INPUT_BRANCH: ${{ inputs.branch }}
|
||||
REF_NAME_GITHUB: ${{ github.ref_name }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
FORCE="${FORCE_BUILD:-false}"
|
||||
if [ "$EVENT_NAME" != "workflow_dispatch" ]; then
|
||||
FORCE="false"
|
||||
fi
|
||||
|
||||
REF_NAME="$REF_NAME_GITHUB"
|
||||
if [ -z "$REF_NAME" ]; then
|
||||
REF_NAME="$INPUT_BRANCH"
|
||||
fi
|
||||
if [ -z "$REF_NAME" ]; then
|
||||
REF_NAME="main"
|
||||
fi
|
||||
|
||||
REPO="${{ github.repository }}"
|
||||
WORKDIR="/workspace/repo"
|
||||
|
||||
export CI_REPOSITORY="$REPO"
|
||||
export CI_TOKEN="${{ secrets.CI_TOKEN }}"
|
||||
export CI_REF_NAME="$REF_NAME"
|
||||
export CI_INPUT_BRANCH="$INPUT_BRANCH"
|
||||
export CI_DEFAULT_BRANCH="main"
|
||||
export CI_TARGET_DIR="$WORKDIR"
|
||||
export CI_FETCH_DEPTH="2"
|
||||
|
||||
/tmp/ci-tools/clone_repo.sh
|
||||
|
||||
cd "$WORKDIR"
|
||||
|
||||
CHANGED_FILES=""
|
||||
|
||||
if [ "$EVENT_NAME" = "push" ] && [ -n "$EVENT_BEFORE" ]; then
|
||||
if git rev-parse "$EVENT_BEFORE" >/dev/null 2>&1; then
|
||||
CHANGED_FILES="$(git diff --name-only "$EVENT_BEFORE" HEAD || true)"
|
||||
else
|
||||
git fetch origin "$EVENT_BEFORE" --depth 1 || true
|
||||
if git rev-parse "$EVENT_BEFORE" >/dev/null 2>&1; then
|
||||
CHANGED_FILES="$(git diff --name-only "$EVENT_BEFORE" HEAD || true)"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$CHANGED_FILES" ]; then
|
||||
if git rev-parse HEAD^ >/dev/null 2>&1; then
|
||||
CHANGED_FILES="$(git diff --name-only HEAD^ HEAD || true)"
|
||||
else
|
||||
echo "ℹ️ Erweiterter Fetch für Diff-Ermittlung"
|
||||
git fetch origin "$REF_NAME" --depth 50 || true
|
||||
if git rev-parse HEAD^ >/dev/null 2>&1; then
|
||||
CHANGED_FILES="$(git diff --name-only HEAD^ HEAD || true)"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$CHANGED_FILES" ] && [ "$FORCE" != "true" ]; then
|
||||
# No diff information available; fall back to building to stay safe
|
||||
echo "⚠️ Keine Änderungsinformation gefunden – bilde Image sicherheitshalber."
|
||||
echo "needs_build=true" >> "$GITHUB_OUTPUT"
|
||||
echo "changed_files=<none>" >> "$GITHUB_OUTPUT"
|
||||
echo "needs_runtime_build=true" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
NEEDS_BUILD=true
|
||||
SUMMARY="Runtime-relevante Änderungen erkannt"
|
||||
RUNTIME_BUILD=false
|
||||
RUNTIME_PATTERN='^(Dockerfile\\.production|Dockerfile\\.runtime|docker/php/|install-php85\\.sh)'
|
||||
|
||||
if [ -n "$CHANGED_FILES" ]; then
|
||||
NEEDS_BUILD=false
|
||||
OTHER_NON_IGNORED=false
|
||||
IGNORE_PATTERN='^(docs/|docs$|tests/|tests$|tests-e2e/|\.github/|\.gitea/|\.idea/|\.vscode/|\.husky/|.*\.md$|.*\.MD$|LICENSE$|CHANGELOG|CHANGELOG\.md$|\.editorconfig$|\.gitignore$)'
|
||||
BUILD_TRIGGER_PATTERN='^(src/|resources/|config/|app/|public/|composer\.json$|composer\.lock$|composer/|package\.json$|package-lock\.json$|pnpm-lock\.yaml$|yarn\.lock$|Dockerfile\.production$|Dockerfile\.runtime$|docker-compose\.production\.yml$|docker/|vite\.config\.(js|ts)$|tsconfig\.json$|babel\.config\.js$|Makefile$|artisan$)'
|
||||
while IFS= read -r FILE; do
|
||||
[ -z "$FILE" ] && continue
|
||||
if echo "$FILE" | grep -Eq "$RUNTIME_PATTERN"; then
|
||||
RUNTIME_BUILD=true
|
||||
fi
|
||||
if echo "$FILE" | grep -Eq "$IGNORE_PATTERN"; then
|
||||
continue
|
||||
fi
|
||||
if echo "$FILE" | grep -Eq "$BUILD_TRIGGER_PATTERN"; then
|
||||
NEEDS_BUILD=true
|
||||
continue
|
||||
fi
|
||||
OTHER_NON_IGNORED=true
|
||||
done <<< "$CHANGED_FILES"
|
||||
|
||||
if [ "$NEEDS_BUILD" = "false" ] && [ "$OTHER_NON_IGNORED" = "false" ]; then
|
||||
SUMMARY="Nur Doku-/Teständerungen – Container-Build wird übersprungen"
|
||||
elif [ "$NEEDS_BUILD" = "false" ] && [ "$OTHER_NON_IGNORED" = "true" ]; then
|
||||
SUMMARY="Keine Build-Trigger gefunden – Container-Build wird übersprungen"
|
||||
fi
|
||||
else
|
||||
RUNTIME_BUILD=true
|
||||
fi
|
||||
|
||||
if [ "$FORCE" = "true" ]; then
|
||||
NEEDS_BUILD=true
|
||||
SUMMARY="Manuell erzwungener Build"
|
||||
RUNTIME_BUILD=true
|
||||
fi
|
||||
|
||||
PRETTY_CHANGES="$(printf '%s' "$CHANGED_FILES" | tr '\n' ', ' | sed 's/, $//')"
|
||||
if [ -z "$PRETTY_CHANGES" ]; then
|
||||
PRETTY_CHANGES="<none>"
|
||||
fi
|
||||
|
||||
echo "📄 Änderungen: $PRETTY_CHANGES"
|
||||
echo "ℹ️ Ergebnis: $SUMMARY"
|
||||
echo "🔁 Runtime-Rebuild erforderlich: $RUNTIME_BUILD"
|
||||
|
||||
echo "needs_build=$NEEDS_BUILD" >> "$GITHUB_OUTPUT"
|
||||
echo "changed_files=$PRETTY_CHANGES" >> "$GITHUB_OUTPUT"
|
||||
echo "needs_runtime_build=$RUNTIME_BUILD" >> "$GITHUB_OUTPUT"
|
||||
|
||||
runtime-base:
|
||||
name: Build Runtime Base Image
|
||||
needs: changes
|
||||
runs-on: docker-build
|
||||
outputs:
|
||||
image_ref: ${{ steps.set-result.outputs.image_ref }}
|
||||
built: ${{ steps.set-result.outputs.built }}
|
||||
env:
|
||||
RUNTIME_IMAGE_NAME: ${{ env.RUNTIME_IMAGE_NAME }}
|
||||
steps:
|
||||
- name: Download CI helpers
|
||||
shell: bash
|
||||
env:
|
||||
CI_TOKEN: ${{ secrets.CI_TOKEN }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
REF="${{ github.sha }}"
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ github.ref_name }}"
|
||||
fi
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ inputs.branch || 'main' }}"
|
||||
fi
|
||||
URL="https://git.michaelschiemer.de/${{ github.repository }}/raw/${REF}/scripts/ci/clone_repo.sh"
|
||||
mkdir -p /tmp/ci-tools
|
||||
if [ -n "$CI_TOKEN" ]; then
|
||||
curl -sfL -u "$CI_TOKEN:x-oauth-basic" "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
else
|
||||
curl -sfL "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
fi
|
||||
chmod +x /tmp/ci-tools/clone_repo.sh
|
||||
|
||||
- name: Evaluate runtime build requirement
|
||||
id: decision
|
||||
shell: bash
|
||||
run: |
|
||||
if [ "${{ needs.changes.outputs.needs_runtime_build }}" = "true" ]; then
|
||||
echo "Runtime base rebuild required"
|
||||
echo "should_build=true" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "Runtime base rebuild not required"
|
||||
echo "should_build=false" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Install git and setup environment
|
||||
if: steps.decision.outputs.should_build == 'true'
|
||||
shell: sh
|
||||
run: |
|
||||
if ! command -v bash >/dev/null 2>&1 || ! command -v git >/dev/null 2>&1; then
|
||||
apk add --no-cache git bash curl
|
||||
fi
|
||||
bash --version
|
||||
git --version
|
||||
|
||||
- name: Checkout code
|
||||
if: steps.decision.outputs.should_build == 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
REF_NAME="${{ github.ref_name }}"
|
||||
INPUT_BRANCH="${{ inputs.branch }}"
|
||||
REPO="${{ github.repository }}"
|
||||
|
||||
export CI_REPOSITORY="$REPO"
|
||||
export CI_TOKEN="${{ secrets.CI_TOKEN }}"
|
||||
export CI_REF_NAME="$REF_NAME"
|
||||
export CI_INPUT_BRANCH="$INPUT_BRANCH"
|
||||
export CI_DEFAULT_BRANCH="main"
|
||||
export CI_TARGET_DIR="/workspace/repo"
|
||||
export CI_FETCH_DEPTH="1"
|
||||
|
||||
/tmp/ci-tools/clone_repo.sh
|
||||
|
||||
cd /workspace/repo
|
||||
|
||||
- name: Setup Docker Buildx
|
||||
if: steps.decision.outputs.should_build == 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
docker buildx version || echo "Buildx nicht gefunden"
|
||||
if ! docker ps >/dev/null 2>&1; then
|
||||
echo "❌ Fehler: Docker ist nicht verfügbar!"
|
||||
exit 1
|
||||
fi
|
||||
if ! docker buildx ls 2>/dev/null | grep -q builder; then
|
||||
docker buildx create --name builder --use --driver docker-container
|
||||
else
|
||||
docker buildx use builder
|
||||
fi
|
||||
docker buildx inspect --bootstrap
|
||||
|
||||
- name: Login to Registry
|
||||
if: steps.decision.outputs.should_build == 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
REGISTRY_USER="${{ secrets.REGISTRY_USER }}"
|
||||
REGISTRY_PASSWORD="${{ secrets.REGISTRY_PASSWORD }}"
|
||||
REGISTRY_URL="${{ env.REGISTRY }}"
|
||||
DEPLOYMENT_HOST="94.16.110.151"
|
||||
|
||||
if [ -z "$REGISTRY_USER" ] || [ -z "$REGISTRY_PASSWORD" ]; then
|
||||
echo "❌ Error: Registry credentials missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "🔐 Logging in to registry..."
|
||||
|
||||
HOST_IP=$(ip route | grep default | awk '{print $3}' 2>/dev/null | head -1 || echo "$DEPLOYMENT_HOST")
|
||||
|
||||
REGISTRY_URLS=(
|
||||
"registry.michaelschiemer.de"
|
||||
"$REGISTRY_URL"
|
||||
"$DEPLOYMENT_HOST"
|
||||
"$DEPLOYMENT_HOST:5000"
|
||||
"${HOST_IP}:5000"
|
||||
)
|
||||
|
||||
LOGIN_SUCCESS=false
|
||||
|
||||
for TEST_URL in "${REGISTRY_URLS[@]}"; do
|
||||
echo "🔍 Testing registry: $TEST_URL"
|
||||
|
||||
if [[ "$TEST_URL" == *":5000" ]]; then
|
||||
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://$TEST_URL/v2/" 2>&1 || echo "000")
|
||||
|
||||
if [ "$HTTP_CODE" = "401" ] || [ "$HTTP_CODE" = "200" ]; then
|
||||
set +e
|
||||
LOGIN_OUTPUT=$(echo "$REGISTRY_PASSWORD" | docker login "$TEST_URL" -u "$REGISTRY_USER" --password-stdin 2>&1)
|
||||
LOGIN_EXIT_CODE=$?
|
||||
set -e
|
||||
|
||||
if [ $LOGIN_EXIT_CODE -eq 0 ]; then
|
||||
REGISTRY_URL="$TEST_URL"
|
||||
LOGIN_SUCCESS=true
|
||||
break
|
||||
fi
|
||||
fi
|
||||
else
|
||||
HTTPS_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" "https://$TEST_URL/v2/" 2>&1 || echo "000")
|
||||
|
||||
if [ "$HTTPS_CODE" = "401" ] || [ "$HTTPS_CODE" = "200" ]; then
|
||||
set +e
|
||||
LOGIN_OUTPUT=$(echo "$REGISTRY_PASSWORD" | docker login "$TEST_URL" -u "$REGISTRY_USER" --password-stdin 2>&1)
|
||||
LOGIN_EXIT_CODE=$?
|
||||
set -e
|
||||
|
||||
if [ $LOGIN_EXIT_CODE -eq 0 ]; then
|
||||
REGISTRY_URL="$TEST_URL"
|
||||
LOGIN_SUCCESS=true
|
||||
break
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$LOGIN_SUCCESS" = false ]; then
|
||||
echo "❌ Registry login failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Registry login successful: $REGISTRY_URL"
|
||||
echo "REGISTRY_URL=$REGISTRY_URL" >> $GITHUB_ENV
|
||||
echo "CACHE_REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV
|
||||
|
||||
- name: Build and push runtime base image
|
||||
if: steps.decision.outputs.should_build == 'true'
|
||||
shell: bash
|
||||
env:
|
||||
REGISTRY_URL: ${{ env.REGISTRY_URL }}
|
||||
CACHE_REGISTRY: ${{ env.CACHE_REGISTRY }}
|
||||
run: |
|
||||
cd /workspace/repo
|
||||
|
||||
TARGET_REGISTRY="$CACHE_REGISTRY"
|
||||
if [ -z "$TARGET_REGISTRY" ]; then
|
||||
TARGET_REGISTRY="$REGISTRY_URL"
|
||||
fi
|
||||
|
||||
echo "TARGET_REGISTRY=$TARGET_REGISTRY" >> $GITHUB_ENV
|
||||
|
||||
IMAGE_NAME="${{ env.RUNTIME_IMAGE_NAME }}"
|
||||
|
||||
echo "🏗️ Building runtime base image..."
|
||||
echo " Registry: $TARGET_REGISTRY"
|
||||
echo " Image: $IMAGE_NAME"
|
||||
|
||||
docker buildx build \
|
||||
--platform linux/amd64 \
|
||||
--file ./Dockerfile.production \
|
||||
--target runtime-base \
|
||||
--tag "$TARGET_REGISTRY/$IMAGE_NAME:latest" \
|
||||
--tag "$TARGET_REGISTRY/$IMAGE_NAME:$(date +%Y%m%d)" \
|
||||
--push \
|
||||
.
|
||||
|
||||
echo "✅ Runtime base image pushed successfully!"
|
||||
|
||||
- name: Set runtime base outputs
|
||||
id: set-result
|
||||
shell: bash
|
||||
run: |
|
||||
if [ "${{ steps.decision.outputs.should_build }}" = "true" ]; then
|
||||
TARGET_REGISTRY="${{ env.TARGET_REGISTRY || env.REGISTRY }}"
|
||||
if [ -z "$TARGET_REGISTRY" ]; then
|
||||
TARGET_REGISTRY="${{ env.REGISTRY }}"
|
||||
fi
|
||||
echo "image_ref=$TARGET_REGISTRY/$RUNTIME_IMAGE_NAME:latest" >> "$GITHUB_OUTPUT"
|
||||
echo "built=true" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "image_ref=" >> "$GITHUB_OUTPUT"
|
||||
echo "built=false" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
# Job 1: Run Tests
|
||||
test:
|
||||
needs: changes
|
||||
if: needs.changes.outputs.needs_build == 'true'
|
||||
name: Run Tests & Quality Checks
|
||||
runs-on: php-ci
|
||||
steps:
|
||||
- name: Download CI helpers
|
||||
shell: bash
|
||||
env:
|
||||
CI_TOKEN: ${{ secrets.CI_TOKEN }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
REF="${{ github.sha }}"
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ github.ref_name }}"
|
||||
fi
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ inputs.branch || 'main' }}"
|
||||
fi
|
||||
URL="https://git.michaelschiemer.de/${{ github.repository }}/raw/${REF}/scripts/ci/clone_repo.sh"
|
||||
mkdir -p /tmp/ci-tools
|
||||
if [ -n "$CI_TOKEN" ]; then
|
||||
curl -sfL -u "$CI_TOKEN:x-oauth-basic" "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
else
|
||||
curl -sfL "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
fi
|
||||
chmod +x /tmp/ci-tools/clone_repo.sh
|
||||
|
||||
- name: Checkout code
|
||||
run: |
|
||||
REF_NAME="${{ github.ref_name || inputs.branch || 'main' }}"
|
||||
REF_NAME="${{ github.ref_name }}"
|
||||
INPUT_BRANCH="${{ inputs.branch }}"
|
||||
REPO="${{ github.repository }}"
|
||||
|
||||
if [ -n "${{ secrets.CI_TOKEN }}" ]; then
|
||||
git clone --depth 1 --branch "$REF_NAME" \
|
||||
"https://${{ secrets.CI_TOKEN }}@git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo
|
||||
else
|
||||
git clone --depth 1 --branch "$REF_NAME" \
|
||||
"https://git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo || \
|
||||
git clone --depth 1 \
|
||||
"https://git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo
|
||||
fi
|
||||
|
||||
|
||||
export CI_REPOSITORY="$REPO"
|
||||
export CI_TOKEN="${{ secrets.CI_TOKEN }}"
|
||||
export CI_REF_NAME="$REF_NAME"
|
||||
export CI_INPUT_BRANCH="$INPUT_BRANCH"
|
||||
export CI_DEFAULT_BRANCH="main"
|
||||
export CI_TARGET_DIR="/workspace/repo"
|
||||
export CI_FETCH_DEPTH="1"
|
||||
|
||||
/tmp/ci-tools/clone_repo.sh
|
||||
|
||||
cd /workspace/repo
|
||||
|
||||
- name: Cache Composer dependencies
|
||||
@@ -69,7 +467,8 @@ jobs:
|
||||
# Job 2: Build & Push Docker Image
|
||||
build:
|
||||
name: Build Docker Image
|
||||
needs: test
|
||||
needs: [changes, test, runtime-base]
|
||||
if: needs.changes.outputs.needs_build == 'true'
|
||||
runs-on: docker-build
|
||||
outputs:
|
||||
image_tag: ${{ steps.image_info.outputs.IMAGE_TAG }}
|
||||
@@ -84,26 +483,46 @@ jobs:
|
||||
fi
|
||||
bash --version
|
||||
git --version
|
||||
|
||||
|
||||
- name: Download CI helpers
|
||||
shell: bash
|
||||
env:
|
||||
CI_TOKEN: ${{ secrets.CI_TOKEN }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
REF="${{ github.sha }}"
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ github.ref_name }}"
|
||||
fi
|
||||
if [ -z "$REF" ]; then
|
||||
REF="${{ inputs.branch || 'main' }}"
|
||||
fi
|
||||
URL="https://git.michaelschiemer.de/${{ github.repository }}/raw/${REF}/scripts/ci/clone_repo.sh"
|
||||
mkdir -p /tmp/ci-tools
|
||||
if [ -n "$CI_TOKEN" ]; then
|
||||
curl -sfL -u "$CI_TOKEN:x-oauth-basic" "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
else
|
||||
curl -sfL "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||||
fi
|
||||
chmod +x /tmp/ci-tools/clone_repo.sh
|
||||
|
||||
- name: Checkout code
|
||||
shell: bash
|
||||
run: |
|
||||
REF_NAME="${{ github.ref_name || inputs.branch || 'main' }}"
|
||||
REF_NAME="${{ github.ref_name }}"
|
||||
INPUT_BRANCH="${{ inputs.branch }}"
|
||||
REPO="${{ github.repository }}"
|
||||
|
||||
if [ -n "${{ secrets.CI_TOKEN }}" ]; then
|
||||
git clone --depth 1 --branch "$REF_NAME" \
|
||||
"https://${{ secrets.CI_TOKEN }}@git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo
|
||||
else
|
||||
git clone --depth 1 --branch "$REF_NAME" \
|
||||
"https://git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo || \
|
||||
git clone --depth 1 \
|
||||
"https://git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo
|
||||
fi
|
||||
|
||||
|
||||
export CI_REPOSITORY="$REPO"
|
||||
export CI_TOKEN="${{ secrets.CI_TOKEN }}"
|
||||
export CI_REF_NAME="$REF_NAME"
|
||||
export CI_INPUT_BRANCH="$INPUT_BRANCH"
|
||||
export CI_DEFAULT_BRANCH="main"
|
||||
export CI_TARGET_DIR="/workspace/repo"
|
||||
export CI_FETCH_DEPTH="1"
|
||||
|
||||
/tmp/ci-tools/clone_repo.sh
|
||||
|
||||
cd /workspace/repo
|
||||
|
||||
- name: Setup Docker Buildx
|
||||
@@ -151,6 +570,7 @@ jobs:
|
||||
REGISTRY_USER="${{ secrets.REGISTRY_USER }}"
|
||||
REGISTRY_PASSWORD="${{ secrets.REGISTRY_PASSWORD }}"
|
||||
REGISTRY_URL="${{ env.REGISTRY }}"
|
||||
CANONICAL_REGISTRY="${{ env.REGISTRY }}"
|
||||
DEPLOYMENT_HOST="94.16.110.151"
|
||||
|
||||
if [ -z "$REGISTRY_USER" ] || [ -z "$REGISTRY_PASSWORD" ]; then
|
||||
@@ -215,15 +635,55 @@ jobs:
|
||||
|
||||
echo "✅ Registry login successful: $REGISTRY_URL"
|
||||
echo "REGISTRY_URL=$REGISTRY_URL" >> $GITHUB_ENV
|
||||
echo "CACHE_REGISTRY=$CANONICAL_REGISTRY" >> $GITHUB_ENV
|
||||
|
||||
- name: Determine runtime base image
|
||||
id: runtime-image
|
||||
shell: bash
|
||||
run: |
|
||||
DEFAULT_IMAGE="${{ env.REGISTRY }}/${{ env.RUNTIME_IMAGE_NAME }}:latest"
|
||||
SELECTED_IMAGE="$DEFAULT_IMAGE"
|
||||
|
||||
if [ -n "${{ needs.runtime-base.outputs.image_ref }}" ]; then
|
||||
SELECTED_IMAGE="${{ needs.runtime-base.outputs.image_ref }}"
|
||||
else
|
||||
if ! docker pull "$DEFAULT_IMAGE" >/dev/null 2>&1; then
|
||||
ALT_REGISTRY="${{ env.REGISTRY_URL }}"
|
||||
if [ -n "$ALT_REGISTRY" ] && [ "$ALT_REGISTRY" != "$DEFAULT_IMAGE" ]; then
|
||||
ALT_IMAGE="$ALT_REGISTRY/${{ env.RUNTIME_IMAGE_NAME }}:latest"
|
||||
if docker pull "$ALT_IMAGE" >/dev/null 2>&1; then
|
||||
echo "ℹ️ Verwende alternatives Runtime-Image $ALT_IMAGE"
|
||||
SELECTED_IMAGE="$ALT_IMAGE"
|
||||
else
|
||||
echo "⚠️ Runtime base image nicht verfügbar, verwende lokale Stage"
|
||||
SELECTED_IMAGE="runtime-base"
|
||||
fi
|
||||
else
|
||||
echo "⚠️ Runtime base image nicht verfügbar, verwende lokale Stage"
|
||||
SELECTED_IMAGE="runtime-base"
|
||||
fi
|
||||
else
|
||||
echo "ℹ️ Verwende bestehendes Runtime-Image $DEFAULT_IMAGE"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "runtime_image=$SELECTED_IMAGE" >> "$GITHUB_OUTPUT"
|
||||
echo "🏗️ Runtime-Image gewählt: $SELECTED_IMAGE"
|
||||
|
||||
- name: Build and push Docker image
|
||||
shell: bash
|
||||
env:
|
||||
REGISTRY_URL: ${{ env.REGISTRY_URL }}
|
||||
CACHE_REGISTRY: ${{ env.CACHE_REGISTRY }}
|
||||
RUNTIME_IMAGE: ${{ steps.runtime-image.outputs.runtime_image }}
|
||||
run: |
|
||||
cd /workspace/repo
|
||||
|
||||
REGISTRY_TO_USE="$REGISTRY_URL"
|
||||
CACHE_TARGET="$CACHE_REGISTRY"
|
||||
if [ -z "$CACHE_TARGET" ]; then
|
||||
CACHE_TARGET="$REGISTRY_TO_USE"
|
||||
fi
|
||||
IMAGE_NAME="${{ env.IMAGE_NAME }}"
|
||||
|
||||
COMMIT_SHA="${{ github.sha }}"
|
||||
@@ -239,18 +699,23 @@ jobs:
|
||||
|
||||
echo "🏗️ Building Docker image..."
|
||||
echo " Registry: $REGISTRY_TO_USE"
|
||||
if [ "$CACHE_TARGET" != "$REGISTRY_TO_USE" ]; then
|
||||
echo " Cache registry: $CACHE_TARGET"
|
||||
fi
|
||||
echo " Runtime base: $RUNTIME_IMAGE"
|
||||
echo " Image: $IMAGE_NAME"
|
||||
echo " Tags: latest, $TAG, git-$SHORT_SHA"
|
||||
|
||||
docker buildx build \
|
||||
--platform linux/amd64 \
|
||||
--file ./Dockerfile.production \
|
||||
--build-arg RUNTIME_IMAGE="$RUNTIME_IMAGE" \
|
||||
--tag "${REGISTRY_TO_USE}/${IMAGE_NAME}:latest" \
|
||||
--tag "${REGISTRY_TO_USE}/${IMAGE_NAME}:${TAG}" \
|
||||
--tag "${REGISTRY_TO_USE}/${IMAGE_NAME}:git-${SHORT_SHA}" \
|
||||
--cache-from type=registry,ref="${REGISTRY_TO_USE}/${IMAGE_NAME}:buildcache" \
|
||||
--cache-from type=registry,ref="${CACHE_TARGET}/${IMAGE_NAME}:buildcache" \
|
||||
--cache-from type=registry,ref="${REGISTRY_TO_USE}/${IMAGE_NAME}:latest" \
|
||||
--cache-to type=registry,ref="${REGISTRY_TO_USE}/${IMAGE_NAME}:buildcache",mode=max \
|
||||
--cache-to type=registry,ref="${CACHE_TARGET}/${IMAGE_NAME}:buildcache",mode=max \
|
||||
--build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
|
||||
--build-arg GIT_COMMIT=${COMMIT_SHA} \
|
||||
--build-arg GIT_BRANCH=${REF_NAME} \
|
||||
|
||||
Reference in New Issue
Block a user