From 9b78e9dc2e8c50a2f84c84bd51017a98337acc2c Mon Sep 17 00:00:00 2001 From: Job79 Date: Sat, 27 Dec 2025 14:52:11 +0100 Subject: [PATCH] feat: use podman for build and better changes checks --- .gitea/workflows/fedora.yaml | 128 +++++++++++++++++++++++------------ 1 file changed, 85 insertions(+), 43 deletions(-) diff --git a/.gitea/workflows/fedora.yaml b/.gitea/workflows/fedora.yaml index 90b73cb..6b602ec 100644 --- a/.gitea/workflows/fedora.yaml +++ b/.gitea/workflows/fedora.yaml @@ -1,60 +1,102 @@ -name: Build container +name: Build containers on: push: branches: ["main"] - paths: - - "containers/fedora/**" - - "containers/go/**" - - "containers/infra/**" - - ".gitea/workflows/fedora.yaml" + paths: ["containers/**", ".gitea/workflows/fedora.yaml"] pull_request: branches: ["main"] - paths: - - "containers/fedora/**" - - "containers/go/**" - - "containers/infra/**" - - ".gitea/workflows/fedora.yaml" + paths: ["containers/**", ".gitea/workflows/fedora.yaml"] schedule: - cron: "0 16 * * FRI" jobs: - fedora-build: + changes: + runs-on: job-latest + outputs: + fedora: ${{ steps.filter.outputs.fedora == 'true' || github.event_name == 'schedule' }} + infra: ${{ steps.filter.outputs.infra == 'true' || steps.filter.outputs.fedora == 'true' || github.event_name == 'schedule' }} + go: ${{ steps.filter.outputs.go == 'true' || steps.filter.outputs.fedora == 'true' || github.event_name == 'schedule' }} + steps: + - uses: actions/checkout@v4 + - uses: actions/filter-checker@v1 + id: filter + with: + filters: | + fedora: ['containers/fedora/**'] + infra: ['containers/infra/**'] + go: ['containers/go/**'] + + fedora-base: + needs: [changes] + if: ${{ needs.changes.outputs.fedora == 'true' }} runs-on: job-latest steps: - - name: Clone repo - uses: actions/checkout@v4 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to Registry - uses: docker/login-action@v3 + - uses: actions/checkout@v4 + - name: Log in + uses: redhat-actions/podman-login@v1 with: registry: git.plabble.org username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_TOKEN }} - - name: Build and push fedora container - uses: docker/build-push-action@v5 + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build Fedora + id: build + uses: redhat-actions/buildah-build@v2 with: - context: ./containers/fedora - file: ./containers/fedora/Containerfile - push: true - tags: git.plabble.org/job79/fedora:${{ github.ref_name }} - build-args: TAG=${{ github.ref_name }} - outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true - - name: Build and push go container - uses: docker/build-push-action@v5 + image: ${{ github.actor }}/fedora + tags: ${{ github.ref_name }} + containerfiles: ./containers/fedora/Containerfile + oci: true + - name: Push Fedora + uses: redhat-actions/push-to-registry@v2 with: - context: ./containers/go - file: ./containers/go/Containerfile - push: true - tags: git.plabble.org/job79/go:${{ github.ref_name }} - build-args: TAG=${{ github.ref_name }} - outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true - - name: Build and push infra container - uses: docker/build-push-action@v5 + image: ${{ steps.build.outputs.image }} + tags: ${{ steps.build.outputs.tags }} + registry: git.plabble.org + extra-args: --compression-format=zstd:chunked + + dependent-images: + needs: [changes, fedora-base] + # This runs if its folder changed OR if fedora-base was successfully rebuilt + # Use 'always()' with a check because if fedora-base is skipped, it returns 'success' + if: | + always() && + (needs.changes.outputs.infra == 'true' || needs.changes.outputs.go == 'true') && + (needs.fedora-base.result == 'success' || needs.fedora-base.result == 'skipped') + runs-on: job-latest + strategy: + fail-fast: false + matrix: + container: [infra, go] + steps: + - name: Check if build needed + id: check + run: | + if [[ "${{ matrix.container }}" == "infra" && "${{ needs.changes.outputs.infra }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi + if [[ "${{ matrix.container }}" == "go" && "${{ needs.changes.outputs.go }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi + - name: Clone repo + if: steps.check.outputs.run == 'true' + uses: actions/checkout@v4 + - name: Log in + if: steps.check.outputs.run == 'true' + uses: redhat-actions/podman-login@v1 with: - context: ./containers/infra - file: ./containers/infra/Containerfile - push: true - tags: git.plabble.org/job79/infra:${{ github.ref_name }} - build-args: TAG=${{ github.ref_name }} - outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true + registry: git.plabble.org + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build ${{ matrix.container }} + if: steps.check.outputs.run == 'true' + id: build + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ github.actor }}/${{ matrix.container }} + tags: ${{ github.ref_name }} + containerfiles: ./containers/${{ matrix.container }}/Containerfile + oci: true + - name: Push ${{ matrix.container }} + if: steps.check.outputs.run == 'true' + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build.outputs.image }} + tags: ${{ steps.build.outputs.tags }} + registry: git.plabble.org + extra-args: --compression-format=zstd:chunked