feat: use podman for build and better changes checks

.gitea/workflows/fedora.yaml

@@ -1,60 +1,98 @@
-name: Build container
+name: Build containers
 on:
   push:
     branches: ["main"]
-    paths:
-      - "containers/fedora/**"
-      - "containers/go/**"
-      - "containers/infra/**"
-      - ".gitea/workflows/fedora.yaml"
+    paths: ["containers/**", ".gitea/workflows/fedora.yaml"]
   pull_request:
     branches: ["main"]
-    paths:
-      - "containers/fedora/**"
-      - "containers/go/**"
-      - "containers/infra/**"
-      - ".gitea/workflows/fedora.yaml"
+    paths: ["containers/**", ".gitea/workflows/fedora.yaml"]
   schedule:
     - cron: "0 16 * * FRI"
 
 jobs:
-  fedora-build:
-    runs-on: job-latest
+  changes:
+    runs-on: job-v2
+    outputs:
+      fedora: ${{ steps.filter.outputs.fedora == 'true' }}
+      infra: ${{ steps.filter.outputs.infra == 'true' || steps.filter.outputs.fedora == 'true' }}
+      go: ${{ steps.filter.outputs.go == 'true' || steps.filter.outputs.fedora == 'true' }}
+      any_change: ${{ steps.filter.outputs.workflow == 'true' || github.event_name == 'schedule' }}
     steps:
-      - name: Clone repo
-        uses: actions/checkout@v4
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to Registry
-        uses: docker/login-action@v3
+      - uses: actions/checkout@v4
+      - uses: https://github.com/dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            workflow: ['.gitea/workflows/fedora.yaml']
+            fedora: ['containers/fedora/**']
+            infra: ['containers/infra/**']
+            go: ['containers/go/**']
+
+  fedora-base:
+    needs: [changes]
+    if: ${{ needs.changes.outputs.fedora == 'true' || needs.changes.outputs.any_change == 'true' }}
+    runs-on: job-v2
+    steps:
+      - uses: actions/checkout@v4
+      - name: Log in
+        uses: redhat-actions/podman-login@v1
         with:
           registry: git.plabble.org
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_TOKEN }}
-      - name: Build and push fedora container
-        uses: docker/build-push-action@v5
+      - name: Build Fedora
+        id: build
+        uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef
         with:
-          context: ./containers/fedora
-          file: ./containers/fedora/Containerfile
-          push: true
-          tags: git.plabble.org/job79/fedora:${{ github.ref_name }}
-          build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
-      - name: Build and push go container
-        uses: docker/build-push-action@v5
+          image: ${{ github.actor }}/fedora
+          tags: ${{ github.ref_name }}
+          containerfiles: ./containers/fedora/Containerfile
+          oci: true
+      - name: Push Fedora
+        uses: redhat-actions/push-to-registry@v2
         with:
-          context: ./containers/go
-          file: ./containers/go/Containerfile
-          push: true
-          tags: git.plabble.org/job79/go:${{ github.ref_name }}
-          build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
-      - name: Build and push infra container
-        uses: docker/build-push-action@v5
+          image: ${{ steps.build.outputs.image }}
+          tags: ${{ steps.build.outputs.tags }}
+          registry: git.plabble.org
+          extra-args: --compression-format=zstd:chunked
+
+  dependent-images:
+    needs: [changes, fedora-base]
+    runs-on: job-v2
+    strategy:
+      fail-fast: false
+      matrix:
+        container: [infra, go]
+    steps:
+      - name: Check if build needed
+        id: check
+        run: |
+          if [[ "${{ matrix.container }}" == "infra" && "${{ needs.changes.outputs.infra }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi
+          if [[ "${{ matrix.container }}" == "go" && "${{ needs.changes.outputs.go }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi
+      - name: Clone repo
+        if: steps.check.outputs.run == 'true'
+        uses: actions/checkout@v4
+      - name: Log in
+        if: steps.check.outputs.run == 'true'
+        uses: redhat-actions/podman-login@v1
         with:
-          context: ./containers/infra
-          file: ./containers/infra/Containerfile
-          push: true
-          tags: git.plabble.org/job79/infra:${{ github.ref_name }}
-          build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
+          registry: git.plabble.org
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build ${{ matrix.container }}
+        if: steps.check.outputs.run == 'true'
+        id: build
+        uses: job79/buildah-build@main
+        with:
+          image: ${{ github.actor }}/${{ matrix.container }}
+          tags: ${{ github.ref_name }}
+          containerfiles: ./containers/${{ matrix.container }}/Containerfile
+          oci: true
+      - name: Push ${{ matrix.container }}
+        if: steps.check.outputs.run == 'true'
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build.outputs.image }}
+          tags: ${{ steps.build.outputs.tags }}
+          registry: git.plabble.org
+          extra-args: --compression-format=zstd:chunked