name: Reusable Docker Publish on: workflow_call: inputs: image_name: required: true type: string dockerfile_path: type: string default: "." secrets: REGISTRY_USERNAME: { required: true } REGISTRY_PASSWORD: { required: true } DOCKER_REGISTRY: { required: true } NTFY_TOPIC: { required: true } NTFY_TOKEN: { required: true } NTFY_SERVER: { required: true } jobs: publish: runs-on: docker container: image: gitea.tech-buddy.at/bitbuddydev/gitea_runner_python314:dev-bda315b82bb23d83065b77d91fedf0e20d9accf1 credentials: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} steps: - name: Checkout uses: actions/checkout@v4 - name: Extract Tags id: vars shell: bash run: | SHA_SHORT="$(git rev-parse --short HEAD)" FULL_IMAGE="${{ secrets.DOCKER_REGISTRY }}/${{ inputs.image_name }}" TAGS="-t ${FULL_IMAGE}:${SHA_SHORT}" if echo "${{ gitea.ref }}" | grep -q '^refs/tags/v'; then VERSION="${{ gitea.ref_name }}" VERSION="${VERSION#v}" MAJOR="$(echo "$VERSION" | cut -d. -f1)" MINOR="$(echo "$VERSION" | cut -d. -f1,2)" TAGS="${TAGS} -t ${FULL_IMAGE}:latest -t ${FULL_IMAGE}:${VERSION} -t ${FULL_IMAGE}:${MINOR} -t ${FULL_IMAGE}:${MAJOR}" fi echo "docker_tags=${TAGS}" >> "$GITEA_OUTPUT" echo "full_image=${FULL_IMAGE}" >> "$GITEA_OUTPUT" - name: Docker Login run: | echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login "${{ secrets.DOCKER_REGISTRY }}" -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin - name: Build image run: | SHA_SHORT="$(git rev-parse --short HEAD)" FULL_IMAGE="${{ secrets.DOCKER_REGISTRY }}/${{ inputs.image_name }}" docker build \ -t "${FULL_IMAGE}:${SHA_SHORT}" \ ${{ inputs.dockerfile_path }} if echo "${{ gitea.ref }}" | grep -q '^refs/tags/v'; then VERSION="${{ gitea.ref_name }}" VERSION="${VERSION#v}" MAJOR="$(echo "$VERSION" | cut -d. -f1)" MINOR="$(echo "$VERSION" | cut -d. -f1,2)" docker tag "${FULL_IMAGE}:${SHA_SHORT}" "${FULL_IMAGE}:latest" docker tag "${FULL_IMAGE}:${SHA_SHORT}" "${FULL_IMAGE}:${VERSION}" docker tag "${FULL_IMAGE}:${SHA_SHORT}" "${FULL_IMAGE}:${MINOR}" docker tag "${FULL_IMAGE}:${SHA_SHORT}" "${FULL_IMAGE}:${MAJOR}" fi - name: Push image shell: bash run: | set -euxo pipefail echo "=== Git / Ref Info ===" git rev-parse HEAD git rev-parse --short HEAD echo "gitea.ref=${{ gitea.ref }}" echo "gitea.ref_name=${{ gitea.ref_name }}" SHA_SHORT="$(git rev-parse --short HEAD)" FULL_IMAGE="${{ secrets.DOCKER_REGISTRY }}/${{ inputs.image_name }}" echo "=== Image Info ===" echo "FULL_IMAGE=${FULL_IMAGE}" echo "SHA_SHORT=${SHA_SHORT}" echo "Expected image: ${FULL_IMAGE}:${SHA_SHORT}" echo "=== Local Docker Images ===" docker images | grep "${{ inputs.image_name }}" || true echo "=== Inspect Image ===" docker image inspect "${FULL_IMAGE}:${SHA_SHORT}" >/dev/null echo "=== Docker Auth Check ===" docker info echo "=== Push SHA tag ===" docker push "${FULL_IMAGE}:${SHA_SHORT}" if echo "${{ gitea.ref }}" | grep -q '^refs/tags/v'; then echo "=== Version tag detected ===" VERSION="${{ gitea.ref_name }}" VERSION="${VERSION#v}" MAJOR="$(echo "$VERSION" | cut -d. -f1)" MINOR="$(echo "$VERSION" | cut -d. -f1,2)" echo "VERSION=${VERSION}" echo "MINOR=${MINOR}" echo "MAJOR=${MAJOR}" echo "=== Push latest ===" docker push "${FULL_IMAGE}:latest" echo "=== Push version ===" docker push "${FULL_IMAGE}:${VERSION}" echo "=== Push minor ===" docker push "${FULL_IMAGE}:${MINOR}" echo "=== Push major ===" docker push "${FULL_IMAGE}:${MAJOR}" else echo "=== No version tag detected, only SHA tag pushed ===" fi