From 9c5b0d9a4a914bfedebf7b07e5bd8e1ab1cf5a1c Mon Sep 17 00:00:00 2001 From: NexVeridian Date: Thu, 21 Aug 2025 13:11:52 -0700 Subject: [PATCH] ci: forgejo --- .forgejo/workflows/docker.yml | 106 ++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 .forgejo/workflows/docker.yml diff --git a/.forgejo/workflows/docker.yml b/.forgejo/workflows/docker.yml new file mode 100644 index 0000000..967eb6e --- /dev/null +++ b/.forgejo/workflows/docker.yml @@ -0,0 +1,106 @@ +name: docker + +on: + # workflow_run: + # workflows: [crane] + push: + branches: [main] + # types: + # - completed + # schedule: + # - cron: 0 0 * * 1 + # # Publish semver tags as releases. + # tags: [ 'v*.*.*' ] + # pull_request: + # branches: [ "main" ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: git.nexveridian.com + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + NIX_CONFIG: "experimental-features = nix-command flakes" + +jobs: + build: + runs-on: docker + # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-a-workflow-based-on-the-conclusion-of-another-workflow + # if: ${{ github.event.workflow_run.conclusion == 'success' }} + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.nexveridian.com ${{ secrets.ATTIC_TOKEN }} || true + - run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache create nexveridian-web || true + - run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use nexveridian-web || true + + - name: Install Node.js + run: | + mkdir -p ~/.local/bin + nix build -I nixpkgs=channel:nixos-unstable nixpkgs#nodejs_24 -o ~/.local/nodejs + ln -sf ~/.local/nodejs/bin/node ~/.local/bin/node + ln -sf ~/.local/nodejs/bin/npm ~/.local/bin/npm + echo "$HOME/.local/bin" >> $GITHUB_PATH + + - uses: actions/checkout@v4 + + - name: Install Docker + run: | + mkdir -p ~/.local/docker + nix build -I nixpkgs=channel:nixos-unstable nixpkgs#docker -o ~/.local/docker + ln -sf ~/.local/docker/bin/docker ~/.local/bin/docker + echo "$HOME/.local/bin" >> $GITHUB_PATH + + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.GITHUB_ACTOR }} + password: ${{ env.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build Nix package + run: nix build .#my-docker + + # https://github.com/orgs/community/discussions/25768#discussioncomment-3249183 + - name: Downcase REPO + run: | + echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} + + - name: Strip REPO Username + run: | + STRIP_REPO_USERNAME=$(echo "${{ env.REPO }}" | sed 's/nexveridian\///') + echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV} + + # https://github.com/docker/build-push-action/issues/538 + - name: Push and tag Docker image + run: | + docker load < result + docker tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest + docker push ${{ env.REGISTRY }}/${{ env.REPO }}:latest + + - name: Push to attic + if: always() + run: | + valid_paths="" + for path in /nix/store/*/; do + if nix path-info "$path" >/dev/null 2>&1; then + valid_paths="$valid_paths $path" + fi + done + + if [ -n "$valid_paths" ]; then + for i in {1..10}; do + nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push nexveridian-web $valid_paths && break || [ $i -eq 5 ] || sleep 5 + done + fi