From f35c24857fa7b49b5ef29b61fd9cf9d1f820ee8d Mon Sep 17 00:00:00 2001
From: moilanik <niko.moilanen@tietoevry.com>
Date: Mon, 15 Jun 2026 11:31:09 +0300
Subject: [PATCH] docker yleiseksi rakenteeltaan

---
 .gitea/workflows/build_publish-artifact.yml | 40 +++++++---
 .gitea/workflows/gitea-env.conf             |  3 +
 guides/docker-registry-setup.md             | 85 +++++++++++++++++++++
 scripts/report-status.sh                    |  5 +-
 4 files changed, 121 insertions(+), 12 deletions(-)
 create mode 100644 guides/docker-registry-setup.md

diff --git a/.gitea/workflows/build_publish-artifact.yml b/.gitea/workflows/build_publish-artifact.yml
index 839250c..ab12712 100644
--- a/.gitea/workflows/build_publish-artifact.yml
+++ b/.gitea/workflows/build_publish-artifact.yml
@@ -16,6 +16,10 @@ on:
         required: true
       GIT_PAGES_PUBLISH_TOKEN:
         required: true
+      DOCKER_USERNAME:
+        required: false
+      DOCKER_PASSWORD:
+        required: true
 
 env:
   GITEA_API_URL: ${{ fromJson(inputs.env_json).GITEA_API_URL }}
@@ -23,6 +27,9 @@ env:
   GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
   GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }}
   REPO: ${{ github.repository }}
+  DOCKER_REGISTRY: ${{ fromJson(inputs.env_json).DOCKER_REGISTRY || '' }}
+  DOCKER_IMAGE_TAG: ${{ fromJson(inputs.env_json).DOCKER_IMAGE_TAG || '' }}
+  DOCKER_UI_URL: ${{ fromJson(inputs.env_json).DOCKER_UI_URL || '' }}
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -146,7 +153,7 @@ jobs:
             --label "git.commit=${{ github.sha }}" \
             --label "git.commitBy=${{ github.actor }}" \
             --label "build.date=${NOW}" \
-            -t "gitea-ci-library-test-minimal:${NEXT_VERSION}" .
+            -t "${DOCKER_IMAGE_TAG}:${NEXT_VERSION}" .
 
       - name: Report status SUCCESS
         if: steps.gatekeeper.outputs.skip == 'false' && success()
@@ -165,7 +172,7 @@ jobs:
         run: |
           source /tmp/build-ctx/build.env
           mkdir -p /tmp/image
-          docker save "gitea-ci-library-test-minimal:${NEXT_VERSION}" -o /tmp/image/artifact.tar
+          docker save "${DOCKER_IMAGE_TAG}:${NEXT_VERSION}" -o /tmp/image/artifact.tar
 
       - name: Upload Docker image artifact
         if: steps.gatekeeper.outputs.skip == 'false' && success()
@@ -215,25 +222,36 @@ jobs:
           echo "===== gitea-ci-library - Docker Push | begin ====="
           bash scripts/report-status.sh pending "Pushing to registry..." ci-docker-push
 
-      - name: Push to Gitea Packages
+      - name: Push to Docker Registry
         if: steps.gatekeeper.outputs.skip == 'false'
         env:
-          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME || github.actor }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
         run: |
           source /tmp/build-ctx/build.env
           docker load -i /tmp/image/artifact.tar
-          REGISTRY=$(echo "${{ gitea.server_url }}" | sed -e 's|^https://||' -e 's|^http://||')
-          IMAGE="$REGISTRY/${{ gitea.repository }}:${NEXT_VERSION}"
-          docker tag "gitea-ci-library-test-minimal:${NEXT_VERSION}" "$IMAGE"
-          echo "$GITEA_TOKEN" | docker login "$REGISTRY" -u "${{ github.actor }}" --password-stdin
-          docker push "$IMAGE"
-          docker logout "$REGISTRY"
+
+          REGISTRY="${DOCKER_REGISTRY:?DOCKER_REGISTRY not set in env.conf}"
+          IMAGE="${DOCKER_IMAGE_TAG:?DOCKER_IMAGE_TAG not set in env.conf}"
+          REGISTRY_HOST="${REGISTRY%%/*}"
+
+          FULL_IMAGE="${REGISTRY}/${IMAGE}:${NEXT_VERSION}"
+          echo "Pushing ${FULL_IMAGE} ..."
+
+          docker tag "${DOCKER_IMAGE_TAG}:${NEXT_VERSION}" "$FULL_IMAGE"
+          echo "$DOCKER_PASSWORD" | docker login "$REGISTRY_HOST" -u "$DOCKER_USERNAME" --password-stdin
+          docker push "$FULL_IMAGE"
+          docker logout "$REGISTRY_HOST"
 
       - name: Report status SUCCESS
         if: steps.gatekeeper.outputs.skip == 'false' && success()
         run: |
           source /tmp/build-ctx/build.env
-          bash scripts/report-status.sh success "Docker push $NEXT_VERSION OK" ci-docker-push
+          CONTAINER_URL=""
+          if [ -n "${DOCKER_UI_URL:-}" ] && [ -n "${NEXT_VERSION:-}" ]; then
+            CONTAINER_URL="${DOCKER_UI_URL}/${NEXT_VERSION}"
+          fi
+          bash scripts/report-status.sh success "Docker push $NEXT_VERSION OK" ci-docker-push "" "$CONTAINER_URL"
 
       - name: Report status FAILURE
         if: steps.gatekeeper.outputs.skip == 'false' && failure()
diff --git a/.gitea/workflows/gitea-env.conf b/.gitea/workflows/gitea-env.conf
index 72dba50..3a89695 100644
--- a/.gitea/workflows/gitea-env.conf
+++ b/.gitea/workflows/gitea-env.conf
@@ -1,2 +1,5 @@
 GITEA_API_URL=https://gitea.app.keskikuja.site
 GIT_PAGES_URL=https://ci-reports.helm-dev.keskikuja.site
+DOCKER_REGISTRY=gitea.app.keskikuja.site/niko
+DOCKER_IMAGE_TAG=gitea-ci-library-test-image
+DOCKER_UI_URL=https://gitea.app.keskikuja.site/niko/gitea-ci-library/packages
diff --git a/guides/docker-registry-setup.md b/guides/docker-registry-setup.md
new file mode 100644
index 0000000..defeefd
--- /dev/null
+++ b/guides/docker-registry-setup.md
@@ -0,0 +1,85 @@
+# Docker Registry Setup
+
+Pipeline rakentaa Docker-kontin ja pushee sen haluttuun registryyn. Konfigurointi `gitea-env.conf`issa, tunnukset repository Secrets -muuttujina.
+
+---
+
+## 1. `gitea-env.conf` — Docker-kentät
+
+| Kenttä | Pakollinen | Kuvaus | Esimerkki |
+|---|---|---|---|
+| `DOCKER_REGISTRY` | **kyllä** | Registry + mahdollinen organisaatio. Koko etuliite ennen kuvan nimeä. Login käyttää ensimmäistä `/`-edeltävää osaa | `gitea.app.keskikuja.site/niko` |
+| `DOCKER_IMAGE_TAG` | **kyllä** | Pelkkä kuvan nimi (ilman tagia, ilman rekisteriä, ilman organisaatiota) | `gitea-ci-library-test-image` |
+| `DOCKER_UI_URL` | ei | Base-URL kontin UI-sivulle. Workflow liittää perään `/VERSION` | `https://gitea.app.keskikuja.site/-/packages/container/niko/gitea-ci-library` |
+
+**Koko image-ref:** `${DOCKER_REGISTRY}/${DOCKER_IMAGE_TAG}:${VERSION}`  
+Esimerkki: `gitea.app.keskikuja.site/niko/gitea-ci-library-test-image:0.1.0`
+
+**Paikallinen build-tagi:** `${DOCKER_IMAGE_TAG}:${VERSION}`  
+Esimerkki: `gitea-ci-library-test-image:0.1.0`
+
+---
+
+## 2. Gitea Secrets — tunnukset
+
+Workflow tekee `docker login -u "$DOCKER_USERNAME" --password-stdin`. Mitä arvoja laitetaan, riippuu registrystä:
+
+| Registry | `DOCKER_USERNAME` | `DOCKER_PASSWORD` | Mistä saadaan |
+|---|---|---|---|
+| Gitea Packages | `${{ github.actor }}` (automaattinen) | **PAT** scope `write:packages` | User Settings → Applications → Generate Token |
+| Docker Hub | Docker Hub -käyttäjä | Access Token (ei salasana) | Hub Account Settings → Security → Access Tokens |
+| Artifactory | service account -tunnus | API-token | Artifactory Admin → Users → käyttäjä → token |
+
+`DOCKER_USERNAME` on optionaalinen — jos sitä ei ole asetettu, workflow käyttää `${{ github.actor }}` (workflowin käynnistäjä). Riittää asettaa vain `DOCKER_PASSWORD`.
+
+**Asetus:** Repository → Settings → Actions → Secrets → **Add new secret**
+
+---
+
+## 3. Esimerkkejä
+
+### 3a. Gitea Packages
+
+```
+DOCKER_REGISTRY=gitea.app.keskikuja.site/niko
+DOCKER_IMAGE_TAG=gitea-ci-library-test-image
+DOCKER_UI_URL=https://gitea.app.keskikuja.site/-/packages/container/niko/gitea-ci-library
+```
+
+- `DOCKER_USERNAME` = Gitea-käyttäjätunnus
+- `DOCKER_PASSWORD` = **PAT** (User Settings → Applications → Generate Token, scope `write:packages`)
+
+> Runnerin automaattinen `GITEA_TOKEN` ei yleensä sisällä `write:packages`-scopea. Tarvitaan erillinen PAT.
+
+### 3b. Docker Hub
+
+```
+DOCKER_REGISTRY=docker.io/library
+DOCKER_IMAGE_TAG=oma-kuva
+DOCKER_UI_URL=https://hub.docker.com/r/library/oma-kuva
+```
+
+- `DOCKER_USERNAME` = Docker Hub -käyttäjätunnus
+- `DOCKER_PASSWORD` = Docker Hub Access Token (suositeltu) tai salasana
+
+### 3c. Artifactory (kuten legacy Jenkins)
+
+```
+DOCKER_REGISTRY=ngdo-docker.artifactorypro.shared.pub.tds.tieto.com
+DOCKER_IMAGE_TAG=microservice-temperature-store
+DOCKER_UI_URL=https://artifactorypro.shared.pub.tds.tieto.com/ui/repos/tree/General/ngdo-docker.artifactorypro.shared.pub.tds.tieto.com/microservice-temperature-store
+```
+
+- `DOCKER_USERNAME` = Artifactory-käyttäjätunnus
+- `DOCKER_PASSWORD` = Artifactoryn API-token
+
+---
+
+## 4. Tarkistuslista
+
+- [ ] `DOCKER_REGISTRY` asetettu (registry + org)
+- [ ] `DOCKER_IMAGE_TAG` asetettu (pelkkä nimi)
+- [ ] (tarvittaessa) `DOCKER_USERNAME`-secret — oletus `github.actor`
+- [ ] `DOCKER_PASSWORD`-secret luotu repoon (PAT/token/salasana)
+- [ ] Tokenilla/salasanalla oikeus **pushata** registryyn
+- [ ] (valinnainen) `DOCKER_UI_URL` asetettu → commit status linkkaa kontin UI-sivulle
diff --git a/scripts/report-status.sh b/scripts/report-status.sh
index 5c70a20..5d7f8c9 100755
--- a/scripts/report-status.sh
+++ b/scripts/report-status.sh
@@ -7,13 +7,16 @@ STATE="${1:-}"
 DESCRIPTION="${2:-}"
 KEY="${3:-commit-${GITHUB_SHA:0:8}}"
 SUITE="${4:-}"
+CUSTOM_URL="${5:-}"
 
 [ -z "$STATE" ] && echo "ERROR: state argument is required" >&2 && exit 1
 [ -z "$DESCRIPTION" ] && echo "ERROR: description argument is required" >&2 && exit 1
 [ -z "${GITEA_API_URL:-}" ] && echo "ERROR: GITEA_API_URL is not set" >&2 && exit 1
 [ -z "${GITEA_TOKEN:-}" ] && echo "ERROR: GITEA_TOKEN is not set" >&2 && exit 1
 
-if [ -n "$SUITE" ]; then
+if [ -n "$CUSTOM_URL" ]; then
+  URL="$CUSTOM_URL"
+elif [ -n "$SUITE" ]; then
   SUITE="${SUITE%/}/"
   URL="${GIT_PAGES_URL}/${GITHUB_REPOSITORY}/reports/${GITHUB_SHA:0:8}/${SUITE}"
 else