name: Build & Publish Artifact on: workflow_call: inputs: env_json: required: true type: string bats-image: required: true type: string cucumber-node-image: required: true type: string secrets: GITEA_TOKEN: required: true GIT_PAGES_PUBLISH_TOKEN: required: true env: GITEA_API_URL: ${{ fromJson(inputs.env_json).GITEA_API_URL }} GIT_PAGES_URL: ${{ fromJson(inputs.env_json).GIT_PAGES_URL }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }} jobs: check: runs-on: ubuntu-latest outputs: artifact_exists: ${{ steps.check.outputs.artifact_exists }} version: ${{ steps.check.outputs.version }} steps: - uses: actions/checkout@v4 - name: Check existing artifact id: check run: | bash scripts/report-status.sh pending "Checking version..." ci-check-running VERSION=$(jq -r '.version' package.json) echo "version=$VERSION" >> "$GITHUB_OUTPUT" TAGS_JSON=$(curl -s -H "Authorization: token $GITEA_TOKEN" \ "$GITEA_API_URL/api/v1/repos/${{ github.repository }}/tags" 2>&1) CURL_EXIT=$? if [ "${CURL_EXIT}" != "0" ]; then echo "ERROR: curl failed with exit code ${CURL_EXIT}" >&2 echo "artifact_exists=false" >> "$GITHUB_OUTPUT" exit ${CURL_EXIT} fi TAG=$(echo "$TAGS_JSON" | jq -r 'if type == "array" then .[] | select(.commit.sha == "'"$GITHUB_SHA"'") | .name else empty end' | head -1) if [ -n "$TAG" ]; then echo "artifact_exists=true" >> "$GITHUB_OUTPUT" echo "artifact_tag=$TAG" >> "$GITHUB_OUTPUT" echo "Build skipped: commit already tagged as $TAG" else echo "artifact_exists=false" >> "$GITHUB_OUTPUT" echo "Build required: no tag for this commit" fi - name: Report check status if: always() run: | VERSION="${{ steps.check.outputs.version }}" ARTIFACT_EXISTS="${{ steps.check.outputs.artifact_exists }}" ARTIFACT_TAG="${{ steps.check.outputs.artifact_tag }}" if [ "${{ steps.check.outcome }}" = "success" ]; then if [ "${ARTIFACT_EXISTS}" = "true" ]; then bash scripts/report-status.sh success "Skip build: version $VERSION exists as $ARTIFACT_TAG" ci-check else bash scripts/report-status.sh success "Build version $VERSION required" ci-check fi else bash scripts/report-status.sh failure "Check version $VERSION FAILED" ci-check exit 1 fi quality-gate: needs: [check] if: needs.check.outputs.artifact_exists == 'false' uses: niko/gitea-ci-library/.gitea/workflows/quality-gate.yml@main secrets: inherit with: env_json: ${{ inputs.env_json }} bats-image: ${{ inputs.bats-image }} cucumber-node-image: ${{ inputs.cucumber-node-image }} build: needs: [check, quality-gate] if: | needs.check.outputs.artifact_exists == 'false' && needs.quality-gate.result == 'success' runs-on: ubuntu-latest services: docker: image: docker:dind env: DOCKER_TLS_CERTDIR: "" env: DOCKER_HOST: tcp://docker:2375 steps: - uses: actions/checkout@v4 - name: Build container shell: bash id: build run: | bash scripts/report-status.sh pending "Building Docker image..." ci-docker-build-running VERSION="${{ needs.check.outputs.version }}" NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ) docker build \ --label "git.commit=${GITHUB_SHA:0:8}" \ --label "git.commitBy=${GITHUB_ACTOR}" \ --label "build.date=${NOW}" \ -t "minimal:${VERSION}" . echo "exit-code=$?" >> "$GITHUB_OUTPUT" - name: Report docker build status if: always() run: | VERSION="${{ needs.check.outputs.version }}" BUILD_EXIT="${{ steps.build.outputs.exit-code }}" if [ "${BUILD_EXIT}" = "0" ]; then bash scripts/report-status.sh success "Docker build $VERSION OK" ci-docker-build else bash scripts/report-status.sh failure "Docker build $VERSION FAILED" ci-docker-build fi exit ${BUILD_EXIT} - name: Save Docker image if: success() run: | VERSION="${{ needs.check.outputs.version }}" mkdir -p /tmp/image docker save "minimal:${VERSION}" -o /tmp/image/artifact.tar - name: Upload Docker image artifact if: success() uses: actions/upload-artifact@v4 with: name: docker-image path: /tmp/image/artifact.tar push: needs: [check, build] runs-on: ubuntu-latest services: docker: image: docker:dind env: DOCKER_TLS_CERTDIR: "" env: DOCKER_HOST: tcp://docker:2375 steps: - uses: actions/checkout@v4 - name: Load saved Docker image uses: actions/download-artifact@v4 with: name: docker-image path: /tmp/image - name: Push to Gitea Packages shell: bash id: push run: | bash scripts/report-status.sh pending "Pushing to registry..." ci-docker-push-running VERSION="${{ needs.check.outputs.version }}" docker load -i /tmp/image/artifact.tar REGISTRY=$(echo "$GITEA_API_URL" | sed 's|https://||') IMAGE="$REGISTRY/niko/gitea-ci-library/minimal:$VERSION" docker tag "minimal:$VERSION" "$IMAGE" docker login "$REGISTRY" -u niko -p "$GITEA_TOKEN" docker push "$IMAGE" docker logout "$REGISTRY" > /dev/null 2>&1 echo "exit-code=$?" >> "$GITHUB_OUTPUT" - name: Report docker push status if: always() run: | VERSION="${{ needs.check.outputs.version }}" PUSH_EXIT="${{ steps.push.outputs.exit-code }}" if [ "${PUSH_EXIT}" = "0" ]; then bash scripts/report-status.sh success "Docker push $VERSION OK" ci-docker-push else bash scripts/report-status.sh failure "Docker push $VERSION FAILED" ci-docker-push fi exit ${PUSH_EXIT} tag-commit: needs: [check, push] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Create git tag shell: bash id: tag run: | bash scripts/report-status.sh pending "Creating tag..." ci-docker-tag-running VERSION="${{ needs.check.outputs.version }}" HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \ "$GITEA_API_URL/api/v1/repos/${{ github.repository }}/tags" \ -H "Authorization: token $GITEA_TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"tag_name\": \"$VERSION\", \"message\": \"Build #$GITHUB_RUN_NUMBER\", \"target\": \"$GITHUB_SHA\" }") if [ "$HTTP_CODE" = "201" ]; then echo "Tag $VERSION created" echo "status=success" >> "$GITHUB_OUTPUT" echo "message=Tag $VERSION created" >> "$GITHUB_OUTPUT" elif [ "$HTTP_CODE" = "409" ]; then echo "Tag $VERSION already exists (parallel build won), skipping" echo "status=success" >> "$GITHUB_OUTPUT" echo "message=Tag exists" >> "$GITHUB_OUTPUT" else echo "status=failure" >> "$GITHUB_OUTPUT" echo "message=Tag FAILED HTTP $HTTP_CODE" >> "$GITHUB_OUTPUT" echo "exit-code=$HTTP_CODE" >> "$GITHUB_OUTPUT" fi - name: Report docker tag status if: always() run: | VERSION="${{ needs.check.outputs.version }}" TAG_STATUS="${{ steps.tag.outputs.status }}" TAG_MESSAGE="${{ steps.tag.outputs.message }}" if [ "${TAG_STATUS}" = "success" ]; then bash scripts/report-status.sh success "Tag $VERSION OK" ci-docker-tag else TAG_EXIT="${{ steps.tag.outputs.exit-code }}" bash scripts/report-status.sh failure "Tag $VERSION FAILED" ci-docker-tag exit ${TAG_EXIT} fi