.forgejo/workflows/release-image.yml

name: Release Docker Image
concurrency:
  group: "release-image-${{ github.ref }}"

on:
  pull_request:
    paths-ignore:
      - "*.md"
      - "**/*.md"
      - ".gitlab-ci.yml"
      - ".gitignore"
      - "renovate.json"
      - "pkg/**"
      - "docker/**"
      - "docs/**"
  push:
    branches:
      - main
    paths-ignore:
      - "*.md"
      - "**/*.md"
      - ".gitlab-ci.yml"
      - ".gitignore"
      - "renovate.json"
      - "pkg/**"
      - "docker/**"
      - "docs/**"
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

env:
  BUILTIN_REGISTRY: forgejo.ellis.link
  BUILTIN_REGISTRY_ENABLED: "${{ ((vars.BUILTIN_REGISTRY_USER && secrets.BUILTIN_REGISTRY_PASSWORD) || (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)) && 'true' || 'false' }}"

jobs:
  define-variables:
    runs-on: ubuntu-latest

    outputs:
      images: ${{ steps.var.outputs.images }}
      images_list: ${{ steps.var.outputs.images_list }}
      build_matrix: ${{ steps.var.outputs.build_matrix }}

    steps:
      - name: Setting variables
        uses: https://github.com/actions/github-script@v7
        id: var
        with:
          script: |
            const githubRepo = '${{ github.repository }}'.toLowerCase()
            const repoId = githubRepo.split('/')[1]

            core.setOutput('github_repository', githubRepo)
            const builtinImage = '${{ env.BUILTIN_REGISTRY }}/' + githubRepo
            let images = []
            if (process.env.BUILTIN_REGISTRY_ENABLED === "true") {
              images.push(builtinImage)
            }
            core.setOutput('images', images.join("\n"))
            core.setOutput('images_list', images.join(","))
            const platforms = ['linux/amd64', 'linux/arm64']
            core.setOutput('build_matrix', JSON.stringify({
              platform: platforms,
              target_cpu: ['base'],
              include: platforms.map(platform => { return {
                platform,
                slug: platform.replace('/', '-')
              }})
            }))

  build-image:
    runs-on: dind
    needs: define-variables
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
    strategy:
      matrix:
        {
          "target_cpu": ["base"],
          "profile": ["release"],
          "include":
            [
              { "platform": "linux/amd64", "slug": "linux-amd64" },
              { "platform": "linux/arm64", "slug": "linux-arm64" },
            ],
          "platform": ["linux/amd64", "linux/arm64"],
        }

    steps:
      - name: Echo strategy
        run: echo '${{ toJSON(fromJSON(needs.define-variables.outputs.build_matrix)) }}'
      - name: Echo matrix
        run: echo '${{ toJSON(matrix) }}'

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Install rust
        id: rust-toolchain
        uses: ./.forgejo/actions/rust-toolchain

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
      - name: Login to builtin registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.BUILTIN_REGISTRY }}
          username: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }}
          password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}

      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
      - name: Extract metadata (labels, annotations) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{needs.define-variables.outputs.images}}
          # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
        env:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index

      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
      # It will not push images generated from a pull request
      - name: Get short git commit SHA
        id: sha
        run: |
          calculatedSha=$(git rev-parse --short ${{ github.sha }})
          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
      - name: Get Git commit timestamps
        run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV

      - uses: ./.forgejo/actions/timelord
        with:
          key: timelord-v0
          path: .

      - name: Cache Rust registry
        uses: actions/cache@v3
        with:
          path: |
            .cargo/git
            .cargo/git/checkouts
            .cargo/registry
            .cargo/registry/src
          key: rust-registry-image-${{hashFiles('**/Cargo.lock') }}
      - name: Cache cargo target
        id: cache-cargo-target
        uses: actions/cache@v3
        with:
          path: |
            cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}
          key: cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}-${{hashFiles('**/Cargo.lock') }}-${{steps.rust-toolchain.outputs.rustc_version}}
      - name: Cache apt cache
        id: cache-apt
        uses: actions/cache@v3
        with:
          path: |
            var-cache-apt-${{ matrix.slug }}
          key: var-cache-apt-${{ matrix.slug }}
      - name: Cache apt lib
        id: cache-apt-lib
        uses: actions/cache@v3
        with:
          path: |
            var-lib-apt-${{ matrix.slug }}
          key: var-lib-apt-${{ matrix.slug }}
      - name: inject cache into docker
        uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.0
        with:
          cache-map: |
            {
              ".cargo/registry": "/usr/local/cargo/registry",
              ".cargo/git/db": "/usr/local/cargo/git/db",
              "cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}": {
                "target": "/app/target",
                "id": "cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}"
              },
              "var-cache-apt-${{ matrix.slug }}": "/var/cache/apt",
              "var-lib-apt-${{ matrix.slug }}": "/var/lib/apt"
            }
          skip-extraction: ${{ steps.cache.outputs.cache-hit }}

      - name: Build and push Docker image by digest
        id: build
        uses: docker/build-push-action@v6
        with:
          context: .
          file: "docker/Dockerfile"
          build-args: |
            GIT_COMMIT_HASH=${{ github.sha }})
            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
            GIT_REMOTE_URL=${{github.event.repository.html_url }}
            GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          cache-from: type=gha
          # cache-to: type=gha,mode=max
          sbom: true
          outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true
        env:
          SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}

      # For publishing multi-platform manifests
      - name: Export digest
        run: |
          mkdir -p /tmp/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "/tmp/digests/${digest#sha256:}"

      - name: Extract binary from container (image)
        id: extract-binary-image
        run: |
          mkdir -p /tmp/binaries
          digest="${{ steps.build.outputs.digest }}"
          echo "container_id=$(docker create --platform ${{ matrix.platform }} ${{ needs.define-variables.outputs.images_list }}@$digest)" >> $GITHUB_OUTPUT
      - name: Extract binary from container (copy)
        run: docker cp ${{ steps.extract-binary-image.outputs.container_id }}:/sbin/conduwuit /tmp/binaries/conduwuit-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}
      - name: Extract binary from container (cleanup)
        run: docker rm ${{ steps.extract-binary-image.outputs.container_id }}

      - name: Upload binary artifact
        uses: forgejo/upload-artifact@v4
        with:
          name: conduwuit-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}
          path: /tmp/binaries/conduwuit-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}
          if-no-files-found: error

      - name: Upload digest
        uses: forgejo/upload-artifact@v4
        with:
          name: digests-${{ matrix.slug }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 5

  merge:
    runs-on: dind
    needs: [define-variables, build-image]
    steps:
      - name: Download digests
        uses: forgejo/download-artifact@v4
        with:
          path: /tmp/digests
          pattern: digests-*
          merge-multiple: true
      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
      - name: Login to builtin registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.BUILTIN_REGISTRY }}
          username: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }}
          password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}

      - name: Extract metadata (tags) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          tags: |
            type=semver,pattern={{version}},prefix=v
            type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') }},prefix=v
            type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }},prefix=v
            type=ref,event=branch,prefix=${{ format('refs/heads/{0}', github.event.repository.default_branch) != github.ref && 'branch-' || '' }}
            type=ref,event=pr
            type=sha,format=long
            type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
          images: ${{needs.define-variables.outputs.images}}
          # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
        env:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: index

      - name: Create manifest list and push
        working-directory: /tmp/digests
        env:
          IMAGES: ${{needs.define-variables.outputs.images}}
        shell: bash
        run: |
          IFS=$'\n'
          IMAGES_LIST=($IMAGES)
          ANNOTATIONS_LIST=($DOCKER_METADATA_OUTPUT_ANNOTATIONS)
          TAGS_LIST=($DOCKER_METADATA_OUTPUT_TAGS)
          for REPO in "${IMAGES_LIST[@]}"; do
              docker buildx imagetools create \
                $(for tag in "${TAGS_LIST[@]}"; do echo "--tag"; echo "$tag"; done) \
                $(for annotation in "${ANNOTATIONS_LIST[@]}"; do echo "--annotation"; echo "$annotation"; done) \
                $(for reference in *; do printf "$REPO@sha256:%s\n" $reference; done)
          done

      - name: Inspect image
        env:
          IMAGES: ${{needs.define-variables.outputs.images}}
        shell: bash
        run: |
          IMAGES_LIST=($IMAGES)
          for REPO in "${IMAGES_LIST[@]}"; do
            docker buildx imagetools inspect $REPO:${{ steps.meta.outputs.version }}
          done
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`name: Release Docker Image`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`concurrency:`
ci: Limit concurrency 2025-04-17 14:35:16 +01:00			`group: "release-image-${{ github.ref }}"`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00
			`on:`
ci: Fix CI not triggering on external pull requests 2025-09-06 15:20:45 +01:00			`pull_request:`
			`paths-ignore:`
			`- "*.md"`
			`- "*/.md"`
			`- ".gitlab-ci.yml"`
			`- ".gitignore"`
			`- "renovate.json"`
			`- "pkg/**"`
			`- "docker/**"`
			`- "docs/**"`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`push:`
ci: Fix CI not triggering on external pull requests 2025-09-06 15:20:45 +01:00			`branches:`
fix: Remove bad colon in workflow 2025-09-06 16:21:21 +01:00			`- main`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`paths-ignore:`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`- "*.md"`
			`- "*/.md"`
			`- ".gitlab-ci.yml"`
			`- ".gitignore"`
			`- "renovate.json"`
fix: Move packaging files from `dist/` to `pkg/` 2025-09-02 12:20:23 -04:00			`- "pkg/**"`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`- "docker/**"`
			`- "docs/**"`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`# Allows you to run this workflow manually from the Actions tab`
			`workflow_dispatch:`

			`env:`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`BUILTIN_REGISTRY: forgejo.ellis.link`
			`BUILTIN_REGISTRY_ENABLED: "${{ ((vars.BUILTIN_REGISTRY_USER && secrets.BUILTIN_REGISTRY_PASSWORD) \|\| (github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.fork == false)) && 'true' \|\| 'false' }}"`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00
			`jobs:`
			`define-variables:`
			`runs-on: ubuntu-latest`

			`outputs:`
			`images: ${{ steps.var.outputs.images }}`
			`images_list: ${{ steps.var.outputs.images_list }}`
			`build_matrix: ${{ steps.var.outputs.build_matrix }}`

			`steps:`
			`- name: Setting variables`
			`uses: https://github.com/actions/github-script@v7`
			`id: var`
			`with:`
			`script: \|`
			`const githubRepo = '${{ github.repository }}'.toLowerCase()`
			`const repoId = githubRepo.split('/')[1]`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`core.setOutput('github_repository', githubRepo)`
			`const builtinImage = '${{ env.BUILTIN_REGISTRY }}/' + githubRepo`
			`let images = []`
			`if (process.env.BUILTIN_REGISTRY_ENABLED === "true") {`
			`images.push(builtinImage)`
			`}`
			`core.setOutput('images', images.join("\n"))`
			`core.setOutput('images_list', images.join(","))`
			`const platforms = ['linux/amd64', 'linux/arm64']`
			`core.setOutput('build_matrix', JSON.stringify({`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`platform: platforms,`
build: Allow specifying build profile 2025-06-20 21:48:37 +01:00			`target_cpu: ['base'],`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`include: platforms.map(platform => { return {`
			`platform,`
			`slug: platform.replace('/', '-')`
			`}})`
			`}))`

			`build-image:`
ci: Use dind label 2025-04-18 14:09:09 +01:00			`runs-on: dind`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`needs: define-variables`
			`permissions:`
			`contents: read`
			`packages: write`
			`attestations: write`
			`id-token: write`
			`strategy:`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`matrix:`
			`{`
build: Allow specifying build profile 2025-06-20 21:48:37 +01:00			`"target_cpu": ["base"],`
			`"profile": ["release"],`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`"include":`
			`[`
			`{ "platform": "linux/amd64", "slug": "linux-amd64" },`
			`{ "platform": "linux/arm64", "slug": "linux-arm64" },`
			`],`
			`"platform": ["linux/amd64", "linux/arm64"],`
			`}`
build: Allow specifying build profile 2025-06-20 21:48:37 +01:00
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`steps:`
			`- name: Echo strategy`
			`run: echo '${{ toJSON(fromJSON(needs.define-variables.outputs.build_matrix)) }}'`
			`- name: Echo matrix`
			`run: echo '${{ toJSON(matrix) }}'`
ci: Cache docker image build mounts 2025-05-20 22:56:51 +01:00
ci: Cache timelord-cli to avoid unnecesary compilation 2025-05-01 00:47:03 +01:00			`- name: Checkout repository`
			`uses: actions/checkout@v4`
			`with:`
			`persist-credentials: false`
ci: Check formatting 2025-05-11 17:42:57 +01:00			`- name: Install rust`
ci: Cache docker image build mounts 2025-05-20 22:56:51 +01:00			`id: rust-toolchain`
ci: Check formatting 2025-05-11 17:42:57 +01:00			`uses: ./.forgejo/actions/rust-toolchain`
ci: Cache timelord-cli to avoid unnecesary compilation 2025-05-01 00:47:03 +01:00
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`- name: Set up Docker Buildx`
			`uses: docker/setup-buildx-action@v3`
ci: Support optional persistent BuildKit endpoints in Docker builds 2025-09-06 15:55:24 +01:00			`with:`
			`# Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)`
			`driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' \|\| 'docker-container' }}`
			`endpoint: ${{ env.BUILDKIT_ENDPOINT \|\| '' }}`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`- name: Set up QEMU`
			`uses: docker/setup-qemu-action@v3`
			# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
			`- name: Login to builtin registry`
			`uses: docker/login-action@v3`
			`with:`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`registry: ${{ env.BUILTIN_REGISTRY }}`
			`username: ${{ vars.BUILTIN_REGISTRY_USER \|\| github.actor }}`
			`password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD \|\| secrets.GITHUB_TOKEN }}`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00
			# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
			`- name: Extract metadata (labels, annotations) for Docker`
			`id: meta`
			`uses: docker/metadata-action@v5`
			`with:`
			`images: ${{needs.define-variables.outputs.images}}`
			`# default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509`
			`env:`
			`DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index`

			# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
			# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
			# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
			`# It will not push images generated from a pull request`
			`- name: Get short git commit SHA`
			`id: sha`
			`run: \|`
			`calculatedSha=$(git rev-parse --short ${{ github.sha }})`
			`echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV`
			`- name: Get Git commit timestamps`
			`run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV`
ci: Refactor timelord to its own action 2025-05-11 20:34:22 +01:00
			`- uses: ./.forgejo/actions/timelord`
ci: Move timelord to actions to avoid bad cache invalidations from cargo 2025-04-18 22:38:17 +01:00			`with:`
			`key: timelord-v0`
ci: Refactor timelord to its own action 2025-05-11 20:34:22 +01:00			`path: .`

ci: Cache docker image build mounts 2025-05-20 22:56:51 +01:00			`- name: Cache Rust registry`
			`uses: actions/cache@v3`
			`with:`
			`path: \|`
			`.cargo/git`
			`.cargo/git/checkouts`
			`.cargo/registry`
			`.cargo/registry/src`
			`key: rust-registry-image-${{hashFiles('**/Cargo.lock') }}`
			`- name: Cache cargo target`
			`id: cache-cargo-target`
			`uses: actions/cache@v3`
			`with:`
			`path: \|`
build: Allow specifying build profile 2025-06-20 21:48:37 +01:00			`cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}`
			`key: cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}-${{hashFiles('**/Cargo.lock') }}-${{steps.rust-toolchain.outputs.rustc_version}}`
ci: Cache docker image build mounts 2025-05-20 22:56:51 +01:00			`- name: Cache apt cache`
			`id: cache-apt`
			`uses: actions/cache@v3`
			`with:`
			`path: \|`
			`var-cache-apt-${{ matrix.slug }}`
			`key: var-cache-apt-${{ matrix.slug }}`
			`- name: Cache apt lib`
			`id: cache-apt-lib`
			`uses: actions/cache@v3`
			`with:`
			`path: \|`
			`var-lib-apt-${{ matrix.slug }}`
			`key: var-lib-apt-${{ matrix.slug }}`
			`- name: inject cache into docker`
chore(deps): update https://github.com/reproducible-containers/buildkit-cache-dance action to v3.3.0 2025-08-31 00:44:28 +00:00			`uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.0`
ci: Cache docker image build mounts 2025-05-20 22:56:51 +01:00			`with:`
			`cache-map: \|`
			`{`
			`".cargo/registry": "/usr/local/cargo/registry",`
			`".cargo/git/db": "/usr/local/cargo/git/db",`
build: Allow specifying build profile 2025-06-20 21:48:37 +01:00			`"cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}": {`
ci: Cache docker image build mounts 2025-05-20 22:56:51 +01:00			`"target": "/app/target",`
build: Allow specifying build profile 2025-06-20 21:48:37 +01:00			`"id": "cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}"`
ci: Cache docker image build mounts 2025-05-20 22:56:51 +01:00			`},`
			`"var-cache-apt-${{ matrix.slug }}": "/var/cache/apt",`
			`"var-lib-apt-${{ matrix.slug }}": "/var/lib/apt"`
			`}`
			`skip-extraction: ${{ steps.cache.outputs.cache-hit }}`

feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`- name: Build and push Docker image by digest`
			`id: build`
			`uses: docker/build-push-action@v6`
			`with:`
			`context: .`
			`file: "docker/Dockerfile"`
			`build-args: \|`
refactor: Move git version info gather in into a build script 2025-05-01 00:38:35 +01:00			`GIT_COMMIT_HASH=${{ github.sha }})`
ci: Fix extra bracket in commit shorthash 2025-06-13 14:29:14 +01:00			`GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}`
refactor: Move git version info gather in into a build script 2025-05-01 00:38:35 +01:00			`GIT_REMOTE_URL=${{github.event.repository.html_url }}`
			`GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`platforms: ${{ matrix.platform }}`
			`labels: ${{ steps.meta.outputs.labels }}`
			`annotations: ${{ steps.meta.outputs.annotations }}`
ci: Enable buildx caching 2025-04-18 21:05:17 +01:00			`cache-from: type=gha`
ci: HACK, disable saving to actions cache 2025-05-26 19:16:50 +01:00			`# cache-to: type=gha,mode=max`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`sbom: true`
			`outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true`
			`env:`
			`SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}`

			`# For publishing multi-platform manifests`
			`- name: Export digest`
			`run: \|`
			`mkdir -p /tmp/digests`
			`digest="${{ steps.build.outputs.digest }}"`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`touch "/tmp/digests/${digest#sha256:}"`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00
ci: Upload binaries as artifacts 2025-07-06 22:18:51 +01:00			`- name: Extract binary from container (image)`
			`id: extract-binary-image`
			`run: \|`
			`mkdir -p /tmp/binaries`
			`digest="${{ steps.build.outputs.digest }}"`
			`echo "container_id=$(docker create --platform ${{ matrix.platform }} ${{ needs.define-variables.outputs.images_list }}@$digest)" >> $GITHUB_OUTPUT`
			`- name: Extract binary from container (copy)`
			`run: docker cp ${{ steps.extract-binary-image.outputs.container_id }}:/sbin/conduwuit /tmp/binaries/conduwuit-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}`
			`- name: Extract binary from container (cleanup)`
			`run: docker rm ${{ steps.extract-binary-image.outputs.container_id }}`

			`- name: Upload binary artifact`
			`uses: forgejo/upload-artifact@v4`
			`with:`
			`name: conduwuit-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}`
			`path: /tmp/binaries/conduwuit-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}`
			`if-no-files-found: error`

feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`- name: Upload digest`
fix: Use forgejo patched artifact actions 2025-04-17 12:06:45 +01:00			`uses: forgejo/upload-artifact@v4`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`with:`
			`name: digests-${{ matrix.slug }}`
			`path: /tmp/digests/*`
			`if-no-files-found: error`
ci: Upload binaries as artifacts 2025-07-06 22:18:51 +01:00			`retention-days: 5`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`merge:`
ci: Use dind label 2025-04-18 14:09:09 +01:00			`runs-on: dind`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`needs: [define-variables, build-image]`
			`steps:`
			`- name: Download digests`
fix: Use forgejo patched artifact actions 2025-04-17 12:06:45 +01:00			`uses: forgejo/download-artifact@v4`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`with:`
			`path: /tmp/digests`
			`pattern: digests-*`
			`merge-multiple: true`
			# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
			`- name: Login to builtin registry`
			`uses: docker/login-action@v3`
			`with:`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`registry: ${{ env.BUILTIN_REGISTRY }}`
			`username: ${{ vars.BUILTIN_REGISTRY_USER \|\| github.actor }}`
			`password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD \|\| secrets.GITHUB_TOKEN }}`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00
			`- name: Set up Docker Buildx`
			`uses: docker/setup-buildx-action@v3`
ci: Support optional persistent BuildKit endpoints in Docker builds 2025-09-06 15:55:24 +01:00			`with:`
			`# Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)`
			`driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' \|\| 'docker-container' }}`
			`endpoint: ${{ env.BUILDKIT_ENDPOINT \|\| '' }}`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00
			`- name: Extract metadata (tags) for Docker`
			`id: meta`
			`uses: docker/metadata-action@v5`
			`with:`
			`tags: \|`
ci: Fix docker tags 2025-07-07 00:08:54 +01:00			`type=semver,pattern={{version}},prefix=v`
			`type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') }},prefix=v`
			`type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }},prefix=v`
ci: Fix bad comparison 2025-05-01 21:27:12 +01:00			`type=ref,event=branch,prefix=${{ format('refs/heads/{0}', github.event.repository.default_branch) != github.ref && 'branch-' \|\| '' }}`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`type=ref,event=pr`
			`type=sha,format=long`
ci: Fix inverted latest tag 2025-07-20 20:58:58 +01:00			`type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00			`images: ${{needs.define-variables.outputs.images}}`
			`# default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509`
			`env:`
Ignore all markdown for auto image builds 2025-04-24 17:24:28 +01:00			`DOCKER_METADATA_ANNOTATIONS_LEVELS: index`
feat: Docker images built with Forgejo Actions 2025-04-16 18:54:36 +01:00
			`- name: Create manifest list and push`
			`working-directory: /tmp/digests`
			`env:`
			`IMAGES: ${{needs.define-variables.outputs.images}}`
			`shell: bash`
			`run: \|`
			`IFS=$'\n'`
			`IMAGES_LIST=($IMAGES)`
			`ANNOTATIONS_LIST=($DOCKER_METADATA_OUTPUT_ANNOTATIONS)`
			`TAGS_LIST=($DOCKER_METADATA_OUTPUT_TAGS)`
			`for REPO in "${IMAGES_LIST[@]}"; do`
			`docker buildx imagetools create \`
			`$(for tag in "${TAGS_LIST[@]}"; do echo "--tag"; echo "$tag"; done) \`
			`$(for annotation in "${ANNOTATIONS_LIST[@]}"; do echo "--annotation"; echo "$annotation"; done) \`
			`$(for reference in *; do printf "$REPO@sha256:%s\n" $reference; done)`
			`done`

			`- name: Inspect image`
			`env:`
			`IMAGES: ${{needs.define-variables.outputs.images}}`
			`shell: bash`
			`run: \|`
			`IMAGES_LIST=($IMAGES)`
			`for REPO in "${IMAGES_LIST[@]}"; do`
			`docker buildx imagetools inspect $REPO:${{ steps.meta.outputs.version }}`
			`done`