diff --git a/.gitea/workflows/publish-nx-webmail-image.yml b/.gitea/workflows/publish-nx-webmail-image.yml new file mode 100644 index 0000000..624cf1f --- /dev/null +++ b/.gitea/workflows/publish-nx-webmail-image.yml @@ -0,0 +1,82 @@ +name: Publish nx-webmail Image (Gitea) + +on: + push: + branches: + - main + paths: + - "nx-webmail/**" + - ".gitea/workflows/publish-nx-webmail-image.yml" + workflow_dispatch: + +jobs: + publish: + if: ${{ !contains(gitea.actor, '[bot]') }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Read app version + id: meta + shell: bash + run: | + version=$(grep '^version:' nx-webmail/umbrel-app.yml | awk -F'"' '{print $2}') + if [ -z "$version" ]; then + echo "Could not read nx-webmail version from umbrel-app.yml" >&2 + exit 1 + fi + echo "version=$version" >> "$GITHUB_OUTPUT" + echo "image=ghcr.io/weektab/nx-webmail" >> "$GITHUB_OUTPUT" + + - name: Build and push image + id: build + uses: docker/build-push-action@v6 + with: + context: ./nx-webmail + file: ./nx-webmail/Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ steps.meta.outputs.image }}:${{ steps.meta.outputs.version }} + ${{ steps.meta.outputs.image }}:latest + + - name: Pin digest in docker-compose + shell: bash + run: | + digest="${{ steps.build.outputs.digest }}" + if [ -z "$digest" ]; then + echo "No digest returned by build step" >&2 + exit 1 + fi + pinned=" image: ${{ steps.meta.outputs.image }}:${{ steps.meta.outputs.version }}@${digest}" + sed -i -E "s|^ image: .*|$pinned|" nx-webmail/docker-compose.yml + + - name: Commit digest pin + shell: bash + run: | + if git diff --quiet -- nx-webmail/docker-compose.yml; then + echo "No docker-compose digest changes to commit." + exit 0 + fi + git config user.name "gitea-actions[bot]" + git config user.email "gitea-actions@local" + git remote set-url origin "https://${{ secrets.GITEA_USERNAME }}:${{ secrets.GITEA_TOKEN }}@git.weektab.org/${{ gitea.repository }}.git" + git add nx-webmail/docker-compose.yml + git commit -m "nx-webmail: pin image digest [skip ci]" + git push origin HEAD:main diff --git a/nx-webmail/README.md b/nx-webmail/README.md index ac7a26a..3a60953 100644 --- a/nx-webmail/README.md +++ b/nx-webmail/README.md @@ -23,6 +23,8 @@ Umbrel installation is most reliable when your app uses a prebuilt image from a registry. 1. Recommended: use the GitHub Action `.github/workflows/publish-nx-webmail-image.yml`. + - For Gitea use `.gitea/workflows/publish-nx-webmail-image.yml`. + - Required Gitea secrets: `GHCR_USERNAME`, `GHCR_TOKEN`, `GITEA_USERNAME`, `GITEA_TOKEN`. 2. The workflow reads `version` from `nx-webmail/umbrel-app.yml` and publishes: - `ghcr.io/weektab/nx-webmail:` - `ghcr.io/weektab/nx-webmail:latest`