From c84ce5265f143a8887d8f2185aacb29d12dc145d Mon Sep 17 00:00:00 2001 From: Snider Date: Sat, 21 Feb 2026 21:04:44 +0000 Subject: [PATCH] refactor(ci): use reusable docker-publish workflow, switch to Docker Hub Replace inline docker build/push jobs with shared workflow from go-devops. Add proper multi-stage Dockerfile.core (was inline heredoc). Switch registry from dappco.re/osi to docker.io/lthn/. Requires org secrets: REGISTRY_USER, REGISTRY_TOKEN Co-Authored-By: Virgil --- .forgejo/workflows/deploy.yml | 108 +++++++--------------------------- docker/Dockerfile.core | 21 +++++++ 2 files changed, 41 insertions(+), 88 deletions(-) create mode 100644 docker/Dockerfile.core diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml index b82dc6b0..3efb3060 100644 --- a/.forgejo/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -1,12 +1,5 @@ # Host UK Production Deployment Pipeline -# Runs on Forgejo Actions (gitea.snider.dev) -# Runner: build.de.host.uk.com -# -# Workflow: -# 1. composer install + test -# 2. npm ci + build -# 3. docker build + push -# 4. Coolify deploy webhook (rolling restart) +# Builds 3 Docker images via reusable workflow, then triggers Coolify deploy. name: Deploy @@ -15,12 +8,6 @@ on: branches: [main] workflow_dispatch: -env: - REGISTRY: dappco.re/osi - IMAGE_APP: host-uk/app - IMAGE_WEB: host-uk/web - IMAGE_CORE: host-uk/core - jobs: test: name: Test @@ -47,87 +34,32 @@ jobs: build-app: name: Build App Image needs: test - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: "22" - cache: "npm" - - - name: Login to registry - run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - - - name: Build and push app image - run: | - SHA=$(git rev-parse --short HEAD) - docker build \ - -f docker/Dockerfile.app \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_APP }}:${SHA} \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_APP }}:latest \ - . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_APP }}:${SHA} - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_APP }}:latest + uses: core/go-devops/.forgejo/workflows/docker-publish.yml@main + with: + image: lthn/app + dockerfile: docker/Dockerfile.app + registry: docker.io + secrets: inherit build-web: name: Build Web Image needs: test - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Login to registry - run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - - - name: Build and push web image - run: | - SHA=$(git rev-parse --short HEAD) - docker build \ - -f docker/Dockerfile.web \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_WEB }}:${SHA} \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_WEB }}:latest \ - . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_WEB }}:${SHA} - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_WEB }}:latest + uses: core/go-devops/.forgejo/workflows/docker-publish.yml@main + with: + image: lthn/web + dockerfile: docker/Dockerfile.web + registry: docker.io + secrets: inherit build-core: name: Build Core Image - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: "1.26" - - - name: Build core binary - run: | - go build -ldflags '-s -w' -o bin/core . - - - name: Login to registry - run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - - - name: Build and push core image - run: | - SHA=$(git rev-parse --short HEAD) - cat > Dockerfile.core <<'EOF' - FROM alpine:3.20 - RUN apk add --no-cache ca-certificates - COPY bin/core /usr/local/bin/core - RUN adduser -D -h /home/core core - USER core - ENTRYPOINT ["core"] - EOF - docker build \ - -f Dockerfile.core \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_CORE }}:${SHA} \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_CORE }}:latest \ - . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_CORE }}:${SHA} - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_CORE }}:latest + needs: test + uses: core/go-devops/.forgejo/workflows/docker-publish.yml@main + with: + image: lthn/core + dockerfile: docker/Dockerfile.core + registry: docker.io + secrets: inherit deploy: name: Deploy to Production diff --git a/docker/Dockerfile.core b/docker/Dockerfile.core new file mode 100644 index 00000000..542b0d93 --- /dev/null +++ b/docker/Dockerfile.core @@ -0,0 +1,21 @@ +# Host UK — Core CLI Container +# Multi-stage build: Go binary in distroless-style Alpine +# +# Build: docker build -f docker/Dockerfile.core -t lthn/core:latest . + +FROM golang:1.26-alpine AS build + +RUN apk add --no-cache git ca-certificates + +WORKDIR /src +COPY go.mod go.sum ./ +RUN go mod download +COPY . . +RUN go build -trimpath -ldflags '-s -w' -o /core . + +FROM alpine:3.21 +RUN apk add --no-cache ca-certificates +COPY --from=build /core /usr/local/bin/core +RUN adduser -D -h /home/core core +USER core +ENTRYPOINT ["core"]