From 6306c1aaeddfcee6a9a0f49cf01513ca5768eae0 Mon Sep 17 00:00:00 2001
From: stef <stef@infra.bv.stef.lan>
Date: Fri, 12 Dec 2025 15:58:59 +0100
Subject: [PATCH] Ajout Workflow

---
 .gitea/workflows/build.yml | 53 ++++++++++++++++++++++++--------------
 1 file changed, 34 insertions(+), 19 deletions(-)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 21df65f..95e7a4e 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -1,37 +1,52 @@
 name: Build
 on: [push]
+
 jobs:
   build-and-push-image:
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Important pour récupérer tout l'historique Git
+
+      - name: Install CA certificate in runner
+        run: |
+          # Copier le certificat depuis le volume monté vers un emplacement standard
+          sudo cp /certs/zen-ca.pem /usr/local/share/ca-certificates/zen-ca.crt
+          sudo update-ca-certificates
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: |
+            network=host
+          buildkitd-config-inline: |
+            # La configuration BuildKit va ici
+            debug = true
+            [registry."gitea.bv.stef.lan"]
+              http = false
+              insecure = false
+              [[registry."gitea.bv.stef.lan".tls]]
+                ca = ["/etc/ssl/certs/zen-ca.pem"]
+                cert = []
+                key = []
+
       - name: Log in to registry
         uses: docker/login-action@v3
         with:
-          registry: gitea.bv.stef.lan 
-          username: stef
-          password: stef
+          registry: gitea.bv.stef.lan
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
       - name: Build and push image
         uses: docker/build-push-action@v6
         with:
-          contex: .
+          context: . # UTILISE LE CONTEXTE LOCAL, PAS L'URL GIT
           push: true
-          tags: gitea.bv.stef.lan/stef/pki-manager:${{ github.sha }}
-          builder: ${{ steps.buildx.outputs.name }}
+          tags: gitea.bv.stef.lan/stef/pki-manager:v01
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          provenance: false # Peut simplifier le débogage initialement
           build-args: |
             BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
-          # Configuration des registries avec certificat CA
-          config-inline: |
-            debug = true
-            [registry."gitea.bv.stef.lan"]
-              mirrors = ["gitea.bv.stef.lan"]
-              insecure = false
-              [[registry."gitea.bv.stef.lan".tls]]
-                ca = ["/usr/local/share/ca-certificates/custom-ca/zen-ca.crt"]
-            [registry."https://gitea.bv.stef.lan"]
-              mirrors = ["gitea.bv.stef.lan"]
-              insecure = false
-              [[registry."https://gitea.bv.stef.lan".tls]]
-                ca = [""/usr/local/share/ca-certificates/custom-ca/zen-ca.crt]