name: Build on: push: branches: [main, develop] pull_request: branches: [main] tag: - 'v*' jobs: build-and-push-image: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 # Important pour récupérer tout l'historique Git - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: driver-opts: | network=host buildkitd-config-inline: | # La configuration BuildKit va ici debug = true [registry."harbor.bv.stef.lan"] http = false insecure = true [[registry."harbor.bv.stef.lan".tls]] ca = ["/etc/ssl/certs/zen-ca.pem"] cert = [] key = [] - name: Log in to registry uses: docker/login-action@v3 with: registry: harbor.bv.stef.lan username: ${{ secrets.HARBOR_USERNAME }} password: ${{ secrets.HARBOR_PASSWORD }} - name: Extract metadata id: meta run: | # SHA court (7 caractères) SHORT_SHA="${GITHUB_SHA:0:7}" # Déterminer le tag selon le type d'événement if [[ "${{ github.event_name }}" == "tag" ]]; then # Pour un tag Git, utiliser le nom du tag TAG_NAME="${GITHUB_REF#refs/tags/}" echo "IMAGE_TAG=$TAG_NAME" >> $GITHUB_OUTPUT elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then # Pour main, utiliser SHA + latest echo "IMAGE_TAG=$SHORT_SHA,latest" >> $GITHUB_OUTPUT else # Pour les autres branches, utiliser SHA + nom de branche BRANCH_NAME="${GITHUB_REF#refs/heads/}" BRANCH_SLUG=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]/-/g') echo "IMAGE_TAG=$SHORT_SHA-$BRANCH_SLUG" >> $GITHUB_OUTPUT fi echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_OUTPUT - name: Build and push image uses: docker/build-push-action@v6 with: context: . # UTILISE LE CONTEXTE LOCAL, PAS L'URL GIT push: ${{ github.event_name != 'pull_request' }} tags: harbor.bv.stef.lan/library/pki-manager:${{ fromJSON(steps.meta.outputs.IMAGE_TAG) }} cache-from: type=gha cache-to: type=gha,mode=max provenance: false # Peut simplifier le débogage initialement build-args: | BUILDKIT_CONTEXT_KEEP_GIT_DIR=1