76 lines
2.5 KiB
YAML
76 lines
2.5 KiB
YAML
name: Build
|
|
on: [push]
|
|
branches: [main, develop]
|
|
pull_request:
|
|
branches: [main]
|
|
tag:
|
|
- 'v*'
|
|
|
|
jobs:
|
|
build-and-push-image:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # Important pour récupérer tout l'historique Git
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
driver-opts: |
|
|
network=host
|
|
buildkitd-config-inline: |
|
|
# La configuration BuildKit va ici
|
|
debug = true
|
|
[registry."harbor.bv.stef.lan"]
|
|
http = false
|
|
insecure = true
|
|
[[registry."harbor.bv.stef.lan".tls]]
|
|
ca = ["/etc/ssl/certs/zen-ca.pem"]
|
|
cert = []
|
|
key = []
|
|
|
|
|
|
- name: Log in to registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: harbor.bv.stef.lan
|
|
username: ${{ secrets.HARBOR_USERNAME }}
|
|
password: ${{ secrets.HARBOR_PASSWORD }}
|
|
- name: Extract metadata
|
|
id: meta
|
|
run: |
|
|
# SHA court (7 caractères)
|
|
SHORT_SHA="${GITHUB_SHA:0:7}"
|
|
|
|
# Déterminer le tag selon le type d'événement
|
|
if [[ "${{ github.event_name }}" == "tag" ]]; then
|
|
# Pour un tag Git, utiliser le nom du tag
|
|
TAG_NAME="${GITHUB_REF#refs/tags/}"
|
|
echo "IMAGE_TAG=$TAG_NAME" >> $GITHUB_OUTPUT
|
|
elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
|
|
# Pour main, utiliser SHA + latest
|
|
echo "IMAGE_TAG=$SHORT_SHA,latest" >> $GITHUB_OUTPUT
|
|
else
|
|
# Pour les autres branches, utiliser SHA + nom de branche
|
|
BRANCH_NAME="${GITHUB_REF#refs/heads/}"
|
|
BRANCH_SLUG=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]/-/g')
|
|
echo "IMAGE_TAG=$SHORT_SHA-$BRANCH_SLUG" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build and push image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: . # UTILISE LE CONTEXTE LOCAL, PAS L'URL GIT
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: |
|
|
harbor.bv.stef.lan/library/pki-manager:${{ fromJSON(steps.meta.outputs.IMAGE_TAG) }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
provenance: false # Peut simplifier le débogage initialement
|
|
build-args: |
|
|
BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
|