pki-manager/.gitea/workflows/build.yml

name: Build
on: 
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]
  tag:
    - 'v*'

jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Important pour récupérer tout l'historique Git

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver-opts: |
            network=host            
          buildkitd-config-inline: |
            # La configuration BuildKit va ici
            debug = true
            [registry."harbor.bv.stef.lan"]
              http = false
              insecure = true
              [[registry."harbor.bv.stef.lan".tls]]
                ca = ["/etc/ssl/certs/zen-ca.pem"]
                cert = []
                key = []
                          

      - name: Log in to registry
        uses: docker/login-action@v3
        with:
          registry: harbor.bv.stef.lan
          username: ${{ secrets.HARBOR_USERNAME }}
          password: ${{ secrets.HARBOR_PASSWORD }} 

      - name: Extract metadata
        id: meta
        run: |
          # SHA court (7 caractères)
          SHORT_SHA="${GITHUB_SHA:0:7}"
          
          # Déterminer le tag selon le type d'événement
          if [[ "${{ github.event_name }}" == "tag" ]]; then
            # Pour un tag Git, utiliser le nom du tag
            TAG_NAME="${GITHUB_REF#refs/tags/}"
            echo "IMAGE_TAG=$TAG_NAME" >> $GITHUB_OUTPUT
          elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
            # Pour main, utiliser SHA + latest
            echo "IMAGE_TAG=$SHORT_SHA,latest" >> $GITHUB_OUTPUT
          else
            # Pour les autres branches, utiliser SHA + nom de branche
            BRANCH_NAME="${GITHUB_REF#refs/heads/}"
            BRANCH_SLUG=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]/-/g')
            echo "IMAGE_TAG=$SHORT_SHA-$BRANCH_SLUG" >> $GITHUB_OUTPUT
          fi
          
          echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_OUTPUT          

      - name: Build and push image
        uses: docker/build-push-action@v6
        with:
          context: . # UTILISE LE CONTEXTE LOCAL, PAS L'URL GIT
          push: ${{ github.event_name != 'pull_request' }}
          tags: harbor.bv.stef.lan/library/pki-manager:${{ fromJSON(steps.meta.outputs.IMAGE_TAG) }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          provenance: false # Peut simplifier le débogage initialement
          build-args: |
            BUILDKIT_CONTEXT_KEEP_GIT_DIR=1