name: Build and Push Container Image on: push: branches: - main tags: - "v*" jobs: build-and-push: runs-on: orchestration-platform container: image: docker:latest steps: - name: Install tools run: | apk add --no-cache git curl ca-certificates tar gzip case "$(uname -m)" in x86_64) CRANE_ARCH="x86_64" ;; aarch64) CRANE_ARCH="arm64" ;; *) echo "Unsupported architecture: $(uname -m)"; exit 1 ;; esac curl -fsSL \ "https://github.com/google/go-containerregistry/releases/download/v0.20.3/go-containerregistry_Linux_${CRANE_ARCH}.tar.gz" \ -o /tmp/go-containerregistry.tar.gz tar -xzf /tmp/go-containerregistry.tar.gz -C /usr/local/bin crane crane version - name: Checkout code run: | git clone --branch "${GITHUB_REF_NAME}" "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" . - name: Check Dockerfile run: | test -f Dockerfile || { echo "Dockerfile not found"; exit 1; } - name: Determine image metadata id: meta run: | if echo "${{ gitea.ref }}" | grep -q "refs/tags/"; then TAG=$(echo "${{ gitea.ref }}" | sed 's|refs/tags/||') else TAG="latest" fi echo "tag=${TAG}" >> "$GITHUB_OUTPUT" - name: Build image id: build run: | REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||') IMAGE="${REGISTRY_HOST}/${{ gitea.repository }}:${{ steps.meta.outputs.tag }}" docker build \ --label "org.opencontainers.image.source=${{ gitea.server_url }}/${{ gitea.repository }}" \ --label "org.opencontainers.image.revision=${{ gitea.sha }}" \ -t "${IMAGE}" \ . echo "registry_host=${REGISTRY_HOST}" >> "$GITHUB_OUTPUT" echo "image=${IMAGE}" >> "$GITHUB_OUTPUT" - name: Login to Gitea registry run: | REGISTRY_USERNAME="${{ secrets.REGISTRY_USERNAME }}" REGISTRY_TOKEN="${{ secrets.REGISTRY_TOKEN }}" if [ -z "${REGISTRY_TOKEN}" ]; then REGISTRY_TOKEN="${{ secrets.GITEA_TOKEN }}" fi if [ -z "${REGISTRY_TOKEN}" ]; then REGISTRY_TOKEN="${{ secrets.GITHUB_TOKEN }}" fi if [ -z "${REGISTRY_USERNAME}" ]; then REGISTRY_USERNAME="${{ gitea.actor }}" fi if [ -z "${REGISTRY_USERNAME}" ]; then echo "Registry username is missing. Set REGISTRY_USERNAME or run the workflow with a valid Gitea actor." exit 1 fi if [ -z "${REGISTRY_TOKEN}" ]; then echo "Registry token is missing. Set REGISTRY_TOKEN, GITEA_TOKEN, or enable the built-in GITHUB_TOKEN for this workflow." exit 1 fi echo "${REGISTRY_TOKEN}" | crane auth login --insecure \ "${{ steps.build.outputs.registry_host }}" \ --username "${REGISTRY_USERNAME}" \ --password-stdin - name: Preview image push run: | echo "TODO: Re-enable push after the Gitea registry /v2 ingress route is available." echo "This step is intentionally non-mutating for the current workflow test." echo "Future commands:" echo "docker save '${{ steps.build.outputs.image }}' -o image.tar" echo "crane push --insecure image.tar '${{ steps.build.outputs.image }}'" - name: Preview Helm deployment update run: | echo "TODO: Test Helm deployment update in a later phase after registry push is enabled." echo "This step is intentionally non-mutating for the current workflow test." echo "Future command:" echo "helm upgrade dagster/dagster-user-deployments --namespace --reuse-values --set-string deployments[0].image.tag=${{ steps.meta.outputs.tag }}"