public/actions
Public Access
1
0
Fork 0
Code Pull Requests Actions Activity

Compare commits

base: public/actions:v1
Branches Tags
public/actions:main
public/actions:v8 public/actions:v7 public/actions:v6 public/actions:v5 public/actions:v4 public/actions:v3 public/actions:v2 public/actions:v1
...
compare: public/actions:v5
Branches Tags
public/actions:main
public/actions:v8 public/actions:v7 public/actions:v6 public/actions:v5 public/actions:v4 public/actions:v3 public/actions:v2 public/actions:v1

5 Commits
v1 ... v5

Author SHA1 Message Date
peet 316a41d231 podman manifest action 2026-05-26 19:25:25 +02:00
peet b0ceee7e9b push is optional now 2026-05-26 19:16:43 +02:00
peet 5ff1f840dc fix github_env 2026-04-24 21:59:31 +02:00
peet 512d32e285 fix podman root 2026-04-24 21:55:34 +02:00
peet 201c1568df fix registry authentication 2026-04-24 21:51:09 +02:00
4 changed files with 145 additions and 103 deletions
Expand all files Collapse all files
README.md
+20
View File
@@ -22,6 +22,26 @@ Builds and optionally pushes OCI container images to `registry.noctrl.eu` using
See [podman-build-publish README](./podman-build-publish/README.md) for full documentation. See [podman-build-publish README](./podman-build-publish/README.md) for full documentation.
### Podman Manifest Publish
Creates and pushes OCI multi-arch manifest tags to `registry.noctrl.eu` using
Podman with isolated storage context.
**Location:** [`./podman-manifest-publish`](./podman-manifest-publish)
**Use in workflows:**
```yaml
- uses: https://gitea.noctrl.eu/noctrl/actions/podman-manifest-publish@v1
with:
image-name: noctrl/myapp
manifest-tag: v1.2.3
source-tags: |
v1.2.3-tmp-123-amd64
v1.2.3-tmp-123-arm64
```
See [podman-manifest-publish README](./podman-manifest-publish/README.md) for full documentation.
## Usage ## Usage
Reference actions by absolute URL in your workflow: Reference actions by absolute URL in your workflow:
podman-build-publish/README.md
-51
View File
@@ -1,51 +0,0 @@
# Podman Build And Publish Action
Composite action that builds and optionally pushes OCI images with Podman to `registry.noctrl.eu`.
## Inputs
- `image-name` (required): repository path, for example `noctrl/gitea-runner`
- `tags` (required): newline, comma, or space separated tags
- `context` (optional, default `.`): build context
- `containerfile` (optional, default `Containerfile`): containerfile path
- `build-args` (optional): newline-separated `KEY=VALUE`
- `push` (optional, default `true`): whether to push image tags
## Required Secrets
The following repository secrets must be defined to push images:
- `REGISTRY_USERNAME`: registry authentication username
- `REGISTRY_PASSWORD`: registry authentication password
The action uses fixed Podman defaults matching the runner workflows:
- root: `${RUNNER_TEMP}/podman-root`
- runroot: `${RUNNER_TEMP}/podman-runroot`
- storage driver: `vfs`
- build isolation: `chroot`
- registry: `registry.noctrl.eu` (hardcoded)
## Example
```yaml
jobs:
build-and-push:
runs-on: [linux, build]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build and push image
uses: https://gitea.noctrl.eu/noctrl/actions/podman-build-publish@v1
with:
image-name: noctrl/gitea-runner
tags: |
latest
sha-${{ github.sha }}
context: .
containerfile: Containerfile
build-args: |
ACT_RUNNER_VERSION=0.2.11
push: "true"
```
> **Note:** The action accesses `${{ secrets.REGISTRY_USERNAME }}` and `${{ secrets.REGISTRY_PASSWORD }}` from the calling repository's secrets context. These must be defined in the caller's repository settings.
podman-build-publish/action.yaml
+38 -52
View File
@@ -10,6 +10,12 @@ inputs:
Tags to apply and push. Supports newline, comma, or space separated values. Tags to apply and push. Supports newline, comma, or space separated values.
Example: "latest\nsha-abc123" Example: "latest\nsha-abc123"
required: true required: true
registry-username:
description: Registry username for login.
required: true
registry-password:
description: Registry password for login.
required: true
context: context:
description: Build context path. description: Build context path.
required: false required: false
@@ -25,7 +31,9 @@ inputs:
required: false required: false
default: "" default: ""
push: push:
description: Push image tags after build. description: |
Whether to push tags to the registry after build.
Set to "false" for build-only verification workflows.
required: false required: false
default: "true" default: "true"
@@ -37,51 +45,30 @@ runs:
run: | run: |
set -euo pipefail set -euo pipefail
# Keep Podman defaults aligned with runner build workflows. rm -rf "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot"
podman_root="${RUNNER_TEMP}/podman-root" mkdir -p "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot"
podman_runroot="${RUNNER_TEMP}/podman-runroot"
storage_driver="vfs"
build_isolation="chroot"
rm -rf "${podman_root}" "${podman_runroot}" # Validate tags early so failures are caught before build starts
mkdir -p "${podman_root}" "${podman_runroot}"
# Export for use in subsequent steps
{
echo "PODMAN_ROOT=${podman_root}"
echo "PODMAN_RUNROOT=${podman_runroot}"
echo "STORAGE_DRIVER=${storage_driver}"
echo "BUILD_ISOLATION=${build_isolation}"
echo "IMAGE_BASE=registry.noctrl.eu/${{ inputs.image-name }}"
} >> "${GITHUB_ENV}"
# Parse and validate tags
mapfile -t tags < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d') mapfile -t tags < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d')
if [[ ${#tags[@]} -eq 0 ]]; then if [[ ${#tags[@]} -eq 0 ]]; then
echo "ERROR: no tags resolved from inputs.tags" >&2 echo "ERROR: no tags resolved from inputs.tags" >&2
exit 1 exit 1
fi fi
# Export tags as newline-separated string for subsequent steps
(IFS=$'\n'; echo "IMAGE_TAGS=${tags[*]}") >> "${GITHUB_ENV}"
- id: login - id: login
if: ${{ inputs.push != 'false' }}
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
if [[ -n "${{ secrets.REGISTRY_USERNAME }}" && -n "${{ secrets.REGISTRY_PASSWORD }}" ]]; then podman_args=(
podman_args=( --root "${RUNNER_TEMP}/podman-root"
--root "${PODMAN_ROOT}" --runroot "${RUNNER_TEMP}/podman-runroot"
--runroot "${PODMAN_RUNROOT}" --storage-driver vfs
--storage-driver "${STORAGE_DRIVER}" )
)
echo "Logging in to registry: registry.noctrl.eu" echo "Logging in to registry: registry.noctrl.eu"
echo "${{ secrets.REGISTRY_PASSWORD }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin
else
echo "Registry credentials not available (REGISTRY_USERNAME and REGISTRY_PASSWORD secrets required for push)"
fi
- id: build - id: build
shell: bash shell: bash
@@ -89,12 +76,13 @@ runs:
set -euo pipefail set -euo pipefail
podman_args=( podman_args=(
--root "${PODMAN_ROOT}" --root "${RUNNER_TEMP}/podman-root"
--runroot "${PODMAN_RUNROOT}" --runroot "${RUNNER_TEMP}/podman-runroot"
--storage-driver "${STORAGE_DRIVER}" --storage-driver vfs
) )
build_cmd=(podman "${podman_args[@]}" build --isolation "${BUILD_ISOLATION}" -f "${{ inputs.containerfile }}") image_base="registry.noctrl.eu/${{ inputs.image-name }}"
build_cmd=(podman "${podman_args[@]}" build --isolation chroot -f "${{ inputs.containerfile }}")
# Add build args # Add build args
while IFS= read -r build_arg; do while IFS= read -r build_arg; do
@@ -106,32 +94,30 @@ runs:
echo "Building image with tags:" echo "Building image with tags:"
while IFS= read -r tag; do while IFS= read -r tag; do
[[ -z "${tag}" ]] && continue [[ -z "${tag}" ]] && continue
echo " ${IMAGE_BASE}:${tag}" echo " ${image_base}:${tag}"
build_cmd+=(-t "${IMAGE_BASE}:${tag}") build_cmd+=(-t "${image_base}:${tag}")
done <<< "${IMAGE_TAGS}" done < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d')
build_cmd+=("${{ inputs.context }}") build_cmd+=("${{ inputs.context }}")
"${build_cmd[@]}" "${build_cmd[@]}"
- id: push - if: ${{ inputs.push != 'false' }}
id: push
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
if [[ "${{ inputs.push }}" != "true" ]]; then
echo "Push disabled by input push=${{ inputs.push }}"
exit 0
fi
podman_args=( podman_args=(
--root "${PODMAN_ROOT}" --root "${RUNNER_TEMP}/podman-root"
--runroot "${PODMAN_RUNROOT}" --runroot "${RUNNER_TEMP}/podman-runroot"
--storage-driver "${STORAGE_DRIVER}" --storage-driver vfs
) )
image_base="registry.noctrl.eu/${{ inputs.image-name }}"
echo "Pushing image tags:" echo "Pushing image tags:"
while IFS= read -r tag; do while IFS= read -r tag; do
[[ -z "${tag}" ]] && continue [[ -z "${tag}" ]] && continue
echo " ${IMAGE_BASE}:${tag}" echo " ${image_base}:${tag}"
podman "${podman_args[@]}" push "${IMAGE_BASE}:${tag}" podman "${podman_args[@]}" push "${image_base}:${tag}"
done <<< "${IMAGE_TAGS}" done < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d')
podman-manifest-publish/action.yaml
+87
View File
@@ -0,0 +1,87 @@
name: Podman Manifest Publish
description: Create and push OCI multi-arch manifests with Podman to registry.noctrl.eu.
inputs:
image-name:
description: Repository/image name path, for example noctrl/gitea-runner
required: true
manifest-tag:
description: Final manifest tag to publish, for example v1.2.3
required: true
source-tags:
description: |
Source image tags to include in the manifest.
Supports newline, comma, or space separated values.
Example: "v1.2.3-tmp-123-amd64\nv1.2.3-tmp-123-arm64"
required: true
registry-username:
description: Registry username for login.
required: true
registry-password:
description: Registry password for login.
required: true
runs:
using: composite
steps:
- id: initialize
shell: bash
run: |
set -euo pipefail
rm -rf "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot"
mkdir -p "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot"
mapfile -t source_tags < <(printf '%s\n' "${{ inputs.source-tags }}" | tr ', ' '\n\n' | sed '/^$/d')
if [[ ${#source_tags[@]} -eq 0 ]]; then
echo "ERROR: no tags resolved from inputs.source-tags" >&2
exit 1
fi
- id: login
shell: bash
run: |
set -euo pipefail
podman_args=(
--root "${RUNNER_TEMP}/podman-root"
--runroot "${RUNNER_TEMP}/podman-runroot"
--storage-driver vfs
)
echo "Logging in to registry: registry.noctrl.eu"
echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin
- id: publish-manifest
shell: bash
run: |
set -euo pipefail
podman_args=(
--root "${RUNNER_TEMP}/podman-root"
--runroot "${RUNNER_TEMP}/podman-runroot"
--storage-driver vfs
)
image_base="registry.noctrl.eu/${{ inputs.image-name }}"
target_ref="docker://${image_base}:${{ inputs.manifest-tag }}"
manifest_name="manifest-${{ github.run_id }}-${{ github.job }}"
cleanup() {
podman "${podman_args[@]}" manifest rm "${manifest_name}" >/dev/null 2>&1 || true
}
trap cleanup EXIT
echo "Creating manifest ${target_ref} from tags:"
podman "${podman_args[@]}" manifest create "${manifest_name}"
while IFS= read -r tag; do
[[ -z "${tag}" ]] && continue
source_ref="docker://${image_base}:${tag}"
echo " ${source_ref}"
podman "${podman_args[@]}" manifest add "${manifest_name}" "${source_ref}"
done < <(printf '%s\n' "${{ inputs.source-tags }}" | tr ', ' '\n\n' | sed '/^$/d')
podman "${podman_args[@]}" manifest push --all "${manifest_name}" "${target_ref}"
podman "${podman_args[@]}" manifest rm "${manifest_name}"
trap - EXIT