public/actions
Public Access
1
0
Fork 0
Code Pull Requests Actions Activity

Compare commits

base: public/actions:v1
Branches Tags
public/actions:main
public/actions:v8 public/actions:v7 public/actions:v6 public/actions:v5 public/actions:v4 public/actions:v3 public/actions:v2 public/actions:v1
..
compare: public/actions:v4
Branches Tags
public/actions:main
public/actions:v8 public/actions:v7 public/actions:v6 public/actions:v5 public/actions:v4 public/actions:v3 public/actions:v2 public/actions:v1

3 Commits
v1 .. v4

Author SHA1 Message Date
peet 5ff1f840dc fix github_env 2026-04-24 21:59:31 +02:00
peet 512d32e285 fix podman root 2026-04-24 21:55:34 +02:00
peet 201c1568df fix registry authentication 2026-04-24 21:51:09 +02:00
2 changed files with 40 additions and 60 deletions
Expand all files Collapse all files
podman-build-publish/README.md
+8 -6
View File
@@ -1,6 +1,6 @@
# Podman Build And Publish Action # Podman Build And Publish Action
Composite action that builds and optionally pushes OCI images with Podman to `registry.noctrl.eu`. Composite action that builds and pushes OCI images with Podman to `registry.noctrl.eu`.
## Inputs ## Inputs
@@ -9,11 +9,12 @@ Composite action that builds and optionally pushes OCI images with Podman to `re
- `context` (optional, default `.`): build context - `context` (optional, default `.`): build context
- `containerfile` (optional, default `Containerfile`): containerfile path - `containerfile` (optional, default `Containerfile`): containerfile path
- `build-args` (optional): newline-separated `KEY=VALUE` - `build-args` (optional): newline-separated `KEY=VALUE`
- `push` (optional, default `true`): whether to push image tags - `registry-username` (required): registry login username
- `registry-password` (required): registry login password
## Required Secrets ## Caller Secrets
The following repository secrets must be defined to push images: Define these secrets in the calling repository and pass them to the action inputs:
- `REGISTRY_USERNAME`: registry authentication username - `REGISTRY_USERNAME`: registry authentication username
- `REGISTRY_PASSWORD`: registry authentication password - `REGISTRY_PASSWORD`: registry authentication password
@@ -45,7 +46,8 @@ jobs:
containerfile: Containerfile containerfile: Containerfile
build-args: | build-args: |
ACT_RUNNER_VERSION=0.2.11 ACT_RUNNER_VERSION=0.2.11
push: "true" registry-username: ${{ secrets.REGISTRY_USERNAME }}
registry-password: ${{ secrets.REGISTRY_PASSWORD }}
``` ```
> **Note:** The action accesses `${{ secrets.REGISTRY_USERNAME }}` and `${{ secrets.REGISTRY_PASSWORD }}` from the calling repository's secrets context. These must be defined in the caller's repository settings. > **Note:** Composite actions should receive credentials through inputs. Keep secrets in the caller repo and pass them via `with:` as shown above.
podman-build-publish/action.yaml
+32 -54
View File
@@ -10,6 +10,12 @@ inputs:
Tags to apply and push. Supports newline, comma, or space separated values. Tags to apply and push. Supports newline, comma, or space separated values.
Example: "latest\nsha-abc123" Example: "latest\nsha-abc123"
required: true required: true
registry-username:
description: Registry username for login.
required: true
registry-password:
description: Registry password for login.
required: true
context: context:
description: Build context path. description: Build context path.
required: false required: false
@@ -24,10 +30,6 @@ inputs:
Example: "ACT_RUNNER_VERSION=0.2.11" Example: "ACT_RUNNER_VERSION=0.2.11"
required: false required: false
default: "" default: ""
push:
description: Push image tags after build.
required: false
default: "true"
runs: runs:
using: composite using: composite
@@ -37,51 +39,29 @@ runs:
run: | run: |
set -euo pipefail set -euo pipefail
# Keep Podman defaults aligned with runner build workflows. rm -rf "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot"
podman_root="${RUNNER_TEMP}/podman-root" mkdir -p "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot"
podman_runroot="${RUNNER_TEMP}/podman-runroot"
storage_driver="vfs"
build_isolation="chroot"
rm -rf "${podman_root}" "${podman_runroot}" # Validate tags early so failures are caught before build starts
mkdir -p "${podman_root}" "${podman_runroot}"
# Export for use in subsequent steps
{
echo "PODMAN_ROOT=${podman_root}"
echo "PODMAN_RUNROOT=${podman_runroot}"
echo "STORAGE_DRIVER=${storage_driver}"
echo "BUILD_ISOLATION=${build_isolation}"
echo "IMAGE_BASE=registry.noctrl.eu/${{ inputs.image-name }}"
} >> "${GITHUB_ENV}"
# Parse and validate tags
mapfile -t tags < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d') mapfile -t tags < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d')
if [[ ${#tags[@]} -eq 0 ]]; then if [[ ${#tags[@]} -eq 0 ]]; then
echo "ERROR: no tags resolved from inputs.tags" >&2 echo "ERROR: no tags resolved from inputs.tags" >&2
exit 1 exit 1
fi fi
# Export tags as newline-separated string for subsequent steps
(IFS=$'\n'; echo "IMAGE_TAGS=${tags[*]}") >> "${GITHUB_ENV}"
- id: login - id: login
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
if [[ -n "${{ secrets.REGISTRY_USERNAME }}" && -n "${{ secrets.REGISTRY_PASSWORD }}" ]]; then podman_args=(
podman_args=( --root "${RUNNER_TEMP}/podman-root"
--root "${PODMAN_ROOT}" --runroot "${RUNNER_TEMP}/podman-runroot"
--runroot "${PODMAN_RUNROOT}" --storage-driver vfs
--storage-driver "${STORAGE_DRIVER}" )
)
echo "Logging in to registry: registry.noctrl.eu" echo "Logging in to registry: registry.noctrl.eu"
echo "${{ secrets.REGISTRY_PASSWORD }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin
else
echo "Registry credentials not available (REGISTRY_USERNAME and REGISTRY_PASSWORD secrets required for push)"
fi
- id: build - id: build
shell: bash shell: bash
@@ -89,12 +69,13 @@ runs:
set -euo pipefail set -euo pipefail
podman_args=( podman_args=(
--root "${PODMAN_ROOT}" --root "${RUNNER_TEMP}/podman-root"
--runroot "${PODMAN_RUNROOT}" --runroot "${RUNNER_TEMP}/podman-runroot"
--storage-driver "${STORAGE_DRIVER}" --storage-driver vfs
) )
build_cmd=(podman "${podman_args[@]}" build --isolation "${BUILD_ISOLATION}" -f "${{ inputs.containerfile }}") image_base="registry.noctrl.eu/${{ inputs.image-name }}"
build_cmd=(podman "${podman_args[@]}" build --isolation chroot -f "${{ inputs.containerfile }}")
# Add build args # Add build args
while IFS= read -r build_arg; do while IFS= read -r build_arg; do
@@ -106,9 +87,9 @@ runs:
echo "Building image with tags:" echo "Building image with tags:"
while IFS= read -r tag; do while IFS= read -r tag; do
[[ -z "${tag}" ]] && continue [[ -z "${tag}" ]] && continue
echo " ${IMAGE_BASE}:${tag}" echo " ${image_base}:${tag}"
build_cmd+=(-t "${IMAGE_BASE}:${tag}") build_cmd+=(-t "${image_base}:${tag}")
done <<< "${IMAGE_TAGS}" done < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d')
build_cmd+=("${{ inputs.context }}") build_cmd+=("${{ inputs.context }}")
"${build_cmd[@]}" "${build_cmd[@]}"
@@ -118,20 +99,17 @@ runs:
run: | run: |
set -euo pipefail set -euo pipefail
if [[ "${{ inputs.push }}" != "true" ]]; then
echo "Push disabled by input push=${{ inputs.push }}"
exit 0
fi
podman_args=( podman_args=(
--root "${PODMAN_ROOT}" --root "${RUNNER_TEMP}/podman-root"
--runroot "${PODMAN_RUNROOT}" --runroot "${RUNNER_TEMP}/podman-runroot"
--storage-driver "${STORAGE_DRIVER}" --storage-driver vfs
) )
image_base="registry.noctrl.eu/${{ inputs.image-name }}"
echo "Pushing image tags:" echo "Pushing image tags:"
while IFS= read -r tag; do while IFS= read -r tag; do
[[ -z "${tag}" ]] && continue [[ -z "${tag}" ]] && continue
echo " ${IMAGE_BASE}:${tag}" echo " ${image_base}:${tag}"
podman "${podman_args[@]}" push "${IMAGE_BASE}:${tag}" podman "${podman_args[@]}" push "${image_base}:${tag}"
done <<< "${IMAGE_TAGS}" done < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d')