# Podman Build And Publish Action

Composite action that builds and optionally pushes OCI images with Podman to `registry.noctrl.eu`.

## Inputs

- `image-name` (required): repository path, for example `noctrl/gitea-runner`
- `tags` (required): newline, comma, or space separated tags
- `context` (optional, default `.`): build context
- `containerfile` (optional, default `Containerfile`): containerfile path
- `build-args` (optional): newline-separated `KEY=VALUE`
- `push` (optional, default `true`): whether to push image tags

## Required Secrets

The following repository secrets must be defined to push images:
- `REGISTRY_USERNAME`: registry authentication username
- `REGISTRY_PASSWORD`: registry authentication password

The action uses fixed Podman defaults matching the runner workflows:
- root: `${RUNNER_TEMP}/podman-root`
- runroot: `${RUNNER_TEMP}/podman-runroot`
- storage driver: `vfs`
- build isolation: `chroot`
- registry: `registry.noctrl.eu` (hardcoded)

## Example

```yaml
jobs:
  build-and-push:
    runs-on: [linux, build]
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Build and push image
        uses: https://gitea.noctrl.eu/noctrl/actions/podman-build-publish@v1
        with:
          image-name: noctrl/gitea-runner
          tags: |
            latest
            sha-${{ github.sha }}
          context: .
          containerfile: Containerfile
          build-args: |
            ACT_RUNNER_VERSION=0.2.11
          push: "true"
```

> **Note:** The action accesses `${{ secrets.REGISTRY_USERNAME }}` and `${{ secrets.REGISTRY_PASSWORD }}` from the calling repository's secrets context. These must be defined in the caller's repository settings.