# Podman Build And Publish Action

Composite action that builds and pushes OCI images with Podman to `registry.noctrl.eu`.

## Inputs

- `image-name` (required): repository path, for example `noctrl/gitea-runner`
- `tags` (required): newline, comma, or space separated tags
- `context` (optional, default `.`): build context
- `containerfile` (optional, default `Containerfile`): containerfile path
- `build-args` (optional): newline-separated `KEY=VALUE`
- `registry-username` (required): registry login username
- `registry-password` (required): registry login password

## Caller Secrets

Define these secrets in the calling repository and pass them to the action inputs:
- `REGISTRY_USERNAME`: registry authentication username
- `REGISTRY_PASSWORD`: registry authentication password

The action uses fixed Podman defaults matching the runner workflows:
- root: `${RUNNER_TEMP}/podman-root`
- runroot: `${RUNNER_TEMP}/podman-runroot`
- storage driver: `vfs`
- build isolation: `chroot`
- registry: `registry.noctrl.eu` (hardcoded)

## Example

```yaml
jobs:
  build-and-push:
    runs-on: [linux, build]
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Build and push image
        uses: https://gitea.noctrl.eu/noctrl/actions/podman-build-publish@v1
        with:
          image-name: noctrl/gitea-runner
          tags: |
            latest
            sha-${{ github.sha }}
          context: .
          containerfile: Containerfile
          build-args: |
            ACT_RUNNER_VERSION=0.2.11
          registry-username: ${{ secrets.REGISTRY_USERNAME }}
          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
```

> **Note:** Composite actions should receive credentials through inputs. Keep secrets in the caller repo and pass them via `with:` as shown above.