name: Podman Manifest Publish description: Create and push OCI multi-arch manifests with Podman to registry.noctrl.eu. inputs: image-name: description: Repository/image name path, for example noctrl/gitea-runner required: true manifest-tag: description: Final manifest tag to publish, for example v1.2.3 required: true source-tags: description: | Source image tags to include in the manifest. Supports newline, comma, or space separated values. Example: "v1.2.3-tmp-123-amd64\nv1.2.3-tmp-123-arm64" required: true registry-username: description: Registry username for login. required: true registry-password: description: Registry password for login. required: true runs: using: composite steps: - id: initialize shell: bash run: | set -euo pipefail rm -rf "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot" mkdir -p "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot" podman_base_args=( --root "${RUNNER_TEMP}/podman-root" --runroot "${RUNNER_TEMP}/podman-runroot" ) selected_driver="vfs" selected_storage_opt="" # Prefer overlay with fuse-overlayfs when available and functional. if [[ -c /dev/fuse ]] && command -v fuse-overlayfs >/dev/null 2>&1; then fuse_path="$(command -v fuse-overlayfs)" candidate_storage_opt="overlay.mount_program=${fuse_path}" if podman "${podman_base_args[@]}" --storage-driver overlay --storage-opt "${candidate_storage_opt}" info >/dev/null 2>&1; then selected_driver="overlay" selected_storage_opt="${candidate_storage_opt}" echo "Using overlay storage driver with fuse-overlayfs (${fuse_path})." else echo "overlay+fuse-overlayfs probe failed; falling back to vfs." fi else echo "overlay+fuse prerequisites missing; using vfs." fi echo "PODMAN_STORAGE_DRIVER=${selected_driver}" >> "${GITHUB_ENV}" echo "PODMAN_STORAGE_OPT=${selected_storage_opt}" >> "${GITHUB_ENV}" mapfile -t source_tags < <(printf '%s\n' "${{ inputs.source-tags }}" | tr ', ' '\n\n' | sed '/^$/d') if [[ ${#source_tags[@]} -eq 0 ]]; then echo "ERROR: no tags resolved from inputs.source-tags" >&2 exit 1 fi - id: login shell: bash run: | set -euo pipefail : "${PODMAN_STORAGE_DRIVER:=vfs}" : "${PODMAN_STORAGE_OPT:=}" podman_args=( --root "${RUNNER_TEMP}/podman-root" --runroot "${RUNNER_TEMP}/podman-runroot" --storage-driver "${PODMAN_STORAGE_DRIVER}" ) if [[ -n "${PODMAN_STORAGE_OPT}" ]]; then podman_args+=(--storage-opt "${PODMAN_STORAGE_OPT}") fi echo "Logging in to registry: registry.noctrl.eu" echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin - id: publish-manifest shell: bash run: | set -euo pipefail : "${PODMAN_STORAGE_DRIVER:=vfs}" : "${PODMAN_STORAGE_OPT:=}" podman_args=( --root "${RUNNER_TEMP}/podman-root" --runroot "${RUNNER_TEMP}/podman-runroot" --storage-driver "${PODMAN_STORAGE_DRIVER}" ) if [[ -n "${PODMAN_STORAGE_OPT}" ]]; then podman_args+=(--storage-opt "${PODMAN_STORAGE_OPT}") fi image_base="registry.noctrl.eu/${{ inputs.image-name }}" target_ref="docker://${image_base}:${{ inputs.manifest-tag }}" manifest_name="manifest-${{ github.run_id }}-${{ github.job }}" cleanup() { podman "${podman_args[@]}" manifest rm "${manifest_name}" >/dev/null 2>&1 || true } trap cleanup EXIT echo "Creating manifest ${target_ref} from tags:" podman "${podman_args[@]}" manifest create "${manifest_name}" while IFS= read -r tag; do [[ -z "${tag}" ]] && continue source_ref="docker://${image_base}:${tag}" echo " ${source_ref}" podman "${podman_args[@]}" manifest add "${manifest_name}" "${source_ref}" done < <(printf '%s\n' "${{ inputs.source-tags }}" | tr ', ' '\n\n' | sed '/^$/d') podman "${podman_args[@]}" manifest push --all "${manifest_name}" "${target_ref}" podman "${podman_args[@]}" manifest rm "${manifest_name}" trap - EXIT