ci: GHA→ghcr builds for chrome-service-novnc, android-emulator, infra CLI (ADR-0002 #29/#30)
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Infra-owned rare-build images move off Woodpecker/manual to GHA (build from the github checkout — Dockerfiles verified identical on both remotes). chrome-service-novnc + android-emulator → public ghcr (dispatch+path). CLI → DockerHub (kept) + ghcr; Woodpecker build-cli.yml removed. infra-ci handled separately (bootstrap-critical). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
f61d707d75
commit
1621f0b204
4 changed files with 113 additions and 42 deletions
36
.github/workflows/build-android-emulator.yml
vendored
Normal file
36
.github/workflows/build-android-emulator.yml
vendored
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
name: Build android-emulator
|
||||||
|
|
||||||
|
# ADR-0002: infra-owned image built off-infra on GHA → ghcr (public).
|
||||||
|
# Large image (Android SDK + emulator); on-demand workload (scaled 0). Rebuilds
|
||||||
|
# rare → dispatch + path trigger.
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [master]
|
||||||
|
paths:
|
||||||
|
- 'stacks/android-emulator/docker/**'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- uses: docker/setup-buildx-action@v3
|
||||||
|
- uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: stacks/android-emulator/docker
|
||||||
|
platforms: linux/amd64
|
||||||
|
provenance: false
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
ghcr.io/viktorbarzin/android-emulator:latest
|
||||||
|
ghcr.io/viktorbarzin/android-emulator:${{ github.sha }}
|
||||||
36
.github/workflows/build-chrome-service-novnc.yml
vendored
Normal file
36
.github/workflows/build-chrome-service-novnc.yml
vendored
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
name: Build chrome-service-novnc
|
||||||
|
|
||||||
|
# ADR-0002: infra-owned image built off-infra on GHA → ghcr (public).
|
||||||
|
# Source Dockerfile identical on both git remotes, so the github checkout builds
|
||||||
|
# the current image. Rebuilds are rare (stable noVNC proxy) → dispatch + path.
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [master]
|
||||||
|
paths:
|
||||||
|
- 'stacks/chrome-service/files/novnc/**'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- uses: docker/setup-buildx-action@v3
|
||||||
|
- uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: stacks/chrome-service/files/novnc
|
||||||
|
platforms: linux/amd64
|
||||||
|
provenance: false
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
ghcr.io/viktorbarzin/chrome-service-novnc:latest
|
||||||
|
ghcr.io/viktorbarzin/chrome-service-novnc:${{ github.sha }}
|
||||||
41
.github/workflows/build-cli.yml
vendored
Normal file
41
.github/workflows/build-cli.yml
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
name: Build infra CLI
|
||||||
|
|
||||||
|
# ADR-0002: infra CLI built off-infra on GHA. Replaces the Woodpecker
|
||||||
|
# build-cli.yml. Pushes to DockerHub (public distribution, kept) + ghcr.
|
||||||
|
# Not a cluster workload — a distributed tool image.
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [master]
|
||||||
|
paths:
|
||||||
|
- 'cli/**'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- uses: docker/setup-buildx-action@v3
|
||||||
|
- uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
- uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: cli
|
||||||
|
platforms: linux/amd64
|
||||||
|
provenance: false
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
viktorbarzin/infra:latest
|
||||||
|
ghcr.io/viktorbarzin/infra-cli:latest
|
||||||
|
ghcr.io/viktorbarzin/infra-cli:${{ github.sha }}
|
||||||
|
|
@ -1,42 +0,0 @@
|
||||||
when:
|
|
||||||
event: push
|
|
||||||
|
|
||||||
clone:
|
|
||||||
git:
|
|
||||||
image: woodpeckerci/plugin-git
|
|
||||||
settings:
|
|
||||||
attempts: 5
|
|
||||||
backoff: 10s
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: build-image
|
|
||||||
image: woodpeckerci/plugin-docker-buildx
|
|
||||||
settings:
|
|
||||||
username: "viktorbarzin"
|
|
||||||
password:
|
|
||||||
from_secret: dockerhub-pat
|
|
||||||
# Phase 4 of forgejo-registry-consolidation 2026-05-07 —
|
|
||||||
# registry.viktorbarzin.me:5050 decommissioned. Push to DockerHub
|
|
||||||
# (the public-facing infra image) AND Forgejo (the cluster pull
|
|
||||||
# source). Same image, two locations.
|
|
||||||
repo:
|
|
||||||
- viktorbarzin/infra
|
|
||||||
- forgejo.viktorbarzin.me/viktor/infra
|
|
||||||
logins:
|
|
||||||
- registry: https://index.docker.io/v1/
|
|
||||||
username: viktorbarzin
|
|
||||||
password:
|
|
||||||
from_secret: dockerhub-pat
|
|
||||||
- registry: forgejo.viktorbarzin.me
|
|
||||||
username:
|
|
||||||
from_secret: forgejo_user
|
|
||||||
password:
|
|
||||||
from_secret: forgejo_push_token
|
|
||||||
dockerfile: cli/Dockerfile
|
|
||||||
context: cli
|
|
||||||
auto_tag: true
|
|
||||||
# cache_from/cache_to removed: registry cache corruption causes
|
|
||||||
# "short read: expected 32 bytes" BuildKit errors. Inline cache
|
|
||||||
# will be re-populated once a clean image is pushed.
|
|
||||||
# cache_from: "registry.viktorbarzin.me:5050/infra:latest"
|
|
||||||
# cache_to: "type=inline"
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue