ci: auto build & push image on main (:latest) + v* tags
Build & push image / build-and-push (push) Successful in 58s

Mirror mort-ci.yml's build-and-push: BuildKit secrets (REGISTRY_USER/
REGISTRY_PASSWORD) for private majordomo access instead of build-args, and the
LAN --add-host so the builder can reach the registry. push main -> :latest +
:sha-<short>; tag v* -> :<tag> + :latest; other branches -> :branch-<safe>;
PRs build-only (no push). Optional DISCORD_WEBHOOK_URL notifications.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Steve Dudenhoeffer
2026-06-25 18:45:48 -04:00
parent 48936d55b2
commit 6123604595
3 changed files with 104 additions and 34 deletions
+13 -11
View File
@@ -1,25 +1,27 @@
# syntax=docker/dockerfile:1
#
# Multi-stage so the private-module access token used to fetch the majordomo
# dependency lives ONLY in the build stage and never lands in the final image.
# Multi-stage so the private-module credentials (used to fetch the majordomo
# dependency) live ONLY in the build stage via BuildKit secrets and never land
# in the final image. Mirrors mort's Dockerfile secret idiom.
FROM golang:1.26 AS build
ARG GIT_HOST=gitea.stevedudenhoeffer.com
ARG GIT_USER=
ARG GIT_TOKEN=
ENV CGO_ENABLED=0 \
GOFLAGS=-mod=mod \
GOSUMDB=off
GOSUMDB=off \
GOTOOLCHAIN=auto
ENV GOPRIVATE=${GIT_HOST}/* GONOSUMDB=${GIT_HOST}/*
WORKDIR /src
# Private Go module access (majordomo). Token is confined to this stage.
RUN if [ -n "$GIT_TOKEN" ]; then \
git config --global url."https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/"; \
fi
COPY go.mod go.sum ./
RUN go mod download
RUN --mount=type=secret,id=REGISTRY_USER \
--mount=type=secret,id=REGISTRY_PASSWORD \
--mount=type=cache,target=/go/pkg/mod \
git config --global url."https://$(cat /run/secrets/REGISTRY_USER):$(cat /run/secrets/REGISTRY_PASSWORD)@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/" \
&& go mod download
COPY . .
RUN go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly
FROM alpine:3.20
RUN apk add --no-cache bash git curl jq ca-certificates