fix: restore multi-stage Dockerfiles, use cameleer-docker-builder

Follow cameleer3-server CI pattern: docker job uses cameleer-docker-builder:1 (has Docker CLI), Dockerfiles contain multi-stage builds (self-contained, no external toolchain needed). - Dockerfile: restore frontend + maven + runtime stages - ui/sign-in/Dockerfile: add node build stage + Logto base - ci.yml: docker job reverts to cameleer-docker-builder:1, passes REGISTRY_TOKEN as build-arg, adds build cache Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 15:51:59 +02:00
parent ad97a552f6
commit 3fcbc431fb
3 changed files with 52 additions and 36 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -56,19 +56,16 @@ jobs:
    runs-on: ubuntu-latest
    if: github.event_name == 'push'
    container:
-      image: gitea.siegeln.net/cameleer/cameleer-build:1
+      image: gitea.siegeln.net/cameleer/cameleer-docker-builder:1
      credentials:
        username: cameleer
        password: ${{ secrets.REGISTRY_TOKEN }}
    steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
-
+        run: |
-      - name: Cache Maven dependencies
+          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
-        uses: actions/cache@v4
+        env:
-        with:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven-
      - name: Login to registry
        run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin
@@ -92,42 +89,25 @@ jobs:
            echo "IMAGE_TAGS=branch-$SLUG" >> "$GITHUB_ENV"
          fi
-      - name: Build SaaS frontend
+      - name: Set up QEMU for cross-platform builds
-        run: |
+        run: docker run --rm --privileged gitea.siegeln.net/cameleer/binfmt:1 --install all
          cd ui
          echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc
          npm ci
          npm run build
          cp -r dist/ ../src/main/resources/static/
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Build SaaS JAR
        run: mvn package -DskipTests -B
      - name: Build sign-in UI
        run: |
          cd ui/sign-in
          echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc
          npm ci
          npm run build
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Set up Docker buildx
        run: |
          docker buildx create --use --name cibuilder 2>/dev/null || true
      - name: Build and push SaaS image
        run: |
          docker buildx create --use --name cibuilder
          TAGS="-t gitea.siegeln.net/cameleer/cameleer-saas:${{ github.sha }}"
          for TAG in $IMAGE_TAGS; do
            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-saas:$TAG"
          done
          docker buildx build --platform linux/amd64 \
            --build-arg REGISTRY_TOKEN="$REGISTRY_TOKEN" \
            $TAGS \
            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer-saas:buildcache \
            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer-saas:buildcache,mode=max \
            --provenance=false \
            --push .
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Build and push Logto image
        run: |
@@ -136,7 +116,12 @@ jobs:
            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-logto:$TAG"
          done
          docker buildx build --platform linux/amd64 \
            --build-arg REGISTRY_TOKEN="$REGISTRY_TOKEN" \
            -f ui/sign-in/Dockerfile \
            $TAGS \
            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer-logto:buildcache \
            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer-logto:buildcache,mode=max \
            --provenance=false \
            --push ui/sign-in/
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
--- a/25
+++ b/25
@@ -1,7 +1,30 @@
 # syntax=docker/dockerfile:1
 # Frontend: runs natively on build host
 FROM --platform=$BUILDPLATFORM node:22-alpine AS frontend
 ARG REGISTRY_TOKEN
 WORKDIR /ui
 COPY ui/package.json ui/package-lock.json ui/.npmrc ./
 RUN echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc && npm ci
 COPY ui/ .
 RUN npm run build
 # Maven build: runs natively on build host (no QEMU emulation)
 FROM --platform=$BUILDPLATFORM eclipse-temurin:21-jdk-alpine AS build
 WORKDIR /build
 COPY .mvn/ .mvn/
 COPY mvnw pom.xml ./
 # Cache deps — only re-downloaded when POM changes
 RUN ./mvnw dependency:go-offline -B || true
 COPY src/ src/
 COPY --from=frontend /ui/dist/ src/main/resources/static/
 RUN ./mvnw package -DskipTests -B
 # Runtime: target platform (amd64)
 FROM eclipse-temurin:21-jre-alpine
 WORKDIR /app
 RUN addgroup -S cameleer && adduser -S cameleer -G cameleer
-COPY target/*.jar app.jar
+COPY --from=build /build/target/*.jar app.jar
 USER cameleer
 EXPOSE 8080
 ENTRYPOINT ["java", "-jar", "app.jar"]
--- a/ui/sign-in/Dockerfile
+++ b/ui/sign-in/Dockerfile
@@ -1,2 +1,10 @@
 FROM --platform=$BUILDPLATFORM node:22-alpine AS build
 ARG REGISTRY_TOKEN
 WORKDIR /ui
 COPY package.json package-lock.json .npmrc ./
 RUN echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc && npm ci
 COPY . .
 RUN npm run build
 FROM ghcr.io/logto-io/logto:latest
-COPY dist/ /etc/logto/packages/experience/dist/
+COPY --from=build /ui/dist/ /etc/logto/packages/experience/dist/