diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 46a4c32..84dcd59 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -32,6 +32,13 @@ jobs: mvn clean verify -B -Dsurefire.excludes="**/AuthControllerTest.java,**/TenantControllerTest.java,**/LicenseControllerTest.java,**/AuditRepositoryTest.java,**/CameleerSaasApplicationTest.java,**/EnvironmentControllerTest.java,**/AppControllerTest.java,**/DeploymentControllerTest.java" + - name: Upload JAR artifact + uses: actions/upload-artifact@v4 + with: + name: app-jar + path: target/cameleer-saas-*.jar + retention-days: 1 + docker: needs: build runs-on: ubuntu-latest @@ -42,11 +49,10 @@ jobs: username: cameleer password: ${{ secrets.REGISTRY_TOKEN }} steps: - - name: Checkout - run: | - git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git . - env: - REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + - name: Download JAR artifact + uses: actions/download-artifact@v4 + with: + name: app-jar - name: Login to registry run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin @@ -72,11 +78,24 @@ jobs: - name: Build and push run: | + # Build runtime-only image from pre-built JAR (no Maven needed) + mkdir -p build-context + cp cameleer-saas-*.jar build-context/app.jar + cat > build-context/Dockerfile << 'DOCKERFILE' + FROM eclipse-temurin:21-jre-alpine + WORKDIR /app + RUN addgroup -S cameleer && adduser -S cameleer -G cameleer + COPY app.jar app.jar + USER cameleer + EXPOSE 8080 + ENTRYPOINT ["java", "-jar", "app.jar"] + DOCKERFILE + TAGS="-t gitea.siegeln.net/cameleer/cameleer-saas:${{ github.sha }}" for TAG in $IMAGE_TAGS; do TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-saas:$TAG" done - docker build $TAGS --provenance=false . + docker build $TAGS --provenance=false build-context/ for TAG in $IMAGE_TAGS ${{ github.sha }}; do docker push gitea.siegeln.net/cameleer/cameleer-saas:$TAG done