From cbf7d5c60fc503e82b13237c740ea01551e30c7b Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sat, 4 Apr 2026 18:15:12 +0200
Subject: [PATCH] ci: pass pre-built JAR to docker job via artifact

Build job uploads the JAR, docker job downloads it and builds a
runtime-only image. Eliminates duplicate Maven dependency download
(~2min saving). The repo Dockerfile is kept for local builds.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 46a4c32..84dcd59 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -32,6 +32,13 @@ jobs:
           mvn clean verify -B
           -Dsurefire.excludes="**/AuthControllerTest.java,**/TenantControllerTest.java,**/LicenseControllerTest.java,**/AuditRepositoryTest.java,**/CameleerSaasApplicationTest.java,**/EnvironmentControllerTest.java,**/AppControllerTest.java,**/DeploymentControllerTest.java"
 
+      - name: Upload JAR artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-jar
+          path: target/cameleer-saas-*.jar
+          retention-days: 1
+
   docker:
     needs: build
     runs-on: ubuntu-latest
@@ -42,11 +49,10 @@ jobs:
         username: cameleer
         password: ${{ secrets.REGISTRY_TOKEN }}
     steps:
-      - name: Checkout
-        run: |
-          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
-        env:
-          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Download JAR artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: app-jar
 
       - name: Login to registry
         run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin
@@ -72,11 +78,24 @@ jobs:
 
       - name: Build and push
         run: |
+          # Build runtime-only image from pre-built JAR (no Maven needed)
+          mkdir -p build-context
+          cp cameleer-saas-*.jar build-context/app.jar
+          cat > build-context/Dockerfile << 'DOCKERFILE'
+          FROM eclipse-temurin:21-jre-alpine
+          WORKDIR /app
+          RUN addgroup -S cameleer && adduser -S cameleer -G cameleer
+          COPY app.jar app.jar
+          USER cameleer
+          EXPOSE 8080
+          ENTRYPOINT ["java", "-jar", "app.jar"]
+          DOCKERFILE
+
           TAGS="-t gitea.siegeln.net/cameleer/cameleer-saas:${{ github.sha }}"
           for TAG in $IMAGE_TAGS; do
             TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-saas:$TAG"
           done
-          docker build $TAGS --provenance=false .
+          docker build $TAGS --provenance=false build-context/
           for TAG in $IMAGE_TAGS ${{ github.sha }}; do
             docker push gitea.siegeln.net/cameleer/cameleer-saas:$TAG
           done