ci: pass pre-built JAR to docker job via artifact

Build job uploads the JAR, docker job downloads it and builds a runtime-only image. Eliminates duplicate Maven dependency download (~2min saving). The repo Dockerfile is kept for local builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 18:15:12 +02:00
parent 956eb13dd6
commit cbf7d5c60f
1 changed files with 25 additions and 6 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -32,6 +32,13 @@ jobs:
          mvn clean verify -B
          -Dsurefire.excludes="**/AuthControllerTest.java,**/TenantControllerTest.java,**/LicenseControllerTest.java,**/AuditRepositoryTest.java,**/CameleerSaasApplicationTest.java,**/EnvironmentControllerTest.java,**/AppControllerTest.java,**/DeploymentControllerTest.java"

+      - name: Upload JAR artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-jar
+          path: target/cameleer-saas-*.jar
+          retention-days: 1
+
  docker:
    needs: build
    runs-on: ubuntu-latest
@@ -42,11 +49,10 @@ jobs:
        username: cameleer
        password: ${{ secrets.REGISTRY_TOKEN }}
    steps:
-      - name: Checkout
-        run: |
-          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
-        env:
-          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Download JAR artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: app-jar

      - name: Login to registry
        run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin
@@ -72,11 +78,24 @@ jobs:

      - name: Build and push
        run: |
+          # Build runtime-only image from pre-built JAR (no Maven needed)
+          mkdir -p build-context
+          cp cameleer-saas-*.jar build-context/app.jar
+          cat > build-context/Dockerfile << 'DOCKERFILE'
+          FROM eclipse-temurin:21-jre-alpine
+          WORKDIR /app
+          RUN addgroup -S cameleer && adduser -S cameleer -G cameleer
+          COPY app.jar app.jar
+          USER cameleer
+          EXPOSE 8080
+          ENTRYPOINT ["java", "-jar", "app.jar"]
+          DOCKERFILE
+
          TAGS="-t gitea.siegeln.net/cameleer/cameleer-saas:${{ github.sha }}"
          for TAG in $IMAGE_TAGS; do
            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-saas:$TAG"
          done
-          docker build $TAGS --provenance=false .
+          docker build $TAGS --provenance=false build-context/
          for TAG in $IMAGE_TAGS ${{ github.sha }}; do
            docker push gitea.siegeln.net/cameleer/cameleer-saas:$TAG
          done