techblog/.forgejo/workflows/docker-build.yml

name: Build and Push Docker Image

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Show commit and Dockerfile
        run: git log --oneline -1 && echo "---" && head -35 Dockerfile

      - name: Clear Docker build cache
        run: docker builder prune -af

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Derive registry from server URL
        run: |
          REGISTRY=$(echo "${{ github.server_url }}" | sed 's|https://||' | sed 's|http://||')
          echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
          echo "IMAGE=${REGISTRY}/${{ github.repository }}" >> $GITHUB_ENV

      - name: Log in to Forgejo container registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: Extract metadata (tags, labels)
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.IMAGE }}
          tags: |
            type=sha,prefix=,format=short
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          secrets: |
            composer_auth=${{ secrets.COMPOSER_AUTH }}
          no-cache: true
Forgejo Actions Script 2026-03-31 02:54:47 +00:00			`name: Build and Push Docker Image`

			`on:`
			`push:`
			`branches:`
			`- main`
			`workflow_dispatch:`

			`jobs:`
			`build-and-push:`
			`runs-on: ubuntu-latest`
fix(ci): add packages:write permission for container registry push The GITHUB_TOKEN auto-generated by Forgejo Actions requires explicit packages:write scope to authenticate with the Forgejo container registry. Without this, docker/login-action fails with a 401/403, which caused all builds to fail within ~30 seconds at the login step. Also adds contents:read as a best-practice minimal-privilege declaration. 2026-04-01 02:53:55 +00:00			`permissions:`
			`packages: write`
			`contents: read`
Forgejo Actions Script 2026-03-31 02:54:47 +00:00			`steps:`
			`- name: Checkout code`
			`uses: actions/checkout@v4`

Debug - print commit and dockerfile in workflow 2026-03-31 15:29:22 +00:00			`- name: Show commit and Dockerfile`
			`run: git log --oneline -1 && echo "---" && head -35 Dockerfile`

Clear docker build cache before build 2026-03-31 15:49:04 +00:00			`- name: Clear Docker build cache`
			`run: docker builder prune -af`

Forgejo Actions Script 2026-03-31 02:54:47 +00:00			`- name: Set up Docker Buildx`
			`uses: docker/setup-buildx-action@v3`

			`- name: Derive registry from server URL`
			`run: \|`
			`REGISTRY=$(echo "${{ github.server_url }}" \| sed 's\|https://\|\|' \| sed 's\|http://\|\|')`
			`echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV`
			`echo "IMAGE=${REGISTRY}/${{ github.repository }}" >> $GITHUB_ENV`

			`- name: Log in to Forgejo container registry`
			`uses: docker/login-action@v3`
			`with:`
			`registry: ${{ env.REGISTRY }}`
			`username: ${{ github.actor }}`
fix: user REGISTRY_TOKEN for container registry auth 2026-04-01 03:30:38 +00:00			`password: ${{ secrets.REGISTRY_TOKEN }}`
Forgejo Actions Script 2026-03-31 02:54:47 +00:00
			`- name: Extract metadata (tags, labels)`
			`id: meta`
			`uses: docker/metadata-action@v5`
			`with:`
			`images: ${{ env.IMAGE }}`
			`tags: \|`
			`type=sha,prefix=,format=short`
			`type=raw,value=latest,enable={{is_default_branch}}`

			`- name: Build and push Docker image`
			`uses: docker/build-push-action@v5`
			`with:`
			`context: .`
			`push: true`
			`tags: ${{ steps.meta.outputs.tags }}`
			`labels: ${{ steps.meta.outputs.labels }}`
Updating actions file 2026-03-31 04:06:02 +00:00			`secrets: \|`
			`composer_auth=${{ secrets.COMPOSER_AUTH }}`
Disable cache force clean build 2026-03-31 04:11:41 +00:00			`no-cache: true`