Single self-contained index.html (avatar + favicon inlined; only Google Fonts external; zero JS; dark-mode; responsive) served by a baked nginx:alpine image behind Traefik, built and published by CI on push to main and rolled out by Watchtower. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LbhPvfSERrnuY5jdhAdB7v
This commit is contained in:
@@ -0,0 +1,85 @@
|
||||
name: build
|
||||
|
||||
# On push to main, build the self-contained nginx image and push it to the
|
||||
# build registry, then publish it so the deploy host can pull it over HTTPS
|
||||
# and Watchtower recreates the container. The registry address is injected
|
||||
# from a masked secret so it never appears in the repo or the logs.
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
paths:
|
||||
- 'index.html'
|
||||
- 'favicon.svg'
|
||||
- 'nginx.conf'
|
||||
- 'Dockerfile'
|
||||
- '.gitea/workflows/build.yml'
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency:
|
||||
group: build-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: docker
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
# The build registry is plain HTTP — tell buildkit not to upgrade
|
||||
# the push to HTTPS.
|
||||
config-inline: |
|
||||
[registry."${{ secrets.REGISTRY_HOST }}"]
|
||||
http = true
|
||||
insecure = true
|
||||
|
||||
- name: Configure registry credentials for buildx
|
||||
env:
|
||||
REGISTRY_HOST: ${{ secrets.REGISTRY_HOST }}
|
||||
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
||||
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
run: |
|
||||
mkdir -p ~/.docker
|
||||
AUTH=$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_TOKEN" | base64 -w0)
|
||||
cat > ~/.docker/config.json <<EOF
|
||||
{"auths":{"$REGISTRY_HOST":{"auth":"$AUTH"}}}
|
||||
EOF
|
||||
|
||||
- name: Compute tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ secrets.REGISTRY_HOST }}/justin/jpaulio
|
||||
tags: |
|
||||
type=raw,value=latest
|
||||
type=raw,value=test-main
|
||||
type=sha,prefix=test-sha-,format=long
|
||||
labels: |
|
||||
org.opencontainers.image.url=https://jpaul.io
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
||||
- name: Publish package (link to repo)
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
run: |
|
||||
code=$(curl -s -o /tmp/link.out -w "%{http_code}" -X POST \
|
||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||
"https://git.jpaul.io/api/v1/packages/justin/container/jpaulio/-/link/jpaulio")
|
||||
echo "link -> jpaulio: HTTP $code"
|
||||
case "$code" in
|
||||
201) echo "OK — newly linked" ;;
|
||||
400|409) echo "OK — already linked" ;;
|
||||
*) cat /tmp/link.out; exit 1 ;;
|
||||
esac
|
||||
Reference in New Issue
Block a user