infra: image: protect :latest tag so only the default branch can push to it

infra: image: fix hard coded image name infra: image: fixes c35db0f infra: image: build image for branches if they dont exist infra: image: fix image tag for build job infra: image: fixes image_tag infra: image: switch to using ${{ vars.REGISTRY_URL }} Doing this so I can change this site wide in the future without anything breaking infra: actions: set build job to only build infra: actions: add test job infra: actions: add check-format job infra: actions: add docs job FIXME: test TEST test fixes fixes fixes test oops test infra: actions: fix docker changes detector so it doesnt always build on force pushes infra: actions: cache git repo FIXME: add a cache job test cache test again fix infra: actions: cache the docker build fixes
2025-12-08 19:42:09 -06:00
parent 330ad81e3e
commit be723914e0
1 changed files with 110 additions and 13 deletions
--- a/.gitea/workflows/gentoo-utils.yml
+++ b/.gitea/workflows/gentoo-utils.yml
@@ -7,6 +7,12 @@ jobs:
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
+      - name: Restore git cache
+        uses: actions/cache@v4
+        with:
+          path: .git
+          key: gitea-repo-${{ gitea.repository }}-${{ gitea.ref }}
+
      - name: Checkout repo
        uses: actions/checkout@v5
        with:
@@ -14,42 +20,133 @@ jobs:

      - name: Check for changes before building
        id: image-changes
+        # build image only if 1. changes are detected or 2. an image for the working branch doesnt exist
        run: |
-          echo "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITEA_OUTPUT
-          if ! git diff ${{ gitea.event.before }} ${{ gitea.sha }} --no-patch --exit-code .docker; then
-            echo changes_detected=true >> $GITEA_OUTPUT
-          else
-            echo changes_detected=false >> $GITEA_OUTPUT
+          branch_name="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
+          default_branch_name="${{ gitea.event.repository.default_branch }}"
+          image_tag=latest
+          comparison_hash="${{ gitea.event.before }}"
+
+          if [[ "$branch_name" != "$default_branch_name" ]]; then
+            image_tag=$branch_name
          fi
+          # slugify
+          image_tag="$(echo "$image_tag" | sed -E 's/[^a-zA-Z0-9]/-/g')"
+
+          # rebase breaks gitea.event.before, so check to make sure the hash provided exists
+          if ! git merge-base --is-ancestor $comparison_hash $branch_name >/dev/null 2>&1; then
+            comparison_hash=$(git merge-base origin/$default_branch_name $branch_name)
+          fi
+            
+          if ! git diff $comparison_hash ${{ gitea.sha }} --no-patch --exit-code .docker; then
+            build_image=true
+          else
+            if ! docker manifest inspect ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${image_tag} >/dev/null 2>&1; then
+              build_image=true
+            else
+              build_image=false
+            fi
+          fi
+
+          echo "default_branch_name=$default_branch_name" >> $GITEA_OUTPUT
+          echo "branch_name=$branch_name" >> $GITEA_OUTPUT
+          echo "image_tag=$image_tag" >> $GITEA_OUTPUT
+          echo "comparison_hash=$comparison_hash" >> $GITEA_OUTPUT
+          echo "build_image=$build_image" >> $GITEA_OUTPUT
          cat $GITEA_OUTPUT
      - name: Set up Docker buildx
-        if: steps.image-changes.outputs.changes_detected == 'true'
+        if: steps.image-changes.outputs.build_image == 'true'
        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=runners-net

      - name: Log in to Github Container Registry
-        if: steps.image-changes.outputs.changes_detected == 'true'
+        if: steps.image-changes.outputs.build_image == 'true'
        uses: docker/login-action@v3
        with:
-          registry: git.epenguin.net
+          registry: ${{ vars.REGISTRY_URL }}
          username: ${{ vars.CI_BOT_USERNAME }}
          password: ${{ secrets.CI_BOT_TOKEN }}

      - name: Build and push
-        if: steps.image-changes.outputs.changes_detected == 'true'
+        if: steps.image-changes.outputs.build_image == 'true'
        uses: docker/build-push-action@v6
        with:
          push: true
-          tags: git.epenguin.net/${{ gitea.repository }}:latest
+          tags: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ steps.image-changes.outputs.image_tag }}
          context: "{{defaultContext}}:.docker"
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+    outputs:
+      image_tag: ${{ steps.image-changes.outputs.image_tag }}

  build:
    runs-on: brutalisk
-    container:
-      image: git.epenguin.net/gentoo-utils/gentoo-utils-gitea:latest
+    env:
+      CC: 'clang'
+      CXX: 'clang++'
    needs: build-oci-image
+    container:
+      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v5

      - name: build and check
-        run: ./check.sh
+        run: |
+          echo $USER
+          echo "CC=$CC"
+          echo "CXX=$CXX"
+          source /etc/profile
+          meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized -Ddocs=enabled build
+          meson compile -C build
+
+  # FIXME: Currently this rebuilds everything. Instead we should bring over the build dir from the build job. This will come in handy
+  # when we have multiple build targets and configs. What we have currently is fine until we get lots of builds going
+  test:
+    runs-on: brutalisk
+    env:
+      CC: 'clang'
+      CXX: 'clang++'
+    needs: [build-oci-image, build]
+    container:
+      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+
+      - name: test
+        run: |
+          meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized -Ddocs=enabled build
+          meson compile -C build
+          ninja test -C build
+
+  check-format:
+    runs-on: brutalisk
+    needs: [build-oci-image]
+    container:
+      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+
+      - name: Check Formatting
+        run: |
+          meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build
+          ninja rustfmt -C build
+
+  docs:
+    runs-on: brutalisk
+    needs: [build-oci-image]
+    container:
+      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+
+      - name: Build Documentation
+        run: |
+          meson setup -Ddocs=enabled docs
+          meson compile -C docs
+
+