Merge pull request 'Align workflows with htpasswd standard pattern' (#8 ) from fix/workflow-standard into master

Reviewed-on: #8
fix: use . as context, not ./pkg
2026-06-14 12:35:41 -04:00 · 2026-06-14 10:50:53 -04:00 · 2026-06-14 10:50:48 -04:00 · 2026-06-14 10:50:40 -04:00 · 2026-06-14 10:50:37 -04:00 · 2026-06-13 19:19:18 -04:00
7 changed files with 218 additions and 47 deletions
@@ -0,0 +1,50 @@
 name: Nightly Rebuild
 on:
  schedule:
    - cron: '0 0 * * *'
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        continue-on-error: true
        with:
          dockerfile: pkg/Dockerfile
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -f pkg/Dockerfile -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
  build-push:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          fetch-depth: 0
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - id: get-latest-tag
        run: |
          TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
          echo "tag=$TAG" >> $GITHUB_OUTPUT
      - id: meta
        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
        with:
          images: jcabillot/send
          tags: |
            type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
        with:
          context: .
          file: pkg/Dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          pull: true
@@ -1,47 +0,0 @@
 name: Docker Build and Push
 on:
  pull_request:
    branches: [master]
  push:
    branches: [master]
  schedule:
    - cron: '0 0 * * *'
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4
      - name: Login to Docker Hub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Docker metadata
        id: meta
        uses: docker/metadata-action@v6
        with:
          images: jcabillot/send
          tags: |
            #type=ref,event=branch
            #type=ref,event=pr
            #type=sha
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
      - name: Build and push
        uses: docker/build-push-action@v7
        with:
          context: pkg
          file: pkg/Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          pull: true
@@ -0,0 +1,44 @@
 name: Main Release
 on:
  push:
    branches: [master]
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        continue-on-error: true
        with:
          dockerfile: pkg/Dockerfile
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -f pkg/Dockerfile -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
  build:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -f pkg/Dockerfile -t jcabillot/send:${{ github.sha }} .
  tag:
    needs: [build]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          fetch-depth: 0
      - name: Configure git auth
        run: |
          git remote set-url origin "https://x-access-token:${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}@scm.cabillot.eu/web/send.git"
      - uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0
        env:
          GITHUB_TOKEN: ${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}
          DEFAULT_BUMP: patch
          RELEASE_BRANCHES: master
          WITH_V: true
          GIT_API_TAGGING: false
@@ -0,0 +1,20 @@
 name: PR Checks
 on:
  pull_request:
    branches: [master]
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        continue-on-error: true
        with:
          dockerfile: pkg/Dockerfile
  build-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -f pkg/Dockerfile -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
@@ -0,0 +1,45 @@
 name: Tag Release
 on:
  push:
    tags: ['*']
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        continue-on-error: true
        with:
          dockerfile: pkg/Dockerfile
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -f pkg/Dockerfile -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
  build-push:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - id: meta
        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
        with:
          images: jcabillot/send
          tags: |
            type=ref,event=tag
            type=ref,event=tag,suffix=-latest
      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
        with:
          context: .
          file: pkg/Dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          pull: true
@@ -13,4 +13,8 @@ COPY --chown=www-data:www-data pkg/files/Caddyfile /etc/frankenphp/Caddyfile
 COPY --chown=www-data:www-data "../public" "/app"
 # TODO: php.ini
 # Caddyfile imports this file via basic_auth (it can be empty, file just must exist)
 RUN touch /etc/frankenphp/htpasswd && \
    chown www-data:www-data /etc/frankenphp/htpasswd
 USER www-data
@@ -0,0 +1,55 @@
 #!/usr/bin/env bash
 set -euo pipefail
 IMAGE="${1:?Usage: test.sh <image>}"
 CONTAINER_NAME="test-$(echo "$IMAGE" | tr ':/' '-')-$$"
 PASSED=0
 FAILED=0
 TOTAL=0
 cleanup() {
  docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
 }
 trap cleanup EXIT
 assert() {
  local name="$1" expected="$2" actual="$3"
  TOTAL=$((TOTAL + 1))
  if [ "$expected" = "$actual" ]; then
    echo "  PASS: $name"
    PASSED=$((PASSED + 1))
  else
    echo "  FAIL: $name (expected: '$expected', got: '$actual')"
    FAILED=$((FAILED + 1))
  fi
 }
 echo "Running container: $IMAGE"
 docker run -d --name "$CONTAINER_NAME" -p 8080:80 "$IMAGE" >/dev/null
 DOCKER_GW=$(docker network inspect bridge --format '{{range .IPAM.Config}}{{.Gateway}}{{end}}')
 BASE_URL="http://${DOCKER_GW}:8080"
 echo "Waiting for container on ${DOCKER_GW}:8080..."
 for i in $(seq 1 30); do
  if [ "$(curl -s -o /dev/null -w '%{http_code}' "$BASE_URL/" 2>/dev/null)" != "000" ]; then
    echo "Container ready after ${i}s"
    break
  fi
  if [ "$i" -eq 30 ]; then
    echo "FAIL: Container did not become ready within 30s"
    docker logs "$CONTAINER_NAME"
    exit 1
  fi
  sleep 1
 done
 echo ""
 echo "Test: GET / (basic_auth should return 401)"
 STATUS=$(curl -s -o /dev/null -w '%{http_code}' "$BASE_URL/")
 assert "HTTP status is 401 (Unauthorized)" "401" "$STATUS"
 echo ""
 echo "Results: $PASSED/$TOTAL passed, $FAILED failed"
 [ "$FAILED" -eq 0 ]
Author	SHA1	Message	Date
jcabillot	a934f2035a	Merge pull request 'Align workflows with htpasswd standard pattern' (#8 ) from fix/workflow-standard into master Main Release / hadolint (push) Successful in 7s Details Main Release / test (push) Successful in 15s Details Main Release / build (push) Successful in 14s Details Main Release / tag (push) Successful in 12s Details Tag Release / hadolint (push) Successful in 7s Details Tag Release / test (push) Successful in 15s Details Tag Release / build-push (push) Successful in 40s Details Reviewed-on: #8	2026-06-14 12:35:41 -04:00
cloudix_mcp_server	573efdf499	fix: use . as context, not ./pkg PR Checks / hadolint (pull_request) Successful in 6s Details PR Checks / build-test (pull_request) Successful in 16s Details	2026-06-14 10:50:53 -04:00
cloudix_mcp_server	52744bf26c	fix: use . as context, not ./pkg PR Checks / hadolint (pull_request) Successful in 5s Details PR Checks / build-test (pull_request) Failing after 10s Details	2026-06-14 10:50:48 -04:00
cloudix_mcp_server	e9d2978bff	fix: use . as context, not ./pkg PR Checks / hadolint (pull_request) Successful in 6s Details PR Checks / build-test (pull_request) Failing after 12s Details	2026-06-14 10:50:40 -04:00
cloudix_mcp_server	91d4a97082	fix: use repo root as context, not ./pkg PR Checks / hadolint (pull_request) Successful in 6s Details PR Checks / build-test (pull_request) Failing after 13s Details	2026-06-14 10:50:37 -04:00
cloudix_mcp_server	02c51866d8	fix: correct build-push SHA in tag.yaml PR Checks / hadolint (pull_request) Successful in 6s Details PR Checks / build-test (pull_request) Failing after 12s Details	2026-06-13 19:19:18 -04:00
cloudix_mcp_server	bbc4314793	fix: correct SHAs in pr.yaml PR Checks / hadolint (pull_request) Successful in 6s Details PR Checks / build-test (pull_request) Failing after 14s Details	2026-06-13 19:19:15 -04:00
cloudix_mcp_server	0082dc9a48	fix: correct SHAs in main.yaml PR Checks / build-test (pull_request) Failing after 15s Details PR Checks / hadolint (pull_request) Successful in 6s Details	2026-06-13 19:19:12 -04:00
cloudix_mcp_server	56590c9df5	fix: correct build-push SHA in cron.yaml	2026-06-13 19:19:09 -04:00
Sagent	7f3cc66380	Align workflows with htpasswd standard pattern PR Checks / hadolint (pull_request) Successful in 8s Details PR Checks / build-test (pull_request) Failing after 14s Details - Add hadolint, test, and build jobs in dependency chain matching htpasswd - Update build context: ./pkg, file: pkg/Dockerfile - Update image to jcabillot/send with SA_TOKEN_ACTION_PUSH_TAGS - Add continue-on-error on hadolint jobs, setup-buildx in test steps - Add version comments on action SHAs - Use fetch-depth: 0 for tag-related checkouts - Configure git auth URL with SA_TOKEN_ACTION_PUSH_TAGS for tag creation Closes: fix/workflow-standard	2026-06-13 21:36:33 +00:00
jcabillot	6ec8199178	Merge pull request 'refactor: migrate CI from single docker-build.yaml to split workflows' (#7 ) from fix/refactor-ci-pipelines into master Tag Release / tag (push) Failing after 12s Details Main / build-and-push (push) Failing after 1m38s Details Reviewed-on: #7	2026-06-12 20:18:45 -04:00
cloudix_mcp_server	55b7d0478f	Remove old docker-build.yaml PR Checks / lint (pull_request) Successful in 7s Details PR Checks / test (pull_request) Successful in 17s Details	2026-06-12 19:41:15 -04:00
cloudix_mcp_server	fcad3d72fc	Add tag.yaml workflow	2026-06-12 19:41:11 -04:00
cloudix_mcp_server	fc8d90063e	Add cron.yaml workflow	2026-06-12 19:41:05 -04:00
cloudix_mcp_server	0786d41a88	Add main.yaml workflow	2026-06-12 19:41:00 -04:00
cloudix_mcp_server	0237f9613d	Add pr.yaml workflow	2026-06-12 19:40:57 -04:00
jcabillot	f8880ba03e	Merge pull request 'chore(deps): update hadolint/hadolint-action action to v3.3.0' (#4 ) from renovate/hadolint-hadolint-action-3.x into master Docker Build and Push / build (push) Successful in 56s Details Docker Build and Push / lint (push) Failing after 13m43s Details Docker Build and Push / test (push) Has been skipped Details Docker Build and Push / push (push) Has been skipped Details Reviewed-on: #4	2026-06-08 16:41:25 -04:00
renovate	de448ff12a	chore(deps): update hadolint/hadolint-action action to v3.3.0 Docker Build and Push / lint (pull_request) Successful in 8s Details Docker Build and Push / build (pull_request) Successful in 39s Details Docker Build and Push / test (pull_request) Successful in 16s Details Docker Build and Push / push (pull_request) Has been skipped Details	2026-06-08 20:39:23 +00:00
jcabillot	a017d428a4	Merge pull request 'feat: add lint, build, test, push pipeline with SHA-pinned actions' (#3 ) from feat/gitea-actions-v2 into master Docker Build and Push / lint (push) Successful in 12s Details Docker Build and Push / build (push) Successful in 52s Details Docker Build and Push / test (push) Successful in 16s Details Docker Build and Push / push (push) Successful in 1m1s Details Reviewed-on: #3	2026-06-08 16:28:10 -04:00
Sagent	16c858542e	fix: create empty htpasswd so Caddy basic_auth can start Docker Build and Push / lint (pull_request) Successful in 7s Details Docker Build and Push / build (pull_request) Successful in 1m16s Details Docker Build and Push / test (pull_request) Successful in 18s Details Docker Build and Push / push (pull_request) Has been skipped Details	2026-06-08 19:53:13 +00:00
Sagent	9783b4ac90	feat: add lint, build, test, push pipeline with SHA-pinned actions Docker Build and Push / lint (pull_request) Successful in 13s Details Docker Build and Push / build (pull_request) Successful in 1m11s Details Docker Build and Push / test (pull_request) Failing after 1m7s Details Docker Build and Push / push (pull_request) Has been skipped Details - Split single build job into 4 jobs: lint, build, test, push - SHA-pin all actions for supply chain security - Use ChristopherHX artifact actions (Gitea-compatible) - Switch to root build context (Dockerfile does COPY ../public) - Add tests/test.sh with Docker bridge gateway networking	2026-06-08 19:41:53 +00:00
jcabillot	01e4887469	feat: add Gitea Actions workflow Docker Build and Push / build (push) Failing after 23s Details feat: add Gitea Actions workflow	2026-05-29 16:23:57 -04:00