on: push: paths: - 'containers/**' - '.forgejo/workflows/build-image.yaml' schedule: - cron: '0 5 * * *' jobs: build-kde: name: 'Build onc-kde:main' runs-on: oci-builder steps: - uses: actions/checkout@v4 - run: cd ${{ env.GITHUB_WORKSPACE }}/containers - name: 'Log in to registry' run: > buildah login -u ${{ vars.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} ${{ vars.REGISTRY_DOMAIN }} - name: 'Build image - onc-kde:main' run: > buildah bud -f Dockerfile.kde -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main --userns=container --security-opt=no-new-privileges --annotation=quay.expires-after= --build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} --build-arg NAMESPACE=${{ vars.NAMESPACE }} containers - name: 'Push image - onc-kde:main' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main - name: 'Make expiring image - onc-kde:main' run: > buildah bud -f <(echo FROM scratch) --from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main.expiring --label quay.expires-after=4w --annotation quay.expires-after=4w - name: 'Push dated (expiring) image - onc-kde:main' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main.expiring ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main) build-kde-ver4a: name: 'Build onc-kde:main-ver4a' runs-on: oci-builder needs: 'build-kde' steps: - uses: actions/checkout@v4 - run: cd ${{ env.GITHUB_WORKSPACE }}/containers - name: 'Log in to registry' run: > buildah login -u ${{ vars.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} ${{ vars.REGISTRY_DOMAIN }} - name: 'Build image - onc-kde:main-ver4a' run: > buildah bud -f Dockerfile.kde-ver4a -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a --userns=container --security-opt=no-new-privileges --annotation=quay.expires-after= --build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} --build-arg NAMESPACE=${{ vars.NAMESPACE }} containers - name: 'Push image - onc-kde:main-ver4a' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a - name: 'Make expiring image - onc-kde:main-ver4a' run: > buildah bud -f <(echo FROM scratch) --from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a.expiring --label quay.expires-after=4w --annotation quay.expires-after=4w - name: 'Push dated (expiring) image - onc-kde:main-ver4a' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a.expiring ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a)-ver4a build-kde-nvidia: name: 'Build onc-kde:main-nvidia' runs-on: oci-builder needs: 'build-kde' steps: - uses: actions/checkout@v4 - run: cd ${{ env.GITHUB_WORKSPACE }}/containers - name: 'Log in to registry' run: > buildah login -u ${{ vars.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} ${{ vars.REGISTRY_DOMAIN }} - name: 'Build image - onc-kde:main-nvidia' run: > buildah bud -f Dockerfile.kde-nvidia -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia --userns=container --security-opt=no-new-privileges --annotation=quay.expires-after= --build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} --build-arg NAMESPACE=${{ vars.NAMESPACE }} containers - name: 'Push image - onc-kde:main-nvidia' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia - name: 'Make expiring image - onc-kde:main-nvidia' run: > buildah bud -f <(echo FROM scratch) --from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia.expiring --label quay.expires-after=4w --annotation quay.expires-after=4w - name: 'Push dated (expiring) image - onc-kde:main-nvidia' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia.expiring ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia)-nvidia build-kde-nvidia-ver4a: name: 'Build onc-kde:main-nvidia-ver4a' runs-on: oci-builder needs: 'build-kde-nvidia' steps: - uses: actions/checkout@v4 - run: cd ${{ env.GITHUB_WORKSPACE }}/containers - name: 'Log in to registry' run: > buildah login -u ${{ vars.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} ${{ vars.REGISTRY_DOMAIN }} - name: 'Build image - onc-kde:main-nvidia-ver4a' run: > buildah bud -f Dockerfile.kde-nvidia-ver4a -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a --userns=container --security-opt=no-new-privileges --annotation=quay.expires-after= --build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} --build-arg NAMESPACE=${{ vars.NAMESPACE }} containers - name: 'Push image - onc-kde:main-nvidia-ver4a' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a - name: 'Make expiring image - onc-kde:main-nvidia-ver4a' run: > buildah bud -f <(echo FROM scratch) --from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a.expiring --label quay.expires-after=4w --annotation quay.expires-after=4w - name: 'Push dated (expiring) image - onc-kde:main-nvidia-ver4a' run: > buildah push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a.expiring ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a)-nvidia-ver4a