gitdataai/.gitea/workflows/build.yaml

name: Build and Publish

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

env:
  REGISTRY: harbor.gitdata.me/gta_team
  CARGO_TERM_COLOR: always

jobs:
  # ---- Lint & Test ----
  ci:
    runs-on: gitea
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Rust
        uses: dtolnay/rust-action@stable
        with:
          toolchain: 1.94

      - name: Cache Cargo
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target            
          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

      - name: Check formatting
        run: cargo fmt --check

      - name: Clippy
        run: cargo clippy --workspace --all-targets -- -D warnings

      - name: Test
        run: cargo test --workspace -- --test-threads=4

  # ---- Docker Build (x86_64) ----
  docker:
    needs: ci
    if: github.event_name == 'push'
    runs-on: gitea
    strategy:
      matrix:
        service:
          - app
          - gitserver
          - email-worker
          - git-hook
          - migrate
          - operator
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Harbor
        uses: docker/login-action@v3
        with:
          registry: harbor.gitdata.me
          username: ${{ secrets.HARBOR_USERNAME }}
          password: ${{ secrets.HARBOR_PASSWORD }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ matrix.service }}
          tags: |
            type=sha,prefix=,format={{sha}}
            type=raw,value=latest            

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          file: docker/${{ matrix.service }}.Dockerfile
          platforms: linux/amd64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: |
            BUILD_TARGET=x86_64-unknown-linux-gnu            

  # ---- ARM64 Build ----
  docker-arm64:
    needs: ci
    if: github.event_name == 'push'
    runs-on: gitea-arm64
    strategy:
      matrix:
        service:
          - app
          - gitserver
          - email-worker
          - git-hook
          - migrate
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Harbor
        uses: docker/login-action@v3
        with:
          registry: harbor.gitdata.me
          username: ${{ secrets.HARBOR_USERNAME }}
          password: ${{ secrets.HARBOR_PASSWORD }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          file: docker/${{ matrix.service }}.Dockerfile
          platforms: linux/arm64
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ matrix.service }}:latest-arm64
            ${{ env.REGISTRY }}/${{ matrix.service }}:sha-${{ github.sha }}            
          build-args: |
            BUILD_TARGET=aarch64-unknown-linux-gnu            

  # ---- Publish Manifest (multi-arch) ----
  manifest:
    needs: [docker, docker-arm64]
    if: github.event_name == 'push'
    runs-on: gitea
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Login to Harbor
        uses: docker/login-action@v3
        with:
          registry: harbor.gitdata.me
          username: ${{ secrets.HARBOR_USERNAME }}
          password: ${{ secrets.HARBOR_PASSWORD }}

      - name: Create and push manifest
        run: |
          for service in app gitserver email-worker git-hook migrate; do
            docker manifest create ${{ env.REGISTRY }}/$service:latest \
              ${{ env.REGISTRY }}/$service:latest \
              ${{ env.REGISTRY }}/$service:latest-arm64
            docker manifest push ${{ env.REGISTRY }}/$service:latest
          done