Files
minstrel/.forgejo/workflows/release.yml
T
bvandeusen aa7599f91d ci(release): use REGISTRY_TOKEN secret for Forgejo registry push
The default GITHUB_TOKEN provided by Forgejo Actions lacks write:package
scope, so docker buildx push failed with 401 reqPackageAccess. Swap in
the repo-level REGISTRY_TOKEN secret (a PAT scoped write:package) for
docker login; github.actor still supplies the username.

Also drops the transient Docker environment diagnostics step — the
registry was the issue, the socket/buildx setup is fine.
2026-04-18 23:29:15 +00:00

61 lines
1.7 KiB
YAML

name: release
# Builds and pushes the minstrel container image to the Forgejo registry.
#
# push to main → :main
# push tag vX.Y.Z → :vX.Y.Z and :latest
# workflow_dispatch → manual trigger (same rules based on the ref)
on:
push:
branches: [main]
tags: ['v*']
workflow_dispatch:
jobs:
release:
runs-on: go-ci
env:
IMAGE: git.fabledsword.com/bvandeusen/minstrel
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Detect buildable project
id: guard
shell: bash
run: |
if [ -f Dockerfile ] && [ -f go.mod ]; then
echo "ready=true" >> "$GITHUB_OUTPUT"
else
echo "ready=false" >> "$GITHUB_OUTPUT"
echo "::notice::No Dockerfile + go.mod yet — release build skipped"
fi
- name: Compute image tags
id: tags
if: steps.guard.outputs.ready == 'true'
shell: bash
run: |
if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
VERSION="${GITHUB_REF#refs/tags/}"
echo "args=-t ${IMAGE}:${VERSION} -t ${IMAGE}:latest" >> "$GITHUB_OUTPUT"
echo "::notice::Release build: ${VERSION} + latest"
else
echo "args=-t ${IMAGE}:main" >> "$GITHUB_OUTPUT"
echo "::notice::Main-branch build: :main"
fi
- name: Registry login
if: steps.guard.outputs.ready == 'true'
shell: bash
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" \
| docker login git.fabledsword.com -u "${{ github.actor }}" --password-stdin
- name: Build and push
if: steps.guard.outputs.ready == 'true'
run: docker buildx build --push ${{ steps.tags.outputs.args }} .