feat: add reusable CI/CD pipeline templates

Reusable Gitea Actions workflows for lint, test, build, and deploy: - lint-python, lint-node, lint-rust - test-python, test-node, test-rust - build-push (Docker build + push to Gitea registry) - deploy-k8s (GitOps image tag update in cluster repo) Plus example caller workflows for python-fullstack, rust-service, and node-frontend stacks. Branch refs aligned to staging per CON-570 standards.
2026-03-31 19:55:17 +03:00
parent 491bb8dbfd
commit a620868998
15 changed files with 783 additions and 2 deletions
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -0,0 +1,93 @@
+# Reusable workflow: Build Docker image and push to Gitea registry
+# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/build-push.yaml@main
+name: Build & Push Docker Image
+
+on:
+  workflow_call:
+    inputs:
+      image-name:
+        description: "Full image name (e.g. git.wectrl.net/wectrl-net/my-service)"
+        required: true
+        type: string
+      context:
+        description: "Docker build context path"
+        required: false
+        type: string
+        default: "."
+      dockerfile:
+        description: "Path to Dockerfile (relative to context)"
+        required: false
+        type: string
+        default: "Dockerfile"
+      platforms:
+        description: "Target platforms (e.g. linux/arm64, linux/amd64)"
+        required: false
+        type: string
+        default: "linux/arm64"
+      build-args:
+        description: "Docker build args (newline-separated KEY=VALUE)"
+        required: false
+        type: string
+        default: ""
+    secrets:
+      REGISTRY_USER:
+        required: true
+      REGISTRY_TOKEN:
+        required: true
+    outputs:
+      image-tag:
+        description: "The sha-based image tag that was pushed"
+        value: ${{ jobs.build.outputs.image-tag }}
+
+jobs:
+  build:
+    name: Build & Push
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
+      options: --privileged
+    outputs:
+      image-tag: ${{ steps.tag.outputs.tag }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Compute image tag
+        id: tag
+        run: |
+          SHORT_SHA="${{ gitea.sha }}"
+          SHORT_SHA="${SHORT_SHA:0:7}"
+          echo "tag=sha-${SHORT_SHA}" >> "$GITEA_OUTPUT"
+
+      - name: Log in to Gitea registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.wectrl.net
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ inputs.image-name }}
+          tags: |
+            type=sha,prefix=sha-
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ inputs.context }}
+          file: ${{ inputs.context }}/${{ inputs.dockerfile }}
+          platforms: ${{ inputs.platforms }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: ${{ inputs.build-args }}
+          cache-from: type=registry,ref=${{ inputs.image-name }}:buildcache
+          cache-to: type=registry,ref=${{ inputs.image-name }}:buildcache,mode=max