ci: add gitea image publishing workflows

.gitea/workflows/build-push.yaml

@@ -0,0 +1,130 @@
+name: Release Docker Image Build
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'VERSION'
+  workflow_dispatch:
+
+jobs:
+  verify-and-package:
+    if: github.repository != 'templates/mono-app-with-db'
+    runs-on: java-node-24
+    env:
+      GRADLE_USER_HOME: /opt/hostedtoolcache/gradle/${{ github.repository }}
+
+    steps:
+      - name: 1. Checkout repository
+        uses: actions/checkout@v4
+
+      - name: 2. Prepare Gradle cache and Docker access
+        run: |
+          sudo install -d -m 0755 -o "$(id -u)" -g "$(id -g)" "$GRADLE_USER_HOME"
+          sudo chgrp "$(id -g)" /var/run/docker.sock
+          sudo chmod g+rw /var/run/docker.sock
+
+      - name: 3. Verify and stage with Gradle
+        run: |
+          ./gradlew --no-daemon --console=plain check stageFatJar
+
+      - name: 4. Upload test reports
+        if: always()
+        id: upload-test-reports
+        uses: christopherhx/gitea-upload-artifact@v4
+        with:
+          name: test-reports
+          path: |
+            build/reports/tests/test/**
+            build/test-results/test/**/*.xml
+          if-no-files-found: warn
+          retention-days: 7
+
+      - name: 5. Output test report artifact URL
+        if: always()
+        run: |
+          echo "Test reports: ${{ steps.upload-test-reports.outputs.artifact-url }}"
+
+      - name: 6. Upload staged fat jar
+        uses: christopherhx/gitea-upload-artifact@v4
+        with:
+          name: application-fat-jar
+          path: build/ci/server.jar
+          retention-days: 1
+          compression-level: 0
+
+  build-and-publish:
+    if: github.repository != 'templates/mono-app-with-db'
+    runs-on: java-node-24
+    needs: verify-and-package
+    env:
+      REGISTRY: git.dslan.at
+      REPOSITORY: ${{ github.repository }}
+
+    steps:
+      - name: 1. Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 2. Download staged fat jar
+        uses: christopherhx/gitea-download-artifact@v4
+        with:
+          name: application-fat-jar
+          path: ./build/ci
+
+      - name: 3. Prepare Docker access
+        run: |
+          sudo chgrp "$(id -g)" /var/run/docker.sock
+          sudo chmod g+rw /var/run/docker.sock
+
+      - name: 4. Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.11.0
+        with:
+          driver: docker-container
+          driver-opts: network=host
+
+      - name: 5. Read version and set image tags
+        id: meta
+        run: |
+          VERSION_TAG=$(cat VERSION)
+          echo "tag_version=$VERSION_TAG" >> $GITHUB_OUTPUT
+
+      - name: 6. Log in to the Gitea Container Registry
+        uses: docker/login-action@v3.6.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.PR_USER }}
+          password: ${{ secrets.PR_PASSWORD }}
+
+      - name: 7. Build and push the Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./build/ci
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ steps.meta.outputs.tag_version }}
+            ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPOSITORY }}:buildcache-release
+          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPOSITORY }}:buildcache-release,mode=max
+
+      - name: 8. Create and push Git tag
+        run: |
+          git config user.name "${{ secrets.PR_USER }}"
+          git config user.email "gitea-actions@${{ env.REGISTRY }}"
+          TAG_NAME="${{ steps.meta.outputs.tag_version }}"
+          git fetch --tags
+          if git rev-parse "$TAG_NAME" >/dev/null 2>&1; then
+            echo "Tag $TAG_NAME already exists, skipping."
+            exit 0
+          fi
+          git tag $TAG_NAME
+          git push https://${{ secrets.PR_USER }}:${{ secrets.PR_PASSWORD }}@${{ env.REGISTRY }}/${{ env.REPOSITORY }}.git $TAG_NAME
+
+      - name: 9. Output image names
+        run: |
+          echo "Successfully pushed:"
+          echo "${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ steps.meta.outputs.tag_version }}"
+          echo "${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest"

.gitea/workflows/build-snapshot.yaml

@@ -0,0 +1,111 @@
+name: Snapshot Docker Image Build
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  verify-and-package:
+    if: github.repository != 'templates/mono-app-with-db'
+    runs-on: java-node-24
+    env:
+      GRADLE_USER_HOME: /opt/hostedtoolcache/gradle/${{ github.repository }}
+
+    steps:
+      - name: 1. Checkout repository
+        uses: actions/checkout@v4
+
+      - name: 2. Prepare Gradle cache and Docker access
+        run: |
+          sudo install -d -m 0755 -o "$(id -u)" -g "$(id -g)" "$GRADLE_USER_HOME"
+          sudo chgrp "$(id -g)" /var/run/docker.sock
+          sudo chmod g+rw /var/run/docker.sock
+
+      - name: 3. Verify and stage with Gradle
+        run: |
+          ./gradlew --no-daemon --console=plain check stageFatJar
+
+      - name: 4. Upload test reports
+        if: always()
+        id: upload-test-reports
+        uses: christopherhx/gitea-upload-artifact@v4
+        with:
+          name: test-reports
+          path: |
+            build/reports/tests/test/**
+            build/test-results/test/**/*.xml
+          if-no-files-found: warn
+          retention-days: 7
+
+      - name: 5. Output test report artifact URL
+        if: always()
+        run: |
+          echo "Test reports: ${{ steps.upload-test-reports.outputs.artifact-url }}"
+
+      - name: 6. Upload staged fat jar
+        uses: christopherhx/gitea-upload-artifact@v4
+        with:
+          name: application-fat-jar
+          path: build/ci/server.jar
+          retention-days: 1
+          compression-level: 0
+
+  build-and-publish-snapshot:
+    if: github.repository != 'templates/mono-app-with-db'
+    runs-on: java-node-24
+    needs: verify-and-package
+    env:
+      REGISTRY: git.dslan.at
+      REPOSITORY: ${{ github.repository }}
+
+    steps:
+      - name: 1. Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 2. Download staged fat jar
+        uses: christopherhx/gitea-download-artifact@v4
+        with:
+          name: application-fat-jar
+          path: ./build/ci
+
+      - name: 3. Prepare Docker access
+        run: |
+          sudo chgrp "$(id -g)" /var/run/docker.sock
+          sudo chmod g+rw /var/run/docker.sock
+
+      - name: 4. Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.11.0
+        with:
+          driver: docker-container
+          driver-opts: network=host
+
+      - name: 5. Read version and set snapshot tag
+        id: meta
+        run: |
+          VERSION_BASE=$(cat VERSION)
+          LAST_CHANGED=$(git log -1 --format=%H VERSION)
+          COUNT=$(git rev-list ${LAST_CHANGED}..HEAD --count)
+          SNAPSHOT_TAG="${VERSION_BASE}-SNAPSHOT-$((COUNT + 1))"
+          echo "tag_version=$SNAPSHOT_TAG" >> $GITHUB_OUTPUT
+
+      - name: 6. Log in to the Gitea Container Registry
+        uses: docker/login-action@v3.6.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.PR_USER }}
+          password: ${{ secrets.PR_PASSWORD }}
+
+      - name: 7. Build and push the Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./build/ci
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ steps.meta.outputs.tag_version }}
+            ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:snapshot-latest
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPOSITORY }}:buildcache-snapshot
+          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPOSITORY }}:buildcache-snapshot,mode=max

Dockerfile

@@ -1,8 +1,12 @@
-FROM eclipse-temurin:21-jre
+FROM eclipse-temurin:24-jre-noble
 WORKDIR /app
 
-COPY build/libs/*.jar app.jar
+RUN useradd -m -s /bin/bash codenames
+
+COPY --chown=codenames:codenames server.jar /app/server.jar
+
+USER codenames
 
 EXPOSE 8080
 
-ENTRYPOINT ["java", "-jar", "/app/app.jar"]
+ENTRYPOINT ["java", "-jar", "/app/server.jar"]

VERSION

@@ -0,0 +1 @@
+0.1.0

build.gradle.kts

@@ -14,7 +14,7 @@ plugins {
 apply(plugin = "org.springframework.boot")
 
 group = "at.dslan"
-version = "0.1.0"
+version = file("VERSION").readText().trim()
 
 java {
     toolchain {
@@ -40,3 +40,14 @@ dependencies {
 tasks.withType<Test> {
     useJUnitPlatform()
 }
+
+tasks.register<Copy>("stageFatJar") {
+    group = "build"
+    description = "Copies the boot jar to a stable location for CI image assembly."
+    dependsOn("bootJar")
+    from(layout.buildDirectory.dir("libs")) {
+        include("*.jar")
+    }
+    into(layout.buildDirectory.dir("ci"))
+    rename { "server.jar" }
+}

deploy/k8s/deployment.yaml

@@ -18,7 +18,7 @@ spec:
         - name: codenames-registry
       containers:
         - name: codenames
-          image: git.dslan.at/zeugs/codenames:master
+          image: git.dslan.at/zeugs/codenames:snapshot-latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8080