name: Build and Publish Docker Images run-name: Build & Publish by @${{ github.actor }} on: push: branches: [ "main" ] paths: - 'backend/**' - 'platform/**' - 'core/**' - 'frontend/**' - 'config/docker/**' - 'docker-compose.yaml' - '.gitea/workflows/docker-publish.yaml' env: # Interner Registry-Endpunkt: direkter HTTP-Zugriff, umgeht Pangolin-Tunnel komplett REGISTRY_INTERNAL: 10.0.0.22:3000 IMAGE_PREFIX: mocode-software/meldestelle JAVA_VERSION: "25" GRADLE_VERSION: "9.4.0" KEYCLOAK_IMAGE_TAG: "26.5.5" # Workers auf 4 limitiert: verhindert OOM auf dem 16GB Runner (VM 102) GRADLE_OPTS: "-Dorg.gradle.parallel=true -Dorg.gradle.workers.max=4" JVM_OPTS_ARM64: "-XX:ActiveProcessorCount=8 -XX:+UseZGC -XX:+UseTransparentHugePages" jobs: build-and-push: runs-on: ubuntu-latest strategy: fail-fast: false # max-parallel: 1 → sequenzielle Ausführung verhindert RAM-OOM auf Zora (16GB VM) max-parallel: 1 matrix: include: # Plan-B fokussiert: Nur Mail-Service + Web-App bauen/pushen (beschleunigt CI deutlich) - service: mail-service context: . dockerfile: backend/services/mail/Dockerfile image: mail-service - service: web-app context: . dockerfile: config/docker/caddy/web-app/Dockerfile image: web-app steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up JDK ${{ env.JAVA_VERSION }} uses: actions/setup-java@v4 with: java-version: ${{ env.JAVA_VERSION }} distribution: "temurin" cache: gradle # --- SCHRITT 1: Build mit radikalem Clean (gegen die März-Leichen) --- - name: Build Frontend (Wasm JS) if: matrix.service == 'web-app' run: | chmod +x gradlew # Löscht alte Build-Stände komplett ./gradlew :frontend:shells:meldestelle-web:clean ./gradlew :frontend:shells:meldestelle-web:wasmJsBrowserDistribution \ -Pproduction=true \ --max-workers=4 \ -Dkotlin.daemon.jvm.options="-Xmx4g" # --- SCHRITT 2: Staging ohne rsync (Fix für dein Log-Fehler) --- - name: Stage Web Assets for Docker build if: matrix.service == 'web-app' run: | set -e DIST_DIR="frontend/shells/meldestelle-web/build/dist/wasmJs/productionExecutable" TARGET_DIR="config/docker/caddy/web-app/_site" if [ ! -d "$DIST_DIR" ]; then echo "❌ Fehler: Build-Verzeichnis nicht gefunden!" exit 1 fi # Ersetzt rsync durch sicheres Löschen & Kopieren rm -rf "$TARGET_DIR" mkdir -p "$TARGET_DIR" cp -r "$DIST_DIR"/. "$TARGET_DIR/" # Kopiere Turnier-Ausschreibungen (PDFs) für Plan-B cp docs/Neumarkt2026/*.pdf "$TARGET_DIR/" || true echo "✓ Assets für Docker vorbereitet (Stand: $(date))" # --- SCHRITT 3: Login & BuildX --- # NEU (sauber, nach daemon.json-Fix): - name: Login to Gitea Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY_INTERNAL }} username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_TOKEN }} # BuildKit-Instanz mit HTTP-Unterstützung für die interne Registry konfigurieren. # KEIN sudo, KEIN systemctl, KEIN Neustart — rein konfigurativ. - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: config-inline: | [registry."10.0.0.22:3000"] http = true insecure = true - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY_INTERNAL }}/${{ env.IMAGE_PREFIX }}/${{ matrix.image }} tags: | type=raw,value=latest type=sha,format=long - name: Build and push Docker image uses: docker/build-push-action@v6 with: context: ${{ matrix.context }} file: ${{ matrix.dockerfile }} push: true platforms: linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} provenance: false sbom: false build-args: | BUILD_DATE=${{ github.event.head_commit.timestamp || 'unknown' }} VERSION=${{ github.sha }}