diff --git a/.forgejo/workflows/publish-container.yml b/.forgejo/workflows/publish-container.yml index e11a46e..467bdb0 100644 --- a/.forgejo/workflows/publish-container.yml +++ b/.forgejo/workflows/publish-container.yml @@ -65,6 +65,27 @@ jobs: echo "${HOME}/.local/bin" >> "${GITHUB_PATH}" "${HOME}/.local/bin/docker" --version + - name: Ensure Docker Buildx exists + run: | + set -eu + if docker buildx version >/dev/null 2>&1; then + docker buildx version + exit 0 + fi + + ARCH="$(uname -m)" + case "${ARCH}" in + x86_64) BUILDX_ARCH="amd64" ;; + aarch64|arm64) BUILDX_ARCH="arm64" ;; + *) echo "Unsupported architecture for Docker Buildx bootstrap: ${ARCH}"; exit 1 ;; + esac + + BUILDX_VERSION="v0.21.1" + mkdir -p "${HOME}/.docker/cli-plugins" + curl -fsSL "https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.linux-${BUILDX_ARCH}" -o "${HOME}/.docker/cli-plugins/docker-buildx" + chmod +x "${HOME}/.docker/cli-plugins/docker-buildx" + docker buildx version + # Simplified: we trust DOCKER_HOST (default to tcp://172.17.0.1:2375). If you # need a different endpoint, set the Forgejo variable `DOCKER_HOST`. @@ -75,6 +96,13 @@ jobs: docker version docker info >/dev/null + - name: Create Buildx builder + run: | + set -eu + docker buildx rm forgejo-builder >/dev/null 2>&1 || true + docker buildx create --name forgejo-builder --driver docker-container --use + docker buildx inspect --bootstrap + - name: Restore and publish app run: dotnet publish src/MaddoScientisto.Web/MaddoScientisto.Web.csproj -c Release -o ./artifacts/publish @@ -82,17 +110,14 @@ jobs: run: | echo "${{ secrets.FORGEJO_REGISTRY_TOKEN }}" | docker login "${REGISTRY}" -u "${{ secrets.FORGEJO_REGISTRY_USERNAME }}" --password-stdin - - name: Build image + - name: Build and push image run: | set -eu IMAGE_REF="${REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}" SHORT_SHA="$(echo "${GITHUB_SHA}" | cut -c1-12)" - docker build -t "${IMAGE_REF}:sha-${SHORT_SHA}" -t "${IMAGE_REF}:latest" . - - - name: Push image tags - run: | - set -eu - IMAGE_REF="${REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}" - SHORT_SHA="$(echo "${GITHUB_SHA}" | cut -c1-12)" - docker push "${IMAGE_REF}:sha-${SHORT_SHA}" - docker push "${IMAGE_REF}:latest" + docker buildx build \ + --builder forgejo-builder \ + --tag "${IMAGE_REF}:sha-${SHORT_SHA}" \ + --tag "${IMAGE_REF}:latest" \ + --push \ + . diff --git a/README.md b/README.md index 32b860d..505f6ea 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,30 @@ docker run --rm -p 8080:80 maddoscientisto-web:local Open `http://localhost:8080`. +## Docker Compose deployment + +A ready-to-use `docker-compose.yml` is included to build and run the site container. By default it maps container port `80` to host port `8002`. + +Start the service (builds the image if needed) with: + +```bash +docker compose up --build -d +``` + +Verify the site at: + +```bash +curl http://localhost:8002/ +``` + +To stop and remove the service: + +```bash +docker compose down +``` + +You can customize the built image name and tag via environment variables read by Compose (`IMAGE_REGISTRY` and `IMAGE_TAG`), or edit `docker-compose.yml` to change the published host port. + ## Forgejo registry configuration Set these Forgejo Actions variables: @@ -50,7 +74,7 @@ Set these Forgejo Actions secrets: ## Workflow behavior -The workflow in `.forgejo/workflows/publish-container.yml` runs on pushes to `master` (and manual dispatch), builds the container image, and pushes: +The workflow in `.forgejo/workflows/publish-container.yml` runs on pushes to `master` (and manual dispatch), bootstraps Docker Buildx if needed, then builds and pushes the container image with BuildKit: - `${FORGEJO_REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}:latest` - `${FORGEJO_REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}:sha-<12-char-commit>` @@ -59,13 +83,6 @@ The workflow in `.forgejo/workflows/publish-container.yml` runs on pushes to `ma If the runner image does not contain the `docker` binary, the workflow bootstraps a Docker CLI in user space before login/build/push. -For dind-based runners, the workflow resolves `DOCKER_HOST` in this order: +If the runner image does not contain the Buildx plugin, the workflow also installs `docker-buildx` in the Docker CLI plugin directory before creating a builder. -- `vars.DOCKER_HOST` if explicitly set -- `/var/run/docker.sock` if mounted into the job -- `tcp://forgejo-docker-in-docker:2375` if that DNS name is visible inside the job container -- `tcp://:2375` as a fallback for nested Docker bridge setups - -If you still get connection failures after the CLI bootstrap step, set a repo variable named `DOCKER_HOST` to the daemon endpoint that is reachable from inside the job container. - -Important: the Compose service name `forgejo-docker-in-docker` is often only resolvable from the outer runner container, not from the inner job container created by the Docker daemon. In that case, use the gateway-based fallback or set `DOCKER_HOST` explicitly. +For your current dind-based runner, the workflow defaults `DOCKER_HOST` to `tcp://172.17.0.1:2375` unless you set `vars.DOCKER_HOST` explicitly. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..ee44f02 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,16 @@ +version: '3.8' + +services: + maddoscientisto-web: + build: + context: . + dockerfile: Dockerfile + image: ${IMAGE_REGISTRY:-maddoscientisto-web}:${IMAGE_TAG:-latest} + ports: + - "8002:80" + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/ >/dev/null 2>&1 || exit 1"] + interval: 30s + timeout: 5s + retries: 3