Enhance Docker workflow: add Buildx setup and update README with Docker Compose instructions

.forgejo/workflows/publish-container.yml

@@ -65,6 +65,27 @@ jobs:
           echo "${HOME}/.local/bin" >> "${GITHUB_PATH}"
           "${HOME}/.local/bin/docker" --version
 
+      - name: Ensure Docker Buildx exists
+        run: |
+          set -eu
+          if docker buildx version >/dev/null 2>&1; then
+            docker buildx version
+            exit 0
+          fi
+
+          ARCH="$(uname -m)"
+          case "${ARCH}" in
+            x86_64) BUILDX_ARCH="amd64" ;;
+            aarch64|arm64) BUILDX_ARCH="arm64" ;;
+            *) echo "Unsupported architecture for Docker Buildx bootstrap: ${ARCH}"; exit 1 ;;
+          esac
+
+          BUILDX_VERSION="v0.21.1"
+          mkdir -p "${HOME}/.docker/cli-plugins"
+          curl -fsSL "https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.linux-${BUILDX_ARCH}" -o "${HOME}/.docker/cli-plugins/docker-buildx"
+          chmod +x "${HOME}/.docker/cli-plugins/docker-buildx"
+          docker buildx version
+
       # Simplified: we trust DOCKER_HOST (default to tcp://172.17.0.1:2375). If you
       # need a different endpoint, set the Forgejo variable `DOCKER_HOST`.
 
@@ -75,6 +96,13 @@ jobs:
           docker version
           docker info >/dev/null
 
+      - name: Create Buildx builder
+        run: |
+          set -eu
+          docker buildx rm forgejo-builder >/dev/null 2>&1 || true
+          docker buildx create --name forgejo-builder --driver docker-container --use
+          docker buildx inspect --bootstrap
+
       - name: Restore and publish app
         run: dotnet publish src/MaddoScientisto.Web/MaddoScientisto.Web.csproj -c Release -o ./artifacts/publish
 
@@ -82,17 +110,14 @@ jobs:
         run: |
           echo "${{ secrets.FORGEJO_REGISTRY_TOKEN }}" | docker login "${REGISTRY}" -u "${{ secrets.FORGEJO_REGISTRY_USERNAME }}" --password-stdin
 
-      - name: Build image
+      - name: Build and push image
         run: |
           set -eu
           IMAGE_REF="${REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}"
           SHORT_SHA="$(echo "${GITHUB_SHA}" | cut -c1-12)"
-          docker build -t "${IMAGE_REF}:sha-${SHORT_SHA}" -t "${IMAGE_REF}:latest" .
-
-      - name: Push image tags
-        run: |
-          set -eu
-          IMAGE_REF="${REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}"
-          SHORT_SHA="$(echo "${GITHUB_SHA}" | cut -c1-12)"
-          docker push "${IMAGE_REF}:sha-${SHORT_SHA}"
-          docker push "${IMAGE_REF}:latest"
+          docker buildx build \
+            --builder forgejo-builder \
+            --tag "${IMAGE_REF}:sha-${SHORT_SHA}" \
+            --tag "${IMAGE_REF}:latest" \
+            --push \
+            .

README.md

@@ -34,6 +34,30 @@ docker run --rm -p 8080:80 maddoscientisto-web:local
 
 Open `http://localhost:8080`.
 
+## Docker Compose deployment
+
+A ready-to-use `docker-compose.yml` is included to build and run the site container. By default it maps container port `80` to host port `8002`.
+
+Start the service (builds the image if needed) with:
+
+```bash
+docker compose up --build -d
+```
+
+Verify the site at:
+
+```bash
+curl http://localhost:8002/
+```
+
+To stop and remove the service:
+
+```bash
+docker compose down
+```
+
+You can customize the built image name and tag via environment variables read by Compose (`IMAGE_REGISTRY` and `IMAGE_TAG`), or edit `docker-compose.yml` to change the published host port.
+
 ## Forgejo registry configuration
 
 Set these Forgejo Actions variables:
@@ -50,7 +74,7 @@ Set these Forgejo Actions secrets:
 
 ## Workflow behavior
 
-The workflow in `.forgejo/workflows/publish-container.yml` runs on pushes to `master` (and manual dispatch), builds the container image, and pushes:
+The workflow in `.forgejo/workflows/publish-container.yml` runs on pushes to `master` (and manual dispatch), bootstraps Docker Buildx if needed, then builds and pushes the container image with BuildKit:
 
 - `${FORGEJO_REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}:latest`
 - `${FORGEJO_REGISTRY}/${IMAGE_NAMESPACE}/${IMAGE_NAME}:sha-<12-char-commit>`
@@ -59,13 +83,6 @@ The workflow in `.forgejo/workflows/publish-container.yml` runs on pushes to `ma
 
 If the runner image does not contain the `docker` binary, the workflow bootstraps a Docker CLI in user space before login/build/push.
 
-For dind-based runners, the workflow resolves `DOCKER_HOST` in this order:
+If the runner image does not contain the Buildx plugin, the workflow also installs `docker-buildx` in the Docker CLI plugin directory before creating a builder.
 
-- `vars.DOCKER_HOST` if explicitly set
-- `/var/run/docker.sock` if mounted into the job
-- `tcp://forgejo-docker-in-docker:2375` if that DNS name is visible inside the job container
-- `tcp://<job-container-default-gateway>:2375` as a fallback for nested Docker bridge setups
-
-If you still get connection failures after the CLI bootstrap step, set a repo variable named `DOCKER_HOST` to the daemon endpoint that is reachable from inside the job container.
-
-Important: the Compose service name `forgejo-docker-in-docker` is often only resolvable from the outer runner container, not from the inner job container created by the Docker daemon. In that case, use the gateway-based fallback or set `DOCKER_HOST` explicitly.
+For your current dind-based runner, the workflow defaults `DOCKER_HOST` to `tcp://172.17.0.1:2375` unless you set `vars.DOCKER_HOST` explicitly.

docker-compose.yml

@@ -0,0 +1,16 @@
+version: '3.8'
+
+services:
+  maddoscientisto-web:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: ${IMAGE_REGISTRY:-maddoscientisto-web}:${IMAGE_TAG:-latest}
+    ports:
+      - "8002:80"
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/ >/dev/null 2>&1 || exit 1"]
+      interval: 30s
+      timeout: 5s
+      retries: 3