name: dev push: branches: - '*' jobs: build-and-push: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 submodules: recursive - name: Set up SSH agent uses: webfactory/ssh-agent@v0.9.1 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Trust Gitea host and force SSH for git.4nkweb.com run: | ssh-keyscan -H git.4nkweb.com >> ~/.ssh/known_hosts git config --global url.ssh://git@git.4nkweb.com/.insteadOf https://git.4nkweb.com/ - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 with: buildkitd-flags: --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host - name: Login to Gitea Registry uses: docker/login-action@v3 with: registry: git.4nkweb.com username: ${{ secrets.USER }} password: ${{ secrets.TOKEN }} - name: Init submodules (ensure up-to-date) run: | echo "Sanitize submodule config" ALLOWED_PATHS=$(git config -f .gitmodules --get-regexp '^submodule\..*\.path$' | awk '{print $3}' || true) for NAME in $(git config --local --name-only --get-regexp '^submodule\..*\.path$' | sed 's/\.path$//' || true); do P=$(git config --local --get "$NAME.path" || true) if ! printf "%s\n" "$ALLOWED_PATHS" | grep -qx "$P"; then echo "[ci] deinit orphan submodule: $P ($NAME)" git submodule deinit -f -- "$P" || true git config --local --remove-section "$NAME" || true rm -rf ".git/modules/$P" || true fi done git submodule sync --recursive git submodule update --init --recursive - name: Build and push images env: REGISTRY: git.4nkweb.com run: | DOCKER_TAG=$(git rev-parse --abbrev-ref HEAD) bash scripts/build_and_push.sh "$DOCKER_TAG"