From 3910ee5e94333872ae160af55a99f5c29377a919 Mon Sep 17 00:00:00 2001
From: Johannes Kresner <johannes@jokresner.de>
Date: Mon, 18 Aug 2025 12:09:23 +0200
Subject: [PATCH] ci: add builder docker image

---
 .gitea/workflows/builder.yml  | 73 +++++++++++++++++++++++++++++++++++
 deployment/builder/Dockerfile |  3 ++
 2 files changed, 76 insertions(+)
 create mode 100644 .gitea/workflows/builder.yml
 create mode 100644 deployment/builder/Dockerfile

diff --git a/.gitea/workflows/builder.yml b/.gitea/workflows/builder.yml
new file mode 100644
index 0000000..16a0c13
--- /dev/null
+++ b/.gitea/workflows/builder.yml
@@ -0,0 +1,73 @@
+name: Build and push Builder image
+
+on:
+  push:
+    branches: [ "main" ]
+    paths:
+      - "deployment/builder/Dockerfile"
+  workflow_dispatch: {}
+
+jobs:
+  build-and-push-builder:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+
+      - name: Compute image metadata
+        id: meta
+        env:
+          REGISTRY: ${{ secrets.REGISTRY }}
+          REGISTRY_IMAGE: ${{ secrets.REGISTRY_IMAGE_BUILDER }}
+        run: |
+          REPO_LC="${GITHUB_REPOSITORY,,}"
+          REG="${REGISTRY:-docker.io}"
+          IMAGE="${REGISTRY_IMAGE:-${REG}/${REPO_LC}-builder}"
+          echo "registry=${REG}" >> "$GITHUB_OUTPUT"
+          echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
+          if [ "$GITHUB_REF_TYPE" = "tag" ]; then
+            TAGS="${IMAGE}:${GITHUB_REF_NAME}"
+          else
+            SHA=$(git rev-parse --short HEAD)
+            TAGS="${IMAGE}:${SHA},${IMAGE}:latest"
+          fi
+          echo "tags=${TAGS}" >> "$GITHUB_OUTPUT"
+
+      - name: Log in to container registry (if credentials provided)
+        env:
+          REGISTRY: ${{ steps.meta.outputs.registry }}
+          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+        run: |
+          if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
+            echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USERNAME" --password-stdin
+          else
+            echo "No registry credentials provided; skipping login."
+          fi
+
+      - name: Build Docker image
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+        run: |
+          IFS=',' read -ra TAGS_ARR <<< "$TAGS"
+          FIRST_TAG="${TAGS_ARR[0]}"
+          docker build -f deployment/builder/Dockerfile -t "$FIRST_TAG" deployment/builder
+          for TAG in "${TAGS_ARR[@]:1}"; do
+            docker tag "$FIRST_TAG" "$TAG"
+          done
+
+      - name: Push Docker image (if logged in)
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+        run: |
+          if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
+            IFS=',' read -ra TAGS_ARR <<< "$TAGS"
+            for TAG in "${TAGS_ARR[@]}"; do
+              docker push "$TAG"
+            done
+          else
+            echo "No registry credentials provided; skipping push."
+          fi
+
diff --git a/deployment/builder/Dockerfile b/deployment/builder/Dockerfile
new file mode 100644
index 0000000..fa629a6
--- /dev/null
+++ b/deployment/builder/Dockerfile
@@ -0,0 +1,3 @@
+FROM golang:alpine
+
+RUN go install github.com/gohugoio/hugo@latest
\ No newline at end of file