Merge pull request 'chore(ci): rework build pipeline'

Reviewed-on: #32

.github/workflows/container-scan.yml

@@ -9,22 +9,11 @@ jobs:
     name: Container Scan
     runs-on: docker
     container:
-      image: node:22-bullseye@sha256:ed0338dd02fd86861a59dc1cbc2e12152f3a93c4ce5933d347d6677232000dc7
+      image: ghcr.io/di0ik/forgejo_runner_container:main
     steps:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
-      - name: Install Docker
-        run: |
-          apt-get update
-          apt-get install -y ca-certificates curl
-          install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-          chmod a+r /etc/apt/keyrings/docker.asc
-          echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt-get update
-          apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-
       - name: Build an image from Dockerfile
         run: docker build -t git.dominikstahl.dev/dhbw-we/meetup:${{ github.sha }} .
 
@@ -41,3 +30,9 @@ jobs:
         uses: forgejo/upload-artifact@v4
         with:
           path: trivy-report.json
+
+      - name: Clean up Docker
+        run: |
+          docker builder prune -af --keep-storage 2GB
+          docker rmi $(docker images --filter=reference="git.dominikstahl.dev/dhbw-we/meetup:*" -q)
+          docker image prune -f

.github/workflows/docker-build.yml

@@ -12,18 +12,9 @@ on:
 jobs:
   docker:
     runs-on: docker
+    container:
+      image: ghcr.io/di0ik/forgejo_runner_container:main
     steps:
-      - name: Install Docker
-        run: |
-          apt-get update
-          apt-get install -y ca-certificates curl
-          install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-          chmod a+r /etc/apt/keyrings/docker.asc
-          echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt-get update
-          apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-
       - name: Login to Docker Hub
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
         with:
@@ -46,14 +37,14 @@ jobs:
 
       - name: lowercase repo name
         run: |
-          echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
+          echo "REPO=$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV}
 
       - name: Build and push (pull_request)
         uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
         if: github.event_name == 'pull_request'
         with:
           push: true
-          tags: git.dominikstahl.dev/${{ env.REPO }}:sha_${{ github.sha }},git.dominikstahl.dev/${{ env.REPO }}:${{ steps.get-ref.outputs.tag}}
+          tags: git.dominikstahl.dev/${{ env.REPO }}:${{ steps.get-ref.outputs.tag}}
 
       - name: Build and push (push_tag)
         uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
@@ -67,4 +58,9 @@ jobs:
         if: github.event_name == 'push' && github.ref_type == 'branch'
         with:
           push: true
-          tags: git.dominikstahl.dev/${{ env.REPO }}:sha_${{ github.sha }},git.dominikstahl.dev/${{ env.REPO }}:main
+          tags: git.dominikstahl.dev/${{ env.REPO }}:${{ steps.get-ref.outputs.tag }}
+
+      - name: Clean up Docker
+        run: |
+          docker builder prune -af --keep-storage 2GB
+          docker image prune -f

Dockerfile

@@ -27,6 +27,10 @@ COPY --from=builder /app/public ./public
 COPY --from=builder /app/.next/standalone ./
 COPY --from=builder /app/.next/static ./.next/static
 
+LABEL org.opencontainers.image.source="https://git.dominikstahl.dev/DHBW-WE/MeetUp"
+LABEL org.opencontainers.image.title="MeetUp"
+LABEL org.opencontainers.image.description="A web application for managing meetups"
+
 EXPOSE 3000
 
 ENV HOSTNAME="0.0.0.0"

docker-compose.yml

@@ -3,5 +3,9 @@ services:
     build:
       context: .
       dockerfile: Dockerfile
+    image: git.dominikstahl.dev/dhbw-we/meetup:main
     ports:
       - '3000:3000'
+    environment:
+      - AUTH_SECRET=secret
+      - AUTH_URL=http://localhost:3000