Merge pull request 'refactor: standardize CI/CD to 4-workflow pattern' (#11) from fix/workflow-standard into master

Reviewed-on: #11

.gitea/workflows/cron.yaml

@@ -1,9 +1,7 @@
 name: Nightly Rebuild
-
 on:
   schedule:
     - cron: '0 0 * * *'
-
 jobs:
   hadolint:
     runs-on: ubuntu-latest
@@ -13,8 +11,14 @@ jobs:
         continue-on-error: true
         with:
           dockerfile: Dockerfile
-
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t ci-image:${{ github.sha }} .
   build-push:
+    needs: [test]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
@@ -32,10 +36,9 @@ jobs:
       - id: meta
         uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
         with:
-          images: jcabillot/docker-ttrss
+          images: jcabillot/ttrss
           tags: |
-            type=raw,value=latest
+            type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
-            type=raw,value=${{ steps.get-latest-tag.outputs.tag }},enable=${{ steps.get-latest-tag.outputs.tag != '' }}
       - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
           context: .

.gitea/workflows/main.yaml

@@ -1,9 +1,7 @@
 name: Main Release
-
 on:
   push:
     branches: [master]
-
 jobs:
   hadolint:
     runs-on: ubuntu-latest
@@ -13,39 +11,21 @@ jobs:
         continue-on-error: true
         with:
           dockerfile: Dockerfile
-
-  build-push:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
-      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
-      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - id: meta
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
-        with:
-          images: jcabillot/docker-ttrss
-          tags: |
-            type=raw,value=latest
-      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          pull: true
-
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
-      - run: docker build --load -t ci-image:${{ github.sha }} .
+      - run: docker build -t ci-image:${{ github.sha }} .
-      - run: bash tests/test.sh ci-image:${{ github.sha }}
+  build:
-
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t jcabillot/ttrss:${{ github.sha }} .
   tag:
+    needs: [build]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
@@ -53,10 +33,10 @@ jobs:
           fetch-depth: 0
       - name: Configure git auth
         run: |
-          git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@scm.cabillot.eu/web/docker-ttrss.git"
+          git remote set-url origin "https://x-access-token:${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}@scm.cabillot.eu/web/docker-ttrss.git"
       - uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}
           DEFAULT_BUMP: patch
           RELEASE_BRANCHES: master
           WITH_V: true

.gitea/workflows/pr.yaml

@@ -1,9 +1,7 @@
 name: PR Checks
-
 on:
   pull_request:
     branches: [master]
-
 jobs:
   hadolint:
     runs-on: ubuntu-latest
@@ -13,11 +11,9 @@ jobs:
         continue-on-error: true
         with:
           dockerfile: Dockerfile
-
   build-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
-      - run: docker build --load -t ci-image:${{ github.sha }} .
+      - run: docker build -t ci-image:${{ github.sha }} .
-      - run: bash tests/test.sh ci-image:${{ github.sha }}

.gitea/workflows/tag.yaml

@@ -1,9 +1,7 @@
 name: Tag Release
-
 on:
   push:
     tags: ['*']
-
 jobs:
   hadolint:
     runs-on: ubuntu-latest
@@ -13,8 +11,14 @@ jobs:
         continue-on-error: true
         with:
           dockerfile: Dockerfile
-
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t ci-image:${{ github.sha }} .
   build-push:
+    needs: [test]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
@@ -26,9 +30,10 @@ jobs:
       - id: meta
         uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
         with:
-          images: jcabillot/docker-ttrss
+          images: jcabillot/ttrss
           tags: |
             type=ref,event=tag
+            type=ref,event=tag,suffix=-latest
       - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
           context: .

tests/test.sh

@@ -36,10 +36,7 @@ assert_contains() {
 
 echo "Starting PostgreSQL..."
 docker pull postgres:16-alpine > /dev/null 2>&1
-SOCKET_DIR="$TMPDIR/pg-socket"
-mkdir -p "$SOCKET_DIR"
 docker run -d --name "$DB_CONTAINER" \
-  -v "$SOCKET_DIR:/var/run/postgresql" \
   -e POSTGRES_DB=ttrss -e POSTGRES_USER=ttrss -e POSTGRES_PASSWORD=ttrss \
   postgres:16-alpine
 
@@ -53,10 +50,7 @@ for i in $(seq 1 30); do
 done
 
 echo "Starting TTRSS..."
-docker run -d --name "$CONTAINER_NAME" \
+docker run -d --name "$CONTAINER_NAME" --link "$DB_CONTAINER:db" -p 8080:8080 "$IMAGE"
-  -v "$SOCKET_DIR:/run/postgresql" \
-  -e DB_HOST=db -e DB_PORT=5432 \
-  --link "$DB_CONTAINER:db" -p 8080:8080 "$IMAGE"
 
 echo "Waiting for TTRSS to be ready..."
 READY=false
@@ -76,11 +70,8 @@ if [ "$READY" = false ]; then
   exit 1
 fi
 
-# Ensure www-data role exists for Unix socket connection
-docker exec -e PGPASSWORD=ttrss "$DB_CONTAINER" psql -U ttrss -d ttrss -c "CREATE ROLE www-data WITH LOGIN;" 2>/dev/null; docker exec -e PGPASSWORD=ttrss "$DB_CONTAINER" psql -U ttrss -d ttrss -c "GRANT ALL ON DATABASE ttrss TO www-data;" 2>/dev/null || true
-
 echo "Updating TT-RSS database schema..."
-echo yes | docker exec -i -u www-data -e DB_HOST=db -e DB_PORT=5432 "$CONTAINER_NAME" php /var/www/ttrss/update.php --update-schema 2>&1 || true
+echo yes | docker exec -i -u www-data "$CONTAINER_NAME" php /var/www/ttrss/update.php --update-schema 2>&1 || true
 sleep 2
 
 # Test 1: HTTP status