containers/.forgejo/workflows/build-images.yaml

name: "Build and Push Images with Podman in Colima Using Custom Seccomp Profile"

on:
  push:
    paths:
    - 'apps/*/Dockerfile'
  workflow_dispatch:

jobs:
  build-and-push:
    name: Build and Push Images with Podman and Custom Seccomp Profile in Colima
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    - name: Install Podman Dependencies
      run: |
        sudo apt-get update
        sudo apt-get install -y podman slirp4netns fuse-overlayfs        


    - name: Build and Push Images with Custom Seccomp Profile
      run: |
        export REGISTRY_USER=$GITHUB_REPOSITORY_OWNER
        export REGISTRY_PASS=$GITHUB_TOKEN
        SEC_PROFILE=./podman-seccomp.json

        for dockerfile in $(find ./apps -name Dockerfile); do
          app_name=$(basename $(dirname $dockerfile))
          image="code.252.no/tommy/containers/${app_name}:latest"

          # Use the seccomp profile within Colima
          sudo podman build --security-opt seccomp=unconfined --tls-verify=false -t $image -f $dockerfile
          echo $REGISTRY_PASS | sudo podman login code.252.no -u $REGISTRY_USER --password-stdin
          sudo podman push --security-opt seccomp=$SEC_PROFILE $image --tls-verify=false
        done        
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}