Base #40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Base | |
| # yamllint disable-line rule:truthy | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # at 03:33 on Friday | |
| - cron: "33 3 * * 5" | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| packages: read | |
| jobs: | |
| build: | |
| if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch' | |
| name: Build | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: "false" | |
| - name: Setup podman | |
| env: | |
| PODMAN_VERSION: "v5.7.1" | |
| run: | | |
| sudo apt-get purge -y podman runc crun conmon | |
| curl -fsSLO "https://github.com/mgoltzsche/podman-static/releases/download/${{ env.PODMAN_VERSION }}/podman-linux-amd64.tar.gz" | |
| curl -fsSLO "https://github.com/mgoltzsche/podman-static/releases/download/${{ env.PODMAN_VERSION }}/podman-linux-amd64.tar.gz.asc" | |
| gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0CCF102C4F95D89E583FF1D4F8B5AF50344BB503 | |
| gpg --batch --verify "podman-linux-amd64.tar.gz.asc" "podman-linux-amd64.tar.gz" | |
| tar -xzf "podman-linux-amd64.tar.gz" | |
| sudo cp -rfv ./podman-linux-amd64/etc/. /etc/ | |
| sudo cp -rfv ./podman-linux-amd64/usr/. /usr/ | |
| sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 | |
| - name: Setup mise-en-place | |
| uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 | |
| - name: Get date | |
| id: date | |
| run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT | |
| - name: Setup cache container | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| # yamllint disable-line rule:line-length | |
| key: "container-${{ hashFiles('./Dockerfile') }}-${{ steps.date.outputs.date }}" | |
| # restore only the same hash | |
| restore-keys: | | |
| container-${{ hashFiles('./Dockerfile') }}- | |
| path: "/var/tmp/buildah-cache-*/*" | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| - name: Login to GHCR | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.repository_owner }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Build (push) | |
| run: mise run build --push |