ci: link published container package to repository

2026-05-22 19:43:22 +02:00
parent 25d5e48dac
commit 159f8be493
2 changed files with 68 additions and 0 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -103,6 +103,19 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
+      - name: Derive package metadata
+        id: meta
+        shell: bash
+        run: |
+          set -euo pipefail
+          owner="${IMAGE_NAME%%/*}"
+          repo="${IMAGE_NAME##*/}"
+          if [ -z "${owner}" ] || [ -z "${repo}" ]; then
+            echo "::error::Failed to derive owner/repo from IMAGE_NAME=${IMAGE_NAME}"
+            exit 1
+          fi
+          echo "owner=${owner}" >> "${GITHUB_OUTPUT}"
+          echo "repo=${repo}" >> "${GITHUB_OUTPUT}"
      - name: Login to Gitea container registry
        uses: docker/login-action@v3
        with:
@@ -140,3 +153,56 @@ jobs:
          if [ "${CI_REF_NAME}" = "main" ]; then
            echo "- ${IMAGE}:latest" >> "${GITHUB_STEP_SUMMARY}"
          fi
+      - name: Link package to repository
+        shell: bash
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+          PACKAGE_OWNER: ${{ steps.meta.outputs.owner }}
+          PACKAGE_NAME: ${{ steps.meta.outputs.repo }}
+          REPO_NAME: ${{ steps.meta.outputs.repo }}
+        run: |
+          set -euo pipefail
+          token="${REGISTRY_PASSWORD:-${REGISTRY_TOKEN:-}}"
+          if [ -z "$token" ]; then
+            echo "::error::Registry token/password is empty. Set REGISTRY_PASSWORD or REGISTRY_TOKEN."
+            exit 1
+          fi
+          python3 - <<'PY'
+          import json
+          import os
+          import sys
+          import urllib.error
+          import urllib.parse
+          import urllib.request
+
+          owner = os.environ["PACKAGE_OWNER"]
+          package = os.environ["PACKAGE_NAME"]
+          repo = os.environ["REPO_NAME"]
+          token = os.environ["REGISTRY_PASSWORD"] or os.environ["REGISTRY_TOKEN"]
+          base = "https://gitea.reversed.dev/api/v1"
+          headers = {
+              "Authorization": f"token {token}",
+              "Accept": "application/json",
+          }
+
+          latest_url = f"{base}/packages/{urllib.parse.quote(owner)}/container/{urllib.parse.quote(package)}/-/latest"
+          req = urllib.request.Request(latest_url, headers=headers)
+          with urllib.request.urlopen(req) as resp:
+              current = json.load(resp)
+
+          linked_repo = (current.get("repository") or {}).get("name")
+          if linked_repo == repo:
+              print(f"package already linked to {owner}/{repo}")
+              sys.exit(0)
+
+          link_url = f"{base}/packages/{urllib.parse.quote(owner)}/container/{urllib.parse.quote(package)}/-/link/{urllib.parse.quote(repo)}"
+          link_req = urllib.request.Request(link_url, data=b"", method="POST", headers=headers)
+          try:
+              with urllib.request.urlopen(link_req) as resp:
+                  print(f"linked package to {owner}/{repo}, status={resp.status}")
+          except urllib.error.HTTPError as exc:
+              body = exc.read().decode(errors="replace")
+              print(f"link failed: status={exc.code} body={body}")
+              raise
+          PY