create ghrc action

.gitea/actions/infisical-secrets/action.yaml

@@ -0,0 +1,14 @@
+name: 'Pull Infisical Secrets'
+description: 'Pulls secrets from local Infisical instance and injects them into the job'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Fetch secrets from Infisical
+      uses: Infisical/secrets-action@v1.0.8
+      with:
+        domain: "http://infisical.local.chromart.cc"
+        client-id: "9cb72bd7-6e48-4297-a8b3-1d616ea58452"
+        client-secret: "f431d8b6e18e51a858b695afdc30464c618a166ce507b1f55e512e830ebafcf8"
+        env-slug: "prod"
+        project-slug: "chromart-g-do-u"

.gitea/workflows/diff-output.yaml

@@ -12,9 +12,7 @@ on:
       ref:
         required: true
         type: string
-    secrets:
+    secrets: []
-      token:
-        required: true
     outputs:
       is_changed:
         description: "'true' if the input files are changed otherwise 'false'"
@@ -32,7 +30,7 @@ jobs:
         with:
           repository: ${{ inputs.repository }}
           ref: ${{ inputs.ref }}
-          token: ${{ secrets.token }}
+          token: ${{ github.token }}
     
       - name: Get changed files in the doorman-homeassistant folder
         id: changed-files-specific

.gitea/workflows/docker-publish-ghcr.yaml

@@ -0,0 +1,54 @@
+name: Docker Publish GHCR
+
+on:
+  workflow_call:
+    inputs:
+      repository:
+        required: true
+        type: string
+      ref:
+        required: true
+        type: string
+      image_name:
+        required: true
+        type: string
+
+jobs:
+  docker:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Echo test
+        run: echo "${{ inputs.image_name }}"
+
+      - name: Checkout Code to Build
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ inputs.repository }}
+          ref: ${{ inputs.ref }}
+          token: ${{ github.token }}
+
+      - name: Load Infisical Secrets
+        uses: martin/chromart-gitea-actions/.gitea/actions/infisical-secrets@main
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: martindmtrv
+          # The Infisical secrets action needs to provide a secret named GHCR_PAT
+          password: ${{ env.GHCR_PAT }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # image_name should be formatted like: user/repo
+          images: ghcr.io/${{ inputs.image_name }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitea/workflows/docker-publish-private.yaml

@@ -12,9 +12,7 @@ on:
       image_name:
         required: true
         type: string
-    secrets:
+    secrets: []
-      token:
-        required: true
 
 jobs:
   docker:
@@ -28,7 +26,7 @@ jobs:
         with:
           repository: ${{ inputs.repository }}
           ref: ${{ inputs.ref }}
-          token: ${{ secrets.token }}
+          token: ${{ github.token }}
 
       - name: Build Docker image
         run: docker buildx build . -t 192.168.1.150:9120/${{ inputs.image_name }}:latest