zitadel-resources-operator/.gitea/workflows/build-and-publish.yaml

# .gitea/workflows/build.yaml
name: Build and Deploy
on:
  push:
    branches:
      - main

env:
  REGISTRY: ${{ github.server_url }}
  IMAGE_NAME: ${{ github.event.repository.name }}
  CHART_NAME: ${{ github.event.repository.name }}

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: nixos/nix:latest
      options: --privileged
    steps:
      - name: Checkout
        run: |
          nix-shell -p git --run "git clone https://token:${{ secrets.GITHUB_TOKEN }}@$(echo ${{ github.server_url }} | sed 's|https://||')/${{ github.repository }}.git ."
          nix-shell -p git --run "git checkout ${{ github.sha }}"
      
      - name: Setup Nix
        run: |
          echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
          
      - name: Build with Nix
        run: |
          nix build .#dockerImage --print-build-logs
          nix build .#helmChart --print-build-logs
          
      - name: Setup Docker
        run: |
          nix-shell -p docker --run "dockerd &"
          sleep 5
          
      - name: Load and Push Docker Image
        run: |
          VERSION=${{ github.run_number }}
          REGISTRY_HOST=$(echo "${{ env.REGISTRY }}" | sed -e 's|^https://||' -e 's|^http://||')
          TARGET_IMAGE=${REGISTRY_HOST}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
          
          nix-shell -p docker --run "
            docker load < result
            SOURCE_IMAGE=\$(docker images --format '{{.Repository}}:{{.Tag}}' | head -n 1)
            
            echo '${{ secrets.GITHUB_TOKEN }}' | docker login ${REGISTRY_HOST} -u ${{ github.actor }} --password-stdin
            
            docker tag \$SOURCE_IMAGE ${TARGET_IMAGE}:${VERSION}
            docker tag \$SOURCE_IMAGE ${TARGET_IMAGE}:latest
            docker push ${TARGET_IMAGE}:${VERSION}
            docker push ${TARGET_IMAGE}:latest
          "
          
      - name: Package and Push Helm Chart
        run: |
          VERSION=${{ github.run_number }}
          
          nix-shell -p kubernetes-helm --run "
            helm package result/chart --version ${VERSION} --app-version ${VERSION}
          "
          
          CHART_FILE=${{ env.CHART_NAME }}-${VERSION}.tgz
          
          nix-shell -p curl --run "
            curl -f --user '${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}' \
                 -X POST \
                 --upload-file ./${CHART_FILE} \
                 '${{ github.server_url }}/api/packages/${{ github.repository_owner }}/helm/api/charts'
          "