go-gitea · TheFox0x7 · Jun 27, 2025 · Jun 30, 2025 · Jun 30, 2025 · Jun 30, 2025
diff --git a/.dockerignore b/.dockerignore
@@ -74,6 +74,8 @@ cpu.out
 /VERSION
 /.air
 /.go-licenses
+Dockerfile
+Dockerfile.rootless
 
 # Files and folders that were previously generated
 /public/assets/img/webpack

diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml
@@ -11,25 +11,23 @@ jobs:
   files-changed:
     uses: ./.github/workflows/files-changed.yml
 
-  regular:
+  container:
     if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
     needs: files-changed
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v5
       - uses: docker/setup-buildx-action@v3
-      - uses: docker/build-push-action@v5
+      - name: Build regular container image
+        uses: docker/build-push-action@v5
         with:
+          context: .
           push: false
           tags: gitea/gitea:linux-amd64
-
-  rootless:
-    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/build-push-action@v5
+      - name: Build rootless container image
+        uses: docker/build-push-action@v5
         with:
+          context: .
           push: false
           file: Dockerfile.rootless
           tags: gitea/gitea:linux-amd64
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
@@ -56,7 +56,7 @@ jobs:
       - name: upload binaries to s3
         run: |
           aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-  nightly-docker-rootful:
+  nightly-container:
     runs-on: namespace-profile-gitea-release-docker
     permissions:
       packages: write # to publish to ghcr.io
@@ -65,17 +65,36 @@ jobs:
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
       # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
       - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v6
-        with:
-          go-version-file: go.mod
-          check-latest: true
       - uses: docker/setup-qemu-action@v3
       - uses: docker/setup-buildx-action@v3
       - name: Get cleaned branch name
         id: clean_name
         run: |
           REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
           echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: |-
+            gitea/gitea
+            ghcr.io/go-gitea/gitea
+          tags: |
+            type=raw,value=${{ steps.clean_name.outputs.branch }}
+          annotations: |
+            org.opencontainers.image.authors="[email protected]"
+      - uses: docker/metadata-action@v5
+        id: meta_rootless
+        with:
+          images: |-
+            gitea/gitea
+            ghcr.io/go-gitea/gitea
+          # each tag below will have the suffix of -rootless
+          flavor: |
+            suffix=-rootless
+          tags: |
+            type=raw,value=${{ steps.clean_name.outputs.branch }}
+          annotations: |
+            org.opencontainers.image.authors="[email protected]"
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
@@ -87,57 +106,20 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: fetch go modules
-        run: make vendor
-      - name: build rootful docker image
+      - name: build regular docker image
         uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
           push: true
-          tags: |-
-            gitea/gitea:${{ steps.clean_name.outputs.branch }}
-            ghcr.io/go-gitea/gitea:${{ steps.clean_name.outputs.branch }}
-  nightly-docker-rootless:
-    runs-on: namespace-profile-gitea-release-docker
-    permissions:
-      packages: write # to publish to ghcr.io
-    steps:
-      - uses: actions/checkout@v5
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v6
-        with:
-          go-version-file: go.mod
-          check-latest: true
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GHCR using PAT
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: fetch go modules
-        run: make vendor
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
       - name: build rootless docker image
         uses: docker/build-push-action@v5
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64,linux/arm64,linux/riscv64
           push: true
           file: Dockerfile.rootless
-          tags: |-
-            gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless
-            ghcr.io/go-gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless
+          tags: ${{ steps.meta_rootless.outputs.tags }}
+          annotations: ${{ steps.meta_rootless.outputs.annotations }}
diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml
@@ -66,7 +66,7 @@ jobs:
           gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-  docker-rootful:
+  container:
     runs-on: namespace-profile-gitea-release-docker
     permissions:
       packages: write # to publish to ghcr.io
@@ -88,38 +88,10 @@ jobs:
           # 1.2.3-rc0
           tags: |
             type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GHCR using PAT
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64,linux/riscv64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-  docker-rootless:
-    runs-on: namespace-profile-gitea-release-docker
-    permissions:
-      packages: write # to publish to ghcr.io
-    steps:
-      - uses: actions/checkout@v5
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
+          annotations: |
+            org.opencontainers.image.authors="[email protected]"
 LABEL maintainer="[email protected]" 
 LABEL maintainer="[email protected]" 
       - uses: docker/metadata-action@v5
-        id: meta
+        id: meta_rootless
         with:
           images: |-
             gitea/gitea
@@ -131,6 +103,8 @@ jobs:
           # 1.2.3-rc0
           tags: |
             type=semver,pattern={{version}}
+          annotations: |
+            org.opencontainers.image.authors="[email protected]"
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
@@ -142,12 +116,20 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: build rootless docker image
+      - name: build regular container image
         uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
           push: true
-          file: Dockerfile.rootless
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+      - name: build rootless container image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64,linux/riscv64
+          push: true
+          file: Dockerfile.rootless
+          tags: ${{ steps.meta_rootless.outputs.tags }}
+          annotations: ${{ steps.meta_rootless.outputs.annotations }}
diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml
@@ -70,7 +70,7 @@ jobs:
           gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/*
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-  docker-rootful:
+  container:
     runs-on: namespace-profile-gitea-release-docker
     permissions:
       packages: write # to publish to ghcr.io
@@ -96,36 +96,10 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GHCR using PAT
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64,linux/riscv64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-  docker-rootless:
-    runs-on: namespace-profile-gitea-release-docker
-    steps:
-      - uses: actions/checkout@v5
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
+          annotations: |
+            org.opencontainers.image.authors="[email protected]"
       - uses: docker/metadata-action@v5
-        id: meta
+        id: meta_rootless
         with:
           images: |-
             gitea/gitea
@@ -142,6 +116,8 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
+          annotations: |
+            org.opencontainers.image.authors="[email protected]"
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
@@ -153,12 +129,20 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: build rootless docker image
+      - name: build regular container image
         uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
           push: true
-          file: Dockerfile.rootless
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+      - name: build rootless container image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64,linux/riscv64
+          push: true
+          file: Dockerfile.rootless
+          tags: ${{ steps.meta_rootless.outputs.tags }}
+          annotations: ${{ steps.meta_rootless.outputs.annotations }}