From 3e6e078367dd98fde44c9a532890872ffadee9bb Mon Sep 17 00:00:00 2001
From: Sudo-Ivan <ivan@quad4.io>
Date: Sat, 27 Dec 2025 13:04:42 -0600
Subject: [PATCH] Update Docker workflows and Dockerfiles to enhance image
 metadata and support multiple branches

- Added support for the 'master' branch in the Docker workflow.
- Updated registry and image name in the workflow environment variables.
- Enhanced Dockerfile and Dockerfile.rootless with additional metadata labels including build date, version, and VCS reference.
- Updated action versions for improved compatibility and functionality.
---
 .gitea/workflows/docker.yml | 41 ++++++++++++++++++++++++-------------
 docker/Dockerfile           | 20 ++++++++++++++----
 docker/Dockerfile.rootless  | 20 ++++++++++++++----
 3 files changed, 59 insertions(+), 22 deletions(-)

diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml
index 972b830..87acc31 100644
--- a/.gitea/workflows/docker.yml
+++ b/.gitea/workflows/docker.yml
@@ -1,15 +1,16 @@
 name: Build and Publish Docker Image
 
 on:
+  workflow_dispatch:
   push:
-    branches: [ main ]
+    branches: [ main, master ]
     tags: [ 'v*' ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, master ]
 
 env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
+  REGISTRY: git.quad4.io
+  IMAGE_NAME: rns-things/rns-page-node
 
 jobs:
   build:
@@ -17,29 +18,32 @@ jobs:
     permissions:
       contents: read
       packages: write
+    outputs:
+      image_digest: ${{ steps.build.outputs.digest }}
+      image_tags: ${{ steps.meta.outputs.tags }}
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
         with:
           platforms: amd64,arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
 
       - name: Log in to the Container registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
         with:
           registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -51,7 +55,8 @@ jobs:
             type=sha,format=short
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83  # v6.18.0
+        id: build
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: .
           file: ./docker/Dockerfile
@@ -59,12 +64,16 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            BUILD_DATE=${{ github.event.head_commit.timestamp }}
+            VCS_REF=${{ github.sha }}
+            VERSION=${{ steps.meta.outputs.version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
       - name: Extract metadata (tags, labels) for Docker (rootless)
         id: meta_rootless
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-rootless
           tags: |
@@ -75,7 +84,7 @@ jobs:
             type=sha,format=short,suffix=-rootless
 
       - name: Build and push rootless Docker image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83  # v6.18.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: .
           file: ./docker/Dockerfile.rootless
@@ -83,5 +92,9 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta_rootless.outputs.tags }}
           labels: ${{ steps.meta_rootless.outputs.labels }}
+          build-args: |
+            BUILD_DATE=${{ github.event.head_commit.timestamp }}
+            VCS_REF=${{ github.sha }}
+            VERSION=${{ steps.meta_rootless.outputs.version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
diff --git a/docker/Dockerfile b/docker/Dockerfile
index f5aab06..e4b6d65 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,10 +1,22 @@
 ARG PYTHON_VERSION=3.13
 FROM python:${PYTHON_VERSION}-alpine
 
-LABEL org.opencontainers.image.source="https://git.quad4.io/RNS-Things/rns-page-node"
-LABEL org.opencontainers.image.description="A simple way to serve pages and files over the Reticulum network."
-LABEL org.opencontainers.image.licenses="GPL-3.0"
-LABEL org.opencontainers.image.authors="Sudo-Ivan"
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+
+LABEL org.opencontainers.image.created=$BUILD_DATE \
+      org.opencontainers.image.title="RNS Page Node" \
+      org.opencontainers.image.description="A simple way to serve pages and files over the Reticulum network." \
+      org.opencontainers.image.url="https://git.quad4.io/RNS-Things/rns-page-node" \
+      org.opencontainers.image.documentation="https://git.quad4.io/RNS-Things/rns-page-node/src/branch/main/README.md" \
+      org.opencontainers.image.source="https://git.quad4.io/RNS-Things/rns-page-node" \
+      org.opencontainers.image.version=$VERSION \
+      org.opencontainers.image.revision=$VCS_REF \
+      org.opencontainers.image.vendor="RNS-Things" \
+      org.opencontainers.image.licenses="GPL-3.0" \
+      org.opencontainers.image.authors="Sudo-Ivan" \
+      org.opencontainers.image.base.name="python:${PYTHON_VERSION}-alpine"
 
 WORKDIR /app
 
diff --git a/docker/Dockerfile.rootless b/docker/Dockerfile.rootless
index 810721b..4f1d68e 100644
--- a/docker/Dockerfile.rootless
+++ b/docker/Dockerfile.rootless
@@ -1,10 +1,22 @@
 ARG PYTHON_VERSION=3.13
 FROM python:${PYTHON_VERSION}-alpine
 
-LABEL org.opencontainers.image.source="https://git.quad4.io/RNS-Things/rns-page-node"
-LABEL org.opencontainers.image.description="A simple way to serve pages and files over the Reticulum network."
-LABEL org.opencontainers.image.licenses="GPL-3.0"
-LABEL org.opencontainers.image.authors="Sudo-Ivan"
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+
+LABEL org.opencontainers.image.created=$BUILD_DATE \
+      org.opencontainers.image.title="RNS Page Node (Rootless)" \
+      org.opencontainers.image.description="A simple way to serve pages and files over the Reticulum network." \
+      org.opencontainers.image.url="https://git.quad4.io/RNS-Things/rns-page-node" \
+      org.opencontainers.image.documentation="https://git.quad4.io/RNS-Things/rns-page-node/src/branch/main/README.md" \
+      org.opencontainers.image.source="https://git.quad4.io/RNS-Things/rns-page-node" \
+      org.opencontainers.image.version=$VERSION \
+      org.opencontainers.image.revision=$VCS_REF \
+      org.opencontainers.image.vendor="RNS-Things" \
+      org.opencontainers.image.licenses="GPL-3.0" \
+      org.opencontainers.image.authors="Sudo-Ivan" \
+      org.opencontainers.image.base.name="python:${PYTHON_VERSION}-alpine"
 
 RUN addgroup -g 1000 app && adduser -D -u 1000 -G app app