From 27b48c3b3a21bf3227033598dd954939cc6b1fba Mon Sep 17 00:00:00 2001
From: sstent <stuart.stent@gmail.com>
Date: Fri, 21 Nov 2025 18:55:31 -0800
Subject: [PATCH] sync

---
 .github/workflows/container-build.yml | 96 +++++++++++++++------------
 1 file changed, 55 insertions(+), 41 deletions(-)

diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
index 2e08725..f948914 100644
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@@ -1,52 +1,66 @@
 name: Build and Push Docker Image
 
 on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
+workflow_dispatch:
+push:
+branches:
+- main
+paths:
+- 'app.py'
+- 'dockerfile'
+- 'requirements.txt'
+- 'docker-compose.yml'
 
 jobs:
-  build-and-push:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
+build-and-push:
+runs-on: ubuntu-latest
+permissions:
+contents: read
+packages: write
 
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+steps:
+  - name: Checkout repository
+    uses: actions/checkout@v4
 
-      - name: Set registry URL
-        id: registry
-        run: |
-          if [ "${{ github.server_url }}" = "https://github.com" ]; then
-            echo "url=ghcr.io" >> $GITHUB_OUTPUT
-          else
-            echo "url=${{ github.server_url }}" | sed 's|https://||' >> $GITHUB_OUTPUT
-          fi
+  - name: Set registry URL
+    id: registry
+    run: |
+      # The registry URL for Gitea is the server URL without the scheme (https://)
+      if [ "${{ github.server_url }}" = "https://github.com" ]; then
+        echo "url=ghcr.io" >> $GITHUB_OUTPUT
+      else
+        # Remove 'https://' prefix for the Docker registry hostname
+        echo "url=$(echo ${{ github.server_url }} | sed 's|^https://||')" >> $GITHUB_OUTPUT
+      fi
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+  - name: Set up QEMU
+    uses: docker/setup-qemu-action@v3
 
-      - name: Log in to Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ steps.registry.outputs.url }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.PACKAGE_TOKEN || secrets.GITHUB_TOKEN }}
+  - name: Log in to Container Registry
+    uses: docker/login-action@v3
+    with:
+      registry: ${{ steps.registry.outputs.url }}
+      username: ${{ github.actor }}
+      # Use GITEA_TOKEN (or a generic token) for authentication
+      password: ${{ secrets.PACKAGE_TOKEN || secrets.GITHUB_TOKEN }}
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+  - name: Set up Docker Buildx
+    uses: docker/setup-buildx-action@v3
 
-      - name: Build and push multi-arch Docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: |
-            ${{ steps.registry.outputs.url }}/${{ github.repository }}:latest
-            ${{ steps.registry.outputs.url }}/${{ github.repository }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+  - name: Build and push multi-arch Docker image
+    uses: docker/build-push-action@v5
+    with:
+      context: .
+      push: true
+      platforms: linux/amd64,linux/arm64
+      tags: |
+        ${{ steps.registry.outputs.url }}/${{ github.repository }}:latest
+        ${{ steps.registry.outputs.url }}/${{ github.repository }}:${{ github.sha }}
+      cache-from: type=gha
+      cache-to: type=gha,mode=max
+      
+      # --- AUTOMATIC REPOSITORY LINKING ---
+      # This label adds an OCI annotation that Gitea uses to automatically
+      # link the package to the repository source code.
+      labels: |
+        org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}