From 83ecfc31764fde42031ed71916de6e8057ff76e5 Mon Sep 17 00:00:00 2001
From: Donavan Fritz <dfritz@netflix.com>
Date: Wed, 6 May 2026 08:07:13 -0500
Subject: [PATCH] initial: action/image-build @v1

---
 README.md   | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 action.yaml | 47 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 README.md
 create mode 100644 action.yaml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f3ba68e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,59 @@
+# action/image-build
+
+Composite Gitea Action that builds a container image with buildx and optionally
+runs a smoke test. **Does not push** — pair with `action/image-push` to publish.
+
+Splitting build from push lets a PR workflow run `image-build` (no secrets, no
+side effects) for validation while `main` runs the full build → push → deploy
+chain.
+
+## Usage
+
+```yaml
+- uses: actions/checkout@v4
+- uses: https://code.fritzlab.net/action/image-build@v1
+  with:
+    image: code.fritzlab.net/fritzlab/chrony
+    smoke-test: docker run --rm --entrypoint /usr/sbin/chronyd $IMAGE -v
+```
+
+The image is built and tagged as `<image>:<github.run_number>` in the runner's
+local Docker daemon. Subsequent steps (e.g. `action/image-push`) can reference
+the same tag.
+
+## Inputs
+
+| Name | Required | Default | Description |
+|---|---|---|---|
+| `image` | yes | — | Full image name without tag (e.g. `code.fritzlab.net/fritzlab/chrony`). |
+| `context` | no | `.` | Docker build context. |
+| `build-args` | no | — | Multiline `KEY=VALUE` build args. |
+| `smoke-test` | no | — | Shell command run after build. `$IMAGE` is set to `<image>:<run_number>`. Non-zero exit fails the action. |
+
+## Outputs
+
+| Name | Description |
+|---|---|
+| `tag` | Numeric tag assigned (= `github.run_number`). |
+
+## Smoke test patterns
+
+Override entrypoint for a binary that expects no args:
+
+```yaml
+smoke-test: docker run --rm --entrypoint /usr/sbin/chronyd $IMAGE -v
+```
+
+Run a help command that returns non-zero:
+
+```yaml
+smoke-test: docker run --rm $IMAGE --help || true
+```
+
+Multiple checks chained:
+
+```yaml
+smoke-test: |
+  docker run --rm $IMAGE --version
+  docker run --rm --entrypoint /bin/sh $IMAGE -c 'test -x /usr/local/bin/myapp'
+```
diff --git a/action.yaml b/action.yaml
new file mode 100644
index 0000000..b63d4a2
--- /dev/null
+++ b/action.yaml
@@ -0,0 +1,47 @@
+name: Build Image
+description: Build a container image locally with buildx and optionally run a smoke test. Does not push to registry.
+inputs:
+  image:
+    description: Full image name without tag (e.g. code.fritzlab.net/fritzlab/chrony)
+    required: true
+  context:
+    description: Docker build context path
+    required: false
+    default: .
+  build-args:
+    description: Multiline KEY=VALUE pairs passed to docker build
+    required: false
+  smoke-test:
+    description: |
+      Shell command run after build. The image is exposed as $IMAGE
+      (e.g. "docker run --rm --entrypoint /usr/sbin/chronyd $IMAGE -v").
+      Empty = no test.
+    required: false
+    default: ''
+outputs:
+  tag:
+    description: Numeric tag assigned to the built image (= github.run_number)
+    value: ${{ github.run_number }}
+runs:
+  using: composite
+  steps:
+    - name: Build (load to local docker)
+      uses: docker/build-push-action@v6
+      with:
+        context: ${{ inputs.context }}
+        push: false
+        load: true
+        provenance: false
+        network: host
+        build-args: ${{ inputs.build-args }}
+        tags: ${{ inputs.image }}:${{ github.run_number }}
+
+    - name: Smoke test
+      if: ${{ inputs.smoke-test != '' }}
+      shell: bash
+      env:
+        IMAGE: ${{ inputs.image }}:${{ github.run_number }}
+      run: |
+        set -euo pipefail
+        echo "+ ${{ inputs.smoke-test }}"
+        ${{ inputs.smoke-test }}