test exposing ssh keys during docker build

.gitea/workflows/build-nginx.yaml

@@ -25,7 +25,7 @@ jobs:
           username: woggioni
           password: ${{ secrets.PUBLISHER_TOKEN }}
       -
-        name: Build and push nginx images
+        name: Build and push nginx vanilla images
         uses: docker/build-push-action@v6
         with:
           context: "{{defaultContext}}:nginx"
@@ -34,12 +34,35 @@ jobs:
             linux/arm64
           push: true
           pull: true
+          ssh: default=/home/luser/.ssh/id_ed25519
           tags: |
             "gitea.woggioni.net/woggioni/nginx:latest"
             "gitea.woggioni.net/woggioni/nginx:v1.29.1"
           secrets: |
             GIT_AUTH_TOKEN.github.com=${{ secrets.GH_ACCESS_TOKEN }}
-          build-args: "NGINX_VERSION=1.29.1"
+          build-args: |
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/nginx:buildx
+            NGINX_VERSION=1.29.1
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/nginx:buildx
+            NGINX_BRANCH=vanilla
-
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/nginx:buildx-vanilla
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/nginx:buildx-woggioni
+      -
+        name: Build and push nginx custom images
+        uses: docker/build-push-action@v6
+        with:
+          context: "{{defaultContext}}:nginx"
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          pull: true
+          ssh: default=/home/luser/.ssh/id_ed25519
+          tags: |
+            "gitea.woggioni.net/woggioni/nginx:woggioni"
+            "gitea.woggioni.net/woggioni/nginx:v1.29.1-woggioni"
+          secrets: |
+            GIT_AUTH_TOKEN.github.com=${{ secrets.GH_ACCESS_TOKEN }}
+          build-args: |
+            NGINX_VERSION=1.29.1
+            NGINX_BRANCH=woggioni
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/nginx:buildx-woggioni
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/nginx:buildx-woggioni

nginx/Dockerfile

@@ -1,7 +1,7 @@
 
 FROM alpine:latest AS base
 
-FROM alpine:latest AS build
+FROM alpine:latest AS build_stage_1
 ARG NGINX_VERSION LIBRESSL_VERSION=4.1.0
 ENV NGINX_VERSION=${NGINX_VERSION}
 RUN --mount=type=cache,target=/var/cache/apk apk update
@@ -42,6 +42,8 @@ USER luser
 WORKDIR /home/luser
 
 #RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
+#RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
+#ADD --chown=luser:luser git@github.com:libressl/portable.git#v${LIBRESSL_VERSION} libressl
 ADD --chown=luser:luser https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz libressl.tgz
 RUN tar -xzf libressl.tgz && mv libressl-${LIBRESSL_VERSION} libressl && rm libressl.tgz
 RUN mkdir -p libressl/build
@@ -55,7 +57,16 @@ RUN cmake -G Ninja -B libressl/build -S libressl \
 	-DBUILD_SHARED_LIBS=OFF
 RUN cmake --build libressl/build
 
+FROM build_stage_1 AS build_stage_2_vanilla
+ARG NGINX_VERSION
 ADD --chown=luser:luser https://github.com/nginx/nginx.git#release-${NGINX_VERSION} /nginx
+
+FROM build_stage_1 AS build_stage_2_woggioni
+ARG NGINX_VERSION
+ADD --chown=luser:luser git@github.com:woggioni/nginx.git#release-${NGINX_VERSION} /nginx
+
+FROM build_stage_2_${NGINX_BRANCH} AS build
+ARG NGINX_BRANCH=vanilla
 ADD --chown=luser:luser https://github.com/openresty/headers-more-nginx-module.git /ngx_headers_more
 ADD --chown=luser:luser https://github.com/google/ngx_brotli.git /ngx_brotli
 USER root