From e3ced2cfe9fc844f44fc2ee98fc9d200a7cc7941 Mon Sep 17 00:00:00 2001
From: paring <paringchan@proton.me>
Date: Mon, 5 Jan 2026 23:07:40 +0900
Subject: [PATCH] ci

---
 .forgejo/workflows/build.yaml | 85 +++++++++++++++++++++++++++++++++++
 Dockerfile                    |  9 ++++
 2 files changed, 94 insertions(+)
 create mode 100644 .forgejo/workflows/build.yaml
 create mode 100644 Dockerfile

diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml
new file mode 100644
index 0000000..ad79aae
--- /dev/null
+++ b/.forgejo/workflows/build.yaml
@@ -0,0 +1,85 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+env:
+  REGISTRY: oci.pari.ng
+  IMAGE_NAME: library/paringboard
+
+permissions:
+  packages: write
+  contents: read
+
+jobs:
+  build:
+    container:
+      image: ghcr.io/catthehacker/ubuntu:rust-latest
+    runs-on: docker
+    name: Build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.rustup
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-rust-${{ hashFiles('**/Cargo.lock') }}
+      - name: Setup rust
+        run: |
+          rustup target add x86_64-unknown-linux-musl
+          rustup toolchain install nightly --profile minimal --target x86_64-unknown-linux-musl
+      - name: Build
+        run: cargo build --release --locked --target x86_64-unknown-linux-musl
+      - name: Strip
+        run: strip target/x86_64-unknown-linux-musl/release/paringboard
+      - name: Upload artifacts
+        uses: forgejo/upload-artifact@v4
+        with:
+          name: build-${{ matrix.name }}
+          path: |
+            target/x86_64-unknown-linux-musl/release/paringboard
+  docker:
+    runs-on: docker
+    needs: build
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            Dockerfile
+      - uses: forgejo/download-artifact@v4
+        name: Download amd64 artifacts
+        with:
+          name: build-linux-amd64
+          path: linux/amd64
+      - name: Login to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          file: Dockerfile
+          push: true
+          context: "."
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha
+          provenance: false
+          sbom: false
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..563fe6b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,9 @@
+FROM alpine:latest
+
+ARG TARGETPLATFORM
+
+COPY $TARGETPLATFORM/paringboard bin/
+
+RUN chmod +x bin/paringboard
+
+USER 1000:1000