From 9f58cec1e4ca41d7b6d33c14be89b52735901da2 Mon Sep 17 00:00:00 2001
From: gitea <the.dark.mist23@gmail.com>
Date: Thu, 27 Nov 2025 11:08:06 +0000
Subject: [PATCH] artifacts implemented in cicd

---
 .gitea/workflows/cicd.yaml | 45 +++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml
index 32445b4..4735f5e 100644
--- a/.gitea/workflows/cicd.yaml
+++ b/.gitea/workflows/cicd.yaml
@@ -1,4 +1,5 @@
-name: Build and Deploy Demo App
+# .gitea/workflows/cicd.yaml
+name: Build and Deploy Demo App (Artifacts)
 
 on:
   push:
@@ -21,7 +22,7 @@ jobs:
       - name: Install deps
         run: pip install -r requirements.txt
 
-      - name: Run tests
+      - name: Run tests (SQLite fallback)
         env:
           DB_USER: ""   # force SQLite fallback in app.py
           DB_PASS: ""
@@ -39,6 +40,17 @@ jobs:
       - name: Build Docker image
         run: docker build -t demo-app:latest .
 
+      - name: Save Docker image to tar
+        run: docker save demo-app:latest > demo-app.tar
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: demo-image
+          path: demo-app.tar
+          if-no-files-found: error
+          # retention-days: 7  # optional; depends on your Gitea settings
+
   # ---------- SCAN ----------
   scan:
     needs: build
@@ -47,11 +59,16 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      # Rebuild image in this job so it's available locally
-      - name: Build Docker image for scan
-        run: docker build -t demo-app:latest .
+      - name: Download image artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: demo-image
+          path: .
 
-      # Trivy via Docker (no GitHub/Gitea action)
+      - name: Load Docker image from artifact
+        run: docker load -i demo-app.tar
+
+      # Trivy via Docker (no marketplace action needed)
       - name: Scan image with Trivy
         run: |
           docker run --rm \
@@ -67,12 +84,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      # Rebuild image for deployment
-      - name: Build Docker image for deploy
-        run: docker build -t demo-app:latest .
-
-      - name: Save Docker image to tar
-        run: docker save demo-app:latest > demo-app.tar
+      - name: Download image artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: demo-image
+          path: .
 
       - name: Set up SSH
         run: |
@@ -115,7 +131,7 @@ jobs:
             echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
 
             # Load the new image from the tarball
-            docker load -i demo-app.tar
+            docker load -I demo-app.tar || docker load -i demo-app.tar  # compatibility
 
             # Make sure we actually have a compose file here
             if [ ! -f docker-compose.yml ]; then
@@ -129,6 +145,5 @@ jobs:
             docker compose -f docker-compose.yml --env-file .env up -d --remove-orphans
 
             # Clean up
-            rm demo-app.tar
+            rm -f demo-app.tar
           EOF
-