🔧 chore(ci): update build workflow configuration

- remove container setup from lint job
- switch to manual Node.js installation
- add detailed sonar-scanner setup and execution steps
- introduce docker job with buildx setup and registry login

.forgejo/workflows/build.yml

@@ -15,10 +15,6 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
       - name: Install dependencies
         run: npm ci
       - name: Run ESLint
@@ -32,10 +28,12 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Setup Node.js
+      - name: Install Node.js
-        uses: actions/setup-node@v4
+        run: |
-        with:
+          apt-get update
-          node-version: 20
+          apt-get install -y curl
+          curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+          apt-get install -y nodejs
       - name: Install Sonar Scanner (npm)
         run: npm install -g sonarqube-scanner
       - name: SonarQube Scan
@@ -95,6 +93,66 @@ jobs:
           docker buildx build --load \
             -t "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}" .
 
+      - name: Push image
+        run: |
+          docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"
+        run: |
+
+
+
+
+          WORKDIR=${GITHUB_WORKSPACE:-$PWD}
+          HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
+          BRANCH_NAME=${GITHUB_REF#refs/heads/}
+          PROJECT_KEY=${SONAR_PROJECT_KEY:-}
+          if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
+            PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
+          fi
+          if [ -z "$PROJECT_KEY" ]; then
+            echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
+            exit 1
+          fi
+          echo "Sonar project key: $PROJECT_KEY"
+          echo "Listing workspace:"
+          ls -la
+          echo "Sample files:"
+          find . -maxdepth 2 -type f | head -n 20
+          echo "Running local sonar-scanner..."
+          set -- \
+            -Dsonar.host.url="$HOST_URL" \
+            -Dsonar.token="$SONAR_TOKEN" \
+            -Dsonar.projectKey="$PROJECT_KEY" \
+            -Dsonar.sources=. \
+            -Dsonar.scm.disabled=true \
+            -Dsonar.projectBaseDir="$WORKDIR"
+
+          if [ "${SONAR_ENABLE_BRANCH:-}" = "true" ]; then
+            set -- "$@" -Dsonar.branch.name="$BRANCH_NAME"
+          else
+            echo "Branch analysis disabled (requires SonarQube Developer Edition)"
+          fi
+
+          sonar-scanner "$@"
+
+  docker:
+    needs: [lint, sonar]
+    runs-on: self-hosted
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to registry
+        run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin
+      - name: Build image
+        run: |
+
+          docker buildx build --load \
+            -t "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}" .
+
+
       - name: Push image
         run: |
           docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"