From a48447a6b2e6acf421e8634ac76814fa8d01c0f3 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Thu, 1 Feb 2024 10:33:12 +0100
Subject: [PATCH 1/3] Add github action workflow for manual security builds
 (#29040)

---
 .github/workflows/build-security.yml | 62 ++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 .github/workflows/build-security.yml

diff --git a/.github/workflows/build-security.yml b/.github/workflows/build-security.yml
new file mode 100644
index 0000000000..cc9bae9227
--- /dev/null
+++ b/.github/workflows/build-security.yml
@@ -0,0 +1,62 @@
+name: Build security nightly container image
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  compute-suffix:
+    runs-on: ubuntu-latest
+    if: github.repository == 'mastodon/mastodon'
+    steps:
+      - id: version_vars
+        env:
+          TZ: Etc/UTC
+        run: |
+          echo mastodon_version_prerelease=nightly.$(date --date='next day' +'%Y-%m-%d')-security>> $GITHUB_OUTPUT
+    outputs:
+      prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }}
+
+  build-image:
+    needs: compute-suffix
+    uses: ./.github/workflows/build-container-image.yml
+    with:
+      file_to_build: Dockerfile
+      platforms: linux/amd64,linux/arm64
+      use_native_arm64_builder: true
+      cache: false
+      push_to_images: |
+        tootsuite/mastodon
+        ghcr.io/mastodon/mastodon
+      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
+      labels: |
+        org.opencontainers.image.description=Nightly build image used for testing purposes
+      flavor: |
+        latest=auto
+      tags: |
+        type=raw,value=edge
+        type=raw,value=nightly
+        type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }}
+    secrets: inherit
+
+  build-image-streaming:
+    needs: compute-suffix
+    uses: ./.github/workflows/build-container-image.yml
+    with:
+      file_to_build: streaming/Dockerfile
+      platforms: linux/amd64,linux/arm64
+      use_native_arm64_builder: true
+      cache: false
+      push_to_images: |
+        tootsuite/mastodon-streaming
+        ghcr.io/mastodon/mastodon-streaming
+      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
+      labels: |
+        org.opencontainers.image.description=Nightly build image used for testing purposes
+      flavor: |
+        latest=auto
+      tags: |
+        type=raw,value=edge
+        type=raw,value=nightly
+        type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }}
+    secrets: inherit

From 85bdd145dc9aee5ae003126c9fd4e490215f7a9a Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Thu, 1 Feb 2024 10:40:04 +0100
Subject: [PATCH 2/3] Adapt workflow to glitch-soc

---
 .github/workflows/build-security.yml | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-security.yml b/.github/workflows/build-security.yml
index cc9bae9227..fbc85f52eb 100644
--- a/.github/workflows/build-security.yml
+++ b/.github/workflows/build-security.yml
@@ -7,7 +7,6 @@ permissions:
 jobs:
   compute-suffix:
     runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
     steps:
       - id: version_vars
         env:
@@ -26,8 +25,7 @@ jobs:
       use_native_arm64_builder: true
       cache: false
       push_to_images: |
-        tootsuite/mastodon
-        ghcr.io/mastodon/mastodon
+        ghcr.io/${{ github.repository_owner }}/mastodon
       version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
       labels: |
         org.opencontainers.image.description=Nightly build image used for testing purposes
@@ -45,11 +43,10 @@ jobs:
     with:
       file_to_build: streaming/Dockerfile
       platforms: linux/amd64,linux/arm64
-      use_native_arm64_builder: true
+      use_native_arm64_builder: false
       cache: false
       push_to_images: |
-        tootsuite/mastodon-streaming
-        ghcr.io/mastodon/mastodon-streaming
+        ghcr.io/${{ github.repository_owner }}/mastodon
       version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
       labels: |
         org.opencontainers.image.description=Nightly build image used for testing purposes

From 883f5896534a74399740766848323e7d59d5464c Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Thu, 1 Feb 2024 10:52:01 +0100
Subject: [PATCH 3/3] Fix missing `workflow_dispatch` trigger for
 `build-security` (#29041)

---
 .github/workflows/build-security.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-security.yml b/.github/workflows/build-security.yml
index fbc85f52eb..00944daeb3 100644
--- a/.github/workflows/build-security.yml
+++ b/.github/workflows/build-security.yml
@@ -1,4 +1,6 @@
 name: Build security nightly container image
+on:
+  workflow_dispatch:
 
 permissions:
   contents: read