ci: implement Docker image CI/CD workflow

- Add a new GitHub Actions workflow for Docker image creation and push
- Trigger the workflow on push to main branch and tags starting with 'v'
- Trigger the workflow on pull requests to the main branch
- Define environment variable `BUILDKIT_NO_CLIENT_TOKEN`
- Set up the workflow to run on `ubuntu-latest` with a specific container image
- Include steps for checking out the code, setting up QEMU, and Docker Buildx
- Configure Docker Buildx with debug mode and insecure entitlements
- Add steps to log in to Docker Hub using secrets for username and password
- Generate Docker image tags based on semantic versioning and push conditionally on event type
- Build and push Docker image specifying the platform, Dockerfile location, and tag and label metadata
- Disable provenance and SBOM (Software Bill of Materials) generation in the build-push action

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

.gitea/workflows/docker.yml

@@ -0,0 +1,72 @@
+name: Docker Image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "v*"
+  pull_request:
+    branches:
+      - "main"
+
+env:
+  BUILDKIT_NO_CLIENT_TOKEN: 1
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # all history for all branches and tags
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Setup docker context for buildx
+        id: buildx-context
+        run: docker context create builders || docker context use builders
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          endpoint: builders
+          config-inline: |
+            debug = true
+            insecure-entitlements = [ "network.host", "security.insecure" ]
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Docker meta
+        id: docker-meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            gitea/example-go
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        env:
+          ACTIONS_RUNTIME_TOKEN: ""
+        with:
+          context: .
+          platforms: linux/amd64
+          file: docker/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker-meta.outputs.tags }}
+          labels: ${{ steps.docker-meta.outputs.labels }}
+          provenance: false
+          sbom: false