Damien/docker-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: use docker:cli + buildkit daemonless via socket

Browse Source
This commit is contained in:
Damien Arnodo
2025-12-07 18:16:14 +00:00
parent fbab2854c6
commit 55d54d9eda
1 changed files with 26 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
.gitea/workflows/build-images.yml
View File

@@ -58,36 +58,37 @@ jobs:
echo "Has changes: ${{ steps.changes.outputs.has_changes }}" echo "Has changes: ${{ steps.changes.outputs.has_changes }}"
# ============================================================================ # ============================================================================
# Job 2 : Build avec Kaniko (100% containerisé, sans daemon Docker) # Job 2 : Build avec Buildkit via Docker socket
# ============================================================================ # ============================================================================
build: build:
needs: detect-changes needs: detect-changes
if: needs.detect-changes.outputs.has_changes == 'true' if: needs.detect-changes.outputs.has_changes == 'true'
runs-on: docker runs-on: docker
container: container:
image: gcr.io/kaniko-project/executor:debug image: docker:cli
strategy: strategy:
matrix: matrix:
image: ${{ fromJson(needs.detect-changes.outputs.matrix) }} image: ${{ fromJson(needs.detect-changes.outputs.matrix) }}
steps: steps:
- name: Checkout repository - name: Install git and checkout
run: | run: |
# Kaniko debug image has busybox + sh apk add --no-cache git
WORK_DIR="/workspace/source" git clone --depth 1 https://gitea.arnodo.fr/${{ gitea.repository }}.git /src
rm -rf "$WORK_DIR"
mkdir -p "$WORK_DIR"
# Clone with git (included in debug image) - name: Build and push with Buildkit
git clone --depth 1 https://gitea.arnodo.fr/${{ gitea.repository }}.git "$WORK_DIR"
- name: Setup registry auth
env: env:
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
REGISTRY_USER: ${{ gitea.actor }} REGISTRY_USER: ${{ gitea.actor }}
run: | run: |
mkdir -p /kaniko/.docker IMAGE_NAME="${{ env.REGISTRY }}/damien/${{ matrix.image }}"
echo "Building ${IMAGE_NAME}:latest ..."
echo "Context: /src/images/${{ matrix.image }}"
# Create auth config for buildkit
mkdir -p /root/.docker
AUTH=$(echo -n "${REGISTRY_USER}:${REGISTRY_TOKEN}" | base64 | tr -d '\n') AUTH=$(echo -n "${REGISTRY_USER}:${REGISTRY_TOKEN}" | base64 | tr -d '\n')
cat > /kaniko/.docker/config.json <<EOF cat > /root/.docker/config.json <<EOF
{ {
"auths": { "auths": {
"${{ env.REGISTRY }}": { "${{ env.REGISTRY }}": {
@@ -97,20 +98,17 @@ jobs:
} }
EOF EOF
- name: Build and push with Kaniko # Run buildkit in daemonless mode via docker socket
run: | docker run --rm \
IMAGE_NAME="${{ env.REGISTRY }}/damien/${{ matrix.image }}" --privileged \
SHORT_SHA=$(echo "${{ gitea.sha }}" | cut -c1-7) -v /src/images/${{ matrix.image }}:/context:ro \
-v /root/.docker/config.json:/root/.docker/config.json:ro \
echo "Building ${IMAGE_NAME}..." --entrypoint buildctl-daemonless.sh \
moby/buildkit:master \
/kaniko/executor \ build \
--dockerfile=/workspace/source/images/${{ matrix.image }}/Dockerfile \ --frontend dockerfile.v0 \
--context=/workspace/source/images/${{ matrix.image }} \ --local context=/context \
--destination=${IMAGE_NAME}:latest \ --local dockerfile=/context \
--destination=${IMAGE_NAME}:${SHORT_SHA} \ --output type=image,name=${IMAGE_NAME}:latest,push=true
--cache=true \
--cache-repo=${IMAGE_NAME}-cache
echo "✅ Pushed ${IMAGE_NAME}:latest" echo "✅ Pushed ${IMAGE_NAME}:latest"
echo "✅ Pushed ${IMAGE_NAME}:${SHORT_SHA}"