Damien/docker-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: use docker:cli + buildkit daemonless via socket

Browse Source
This commit is contained in:
Damien Arnodo
2025-12-07 18:16:14 +00:00
parent fbab2854c6
commit 55d54d9eda
1 changed files with 26 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
.gitea/workflows/build-images.yml
View File

@@ -58,36 +58,37 @@ jobs:
echo "Has changes: ${{ steps.changes.outputs.has_changes }}" echo "Has changes: ${{ steps.changes.outputs.has_changes }}"
# ============================================================================ # ============================================================================
# Job 2 : Build avec Kaniko (100% containerisé, sans daemon Docker) # Job 2 : Build avec Buildkit via Docker socket
# ============================================================================ # ============================================================================
build: build:
needs: detect-changes needs: detect-changes
if: needs.detect-changes.outputs.has_changes == 'true' if: needs.detect-changes.outputs.has_changes == 'true'
runs-on: docker runs-on: docker
container: container:
image: gcr.io/kaniko-project/executor:debug image: docker:cli
strategy: strategy:
matrix: matrix:
image: ${{ fromJson(needs.detect-changes.outputs.matrix) }} image: ${{ fromJson(needs.detect-changes.outputs.matrix) }}
steps: steps:
- name: Checkout repository - name: Install git and checkout
run: | run: |
# Kaniko debug image has busybox + sh apk add --no-cache git
WORK_DIR="/workspace/source" git clone --depth 1 https://gitea.arnodo.fr/${{ gitea.repository }}.git /src
rm -rf "$WORK_DIR"
mkdir -p "$WORK_DIR"
# Clone with git (included in debug image)
git clone --depth 1 https://gitea.arnodo.fr/${{ gitea.repository }}.git "$WORK_DIR"
- name: Setup registry auth - name: Build and push with Buildkit
env: env:
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
REGISTRY_USER: ${{ gitea.actor }} REGISTRY_USER: ${{ gitea.actor }}
run: | run: |
mkdir -p /kaniko/.docker IMAGE_NAME="${{ env.REGISTRY }}/damien/${{ matrix.image }}"
echo "Building ${IMAGE_NAME}:latest ..."
echo "Context: /src/images/${{ matrix.image }}"
# Create auth config for buildkit
mkdir -p /root/.docker
AUTH=$(echo -n "${REGISTRY_USER}:${REGISTRY_TOKEN}" | base64 | tr -d '\n') AUTH=$(echo -n "${REGISTRY_USER}:${REGISTRY_TOKEN}" | base64 | tr -d '\n')
cat > /kaniko/.docker/config.json <<EOF cat > /root/.docker/config.json <<EOF
{ {
"auths": { "auths": {
"${{ env.REGISTRY }}": { "${{ env.REGISTRY }}": {
@@ -96,21 +97,18 @@ jobs:
} }
} }
EOF EOF
- name: Build and push with Kaniko
run: |
IMAGE_NAME="${{ env.REGISTRY }}/damien/${{ matrix.image }}"
SHORT_SHA=$(echo "${{ gitea.sha }}" | cut -c1-7)
echo "Building ${IMAGE_NAME}..." # Run buildkit in daemonless mode via docker socket
docker run --rm \
/kaniko/executor \ --privileged \
--dockerfile=/workspace/source/images/${{ matrix.image }}/Dockerfile \ -v /src/images/${{ matrix.image }}:/context:ro \
--context=/workspace/source/images/${{ matrix.image }} \ -v /root/.docker/config.json:/root/.docker/config.json:ro \
--destination=${IMAGE_NAME}:latest \ --entrypoint buildctl-daemonless.sh \
--destination=${IMAGE_NAME}:${SHORT_SHA} \ moby/buildkit:master \
--cache=true \ build \
--cache-repo=${IMAGE_NAME}-cache --frontend dockerfile.v0 \
--local context=/context \
--local dockerfile=/context \
--output type=image,name=${IMAGE_NAME}:latest,push=true
echo "✅ Pushed ${IMAGE_NAME}:latest" echo "✅ Pushed ${IMAGE_NAME}:latest"
echo "✅ Pushed ${IMAGE_NAME}:${SHORT_SHA}"