From e930f2dea6fed1259867e649dfadcfc8be80128d Mon Sep 17 00:00:00 2001
From: Damien Arnodo <damien@noreply.localhost>
Date: Sun, 7 Dec 2025 18:20:21 +0000
Subject: [PATCH] refactor: run git clone + build inside single buildkit
 container

---
 .gitea/workflows/build-images.yml | 73 ++++++++++++++-----------------
 1 file changed, 33 insertions(+), 40 deletions(-)

diff --git a/.gitea/workflows/build-images.yml b/.gitea/workflows/build-images.yml
index 2f6c050..cf33876 100644
--- a/.gitea/workflows/build-images.yml
+++ b/.gitea/workflows/build-images.yml
@@ -58,7 +58,7 @@ jobs:
           echo "Has changes: ${{ steps.changes.outputs.has_changes }}"
 
   # ============================================================================
-  # Job 2 : Build avec Buildkit via Docker socket
+  # Job 2 : Build avec Buildkit (tout dans un seul container)
   # ============================================================================
   build:
     needs: detect-changes
@@ -70,59 +70,52 @@ jobs:
       matrix:
         image: ${{ fromJson(needs.detect-changes.outputs.matrix) }}
     steps:
-      - name: Install git and checkout
-        run: |
-          apk add --no-cache git
-          git clone --depth 1 https://gitea.arnodo.fr/${{ gitea.repository }}.git /src
-
       - name: Build and push with Buildkit
         env:
           REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
           REGISTRY_USER: ${{ gitea.actor }}
         run: |
           IMAGE_NAME="${{ env.REGISTRY }}/damien/${{ matrix.image }}"
+          REPO_URL="https://gitea.arnodo.fr/${{ gitea.repository }}.git"
+          IMAGE_PATH="images/${{ matrix.image }}"
           
           echo "Building ${IMAGE_NAME}:latest ..."
           
-          # Create a unique volume name for this build
-          VOLUME_NAME="buildkit-ctx-$$"
-          
-          # Create a docker volume and copy source into it
-          docker volume create ${VOLUME_NAME}
-          docker run --rm -v ${VOLUME_NAME}:/context -v /src/images/${{ matrix.image }}:/src:ro alpine sh -c "cp -r /src/* /context/"
-          
-          # Create auth config in another volume
-          AUTH_VOLUME="buildkit-auth-$$"
-          docker volume create ${AUTH_VOLUME}
-          AUTH=$(echo -n "${REGISTRY_USER}:${REGISTRY_TOKEN}" | base64 | tr -d '\n')
-          docker run --rm -v ${AUTH_VOLUME}:/auth alpine sh -c "mkdir -p /auth && cat > /auth/config.json << 'AUTHEOF'
+          # Tout se passe dans le container buildkit : clone + build + push
+          docker run --rm --privileged \
+            moby/buildkit:master \
+            sh -c "
+              set -e
+              
+              # Install git
+              apk add --no-cache git
+              
+              # Clone repo
+              git clone --depth 1 ${REPO_URL} /src
+              
+              # Setup registry auth
+              mkdir -p /root/.docker
+              AUTH=\$(echo -n '${REGISTRY_USER}:${REGISTRY_TOKEN}' | base64 | tr -d '\n')
+              cat > /root/.docker/config.json <<EOF
           {
             \"auths\": {
               \"${{ env.REGISTRY }}\": {
-                \"auth\": \"${AUTH}\"
+                \"auth\": \"\${AUTH}\"
               }
             }
           }
-          AUTHEOF"
-          
-          # Debug: show context content
-          echo "Context content:"
-          docker run --rm -v ${VOLUME_NAME}:/context alpine ls -la /context/
-          
-          # Run buildkit in daemonless mode
-          docker run --rm \
-            --privileged \
-            -v ${VOLUME_NAME}:/context:ro \
-            -v ${AUTH_VOLUME}:/root/.docker:ro \
-            --entrypoint buildctl-daemonless.sh \
-            moby/buildkit:master \
-              build \
-              --frontend dockerfile.v0 \
-              --local context=/context \
-              --local dockerfile=/context \
-              --output type=image,name=${IMAGE_NAME}:latest,push=true
-          
-          # Cleanup volumes
-          docker volume rm ${VOLUME_NAME} ${AUTH_VOLUME} || true
+          EOF
+              
+              # Debug
+              echo 'Context content:'
+              ls -la /src/${IMAGE_PATH}/
+              
+              # Build and push
+              buildctl-daemonless.sh build \
+                --frontend dockerfile.v0 \
+                --local context=/src/${IMAGE_PATH} \
+                --local dockerfile=/src/${IMAGE_PATH} \
+                --output type=image,name=${IMAGE_NAME}:latest,push=true
+            "
           
           echo "✅ Pushed ${IMAGE_NAME}:latest"