Custom Kaniko image (from Google’s debug variant) for Forgejo Actions: build & push container images in CI/CD by just setting env vars—no Docker daemon needed.
https://git.van-hemmen.com/actions/kaniko
Guillaume B.B. Van Hemmen
3263260a54
Included the `/bin/build.sh` script in the CI steps to ensure the build process is properly executed. This change supports the pipeline's functionality and aligns with updated build requirements. |
||
|---|---|---|
| .forgejo/workflows | ||
| build.sh | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
kaniko (action)
Custom Kaniko image (forked from Google’s gcr.io/kaniko-project/executor:debug) for Forgejo Actions.
Build & push OCI-compatible container images in your pipelines without a Docker daemon. Just set a few environment variables.
Highlights
| Feature | Benefit |
|---|---|
| Daemon-less builds | Works in completely rootless, container-only environments |
| Debug base | Includes /shell & common tools for troubleshooting |
| Registry-agnostic | Push to Docker Hub, GHCR, Harbor, Quay, Google Artifact Registry, etc. |
| Small wrapper script | Autodetects credentials and common env-var combos |
Image tags
| Tag | Base | Intended use |
|---|---|---|
latest |
Google debug executor |
General CI pipelines |
Quick start
# .forgejo/workflows/build.yaml
name: Build & push image
on:
push:
branches: [ main ]
jobs:
build:
runs-on: docker
container:
image: git.van-hemmen.com/actions/kaniko:latest
steps:
- name: Build & push with Kaniko
run: /bin/build.sh
env:
# --- mandatory --------------------------------------------------------
KANIKO_CONTEXT: git://git.van-hemmen.com/actions/kaniko.git
GIT_REF_NAME: ${{ github.ref_name }}
GIT_USERNAME: ${{ secrets.docker_username }}
GIT_PASSWORD: ${{ secrets.access_token }}
# --- optional (only needed when you plan to push) ---------------------
REGISTRY_HOST: ghcr.io
REGISTRY_USER: ${{ secrets.docker_username }}
REGISTRY_PASS: ${{ secrets.access_token }}
KANIKO_DESTINATION: git.van-hemmen.com/myorg/myapp:${GITHUB_SHA}
# --- fine-tuning ------------------------------------------------------
KANIKO_DOCKERFILE: ./Dockerfile
KANIKO_VERBOSITY: info
Environment variables
| Variable | Required | Purpose | Example value |
|---|---|---|---|
KANIKO_CONTEXT |
Yes | Build context (git://). |
git://git.van-hemmen.com/actions/kaniko.git |
GIT_REF_NAME |
Yes | Branch or tag that is being built. | ${{ github.ref_name }} |
GIT_USERNAME |
Yes | Username with access to KANIKO_CONTEXT when it is private. |
${{ secrets.GIT_USERNAME }} |
GIT_PASSWORD |
Yes | Token/password paired with GIT_USERNAME. |
${{ secrets.GIT_PASSWORD }} |
REGISTRY_HOST |
No (default git.van-hemmen.com) |
Target registry hostname. | ghcr.io |
REGISTRY_USER |
No* | Registry username. Enables push only if both REGISTRY_USER and REGISTRY_PASS are set. |
${{ secrets.REGISTRY_USER }} |
REGISTRY_PASS |
No* | Registry password/token. | ${{ secrets.REGISTRY_PASS }} |
KANIKO_DESTINATION |
No | Comma-separated list of image references to push (variables like ${{ github.sha }} are expanded). |
ghcr.io/myorg/app:${{ github.sha }},ghcr.io/myorg/app:latest |
KANIKO_DOCKERFILE |
No (default ./Dockerfile) |
Path to the Dockerfile relative to the context. | ./docker/Dockerfile.alpine |
KANIKO_VERBOSITY |
No (default info) |
Log level (trace, debug, info, warn, error, fatal, panic). |
debug |
* REGISTRY_USER / REGISTRY_PASS are only needed when the registry requires authentication.