Guillaume B.B. Van Hemmen
3263260a54
Included the `/bin/build.sh` script in the CI steps to ensure the build process is properly executed. This change supports the pipeline's functionality and aligns with updated build requirements.
82 lines
3.9 KiB
Markdown
82 lines
3.9 KiB
Markdown
# kaniko (action)
|
||
|
||
|
||
|
||
|
||
Custom **Kaniko** image (forked from Google’s `gcr.io/kaniko-project/executor:debug`) for Forgejo Actions.
|
||
Build & push OCI-compatible container images in your pipelines **without** a Docker daemon. Just set a few environment variables.
|
||
|
||
---
|
||
|
||
## Highlights
|
||
|
||
| Feature | Benefit |
|
||
|---------|---------|
|
||
| **Daemon-less builds** | Works in completely rootless, container-only environments |
|
||
| **Debug base** | Includes `/shell` & common tools for troubleshooting |
|
||
| **Registry-agnostic** | Push to Docker Hub, GHCR, Harbor, Quay, Google Artifact Registry, etc. |
|
||
| **Small wrapper script** | Autodetects credentials and common env-var combos |
|
||
|
||
---
|
||
|
||
## Image tags
|
||
|
||
| Tag | Base | Intended use |
|
||
|-----|------|--------------|
|
||
| `latest` | Google `debug` executor | General CI pipelines |
|
||
|
||
---
|
||
|
||
## Quick start
|
||
|
||
```yaml
|
||
# .forgejo/workflows/build.yaml
|
||
name: Build & push image
|
||
|
||
on:
|
||
push:
|
||
branches: [ main ]
|
||
|
||
jobs:
|
||
build:
|
||
runs-on: docker
|
||
container:
|
||
image: git.van-hemmen.com/actions/kaniko:latest
|
||
steps:
|
||
- name: Build & push with Kaniko
|
||
run: /bin/build.sh
|
||
env:
|
||
# --- mandatory --------------------------------------------------------
|
||
KANIKO_CONTEXT: git://git.van-hemmen.com/actions/kaniko.git
|
||
GIT_REF_NAME: ${{ github.ref_name }}
|
||
GIT_USERNAME: ${{ secrets.docker_username }}
|
||
GIT_PASSWORD: ${{ secrets.access_token }}
|
||
|
||
# --- optional (only needed when you plan to push) ---------------------
|
||
REGISTRY_HOST: ghcr.io
|
||
REGISTRY_USER: ${{ secrets.docker_username }}
|
||
REGISTRY_PASS: ${{ secrets.access_token }}
|
||
KANIKO_DESTINATION: git.van-hemmen.com/myorg/myapp:${GITHUB_SHA}
|
||
|
||
# --- fine-tuning ------------------------------------------------------
|
||
KANIKO_DOCKERFILE: ./Dockerfile
|
||
KANIKO_VERBOSITY: info
|
||
|
||
```
|
||
|
||
## Environment variables
|
||
|
||
| Variable | Required | Purpose | Example value |
|
||
|----------|----------|---------|----------------------------------------------------------------|
|
||
| `KANIKO_CONTEXT` | **Yes** | Build context (`git://`). | `git://git.van-hemmen.com/actions/kaniko.git` |
|
||
| `GIT_REF_NAME` | **Yes** | Branch or tag that is being built. | `${{ github.ref_name }}` |
|
||
| `GIT_USERNAME` | **Yes** | Username with access to `KANIKO_CONTEXT` when it is private. | `${{ secrets.GIT_USERNAME }}` |
|
||
| `GIT_PASSWORD` | **Yes** | Token/password paired with `GIT_USERNAME`. | `${{ secrets.GIT_PASSWORD }}` |
|
||
| `REGISTRY_HOST` | No (default `git.van-hemmen.com`) | Target registry hostname. | `ghcr.io` |
|
||
| `REGISTRY_USER` | No* | Registry username. Enables push only if **both** `REGISTRY_USER` and `REGISTRY_PASS` are set. | `${{ secrets.REGISTRY_USER }}` |
|
||
| `REGISTRY_PASS` | No* | Registry password/token. | `${{ secrets.REGISTRY_PASS }}` |
|
||
| `KANIKO_DESTINATION` | No | Comma-separated list of image references to push (variables like `${{ github.sha }}` are expanded). | `ghcr.io/myorg/app:${{ github.sha }},ghcr.io/myorg/app:latest` |
|
||
| `KANIKO_DOCKERFILE` | No (default `./Dockerfile`) | Path to the Dockerfile relative to the context. | `./docker/Dockerfile.alpine` |
|
||
| `KANIKO_VERBOSITY` | No (default `info`) | Log level (`trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`). | `debug` |
|
||
|
||
\* `REGISTRY_USER` / `REGISTRY_PASS` are only needed when the registry requires authentication.
|