Custom Kaniko image (from Google’s debug variant) for Forgejo Actions: build & push container images in CI/CD by just setting env vars—no Docker daemon needed. https://git.van-hemmen.com/actions/kaniko
Find a file
Guillaume B.B. Van Hemmen 47dac6b4ef - Add logging of environment variables and build actions
This change introduces logging of key environment variables used during the build process, with sensitive values partially masked for security. It also provides clear messaging on whether the build includes a push to the registry, improving transparency and debugging capabilities.
2025-05-19 13:18:13 +02:00
.forgejo/workflows - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
build.sh - Add logging of environment variables and build actions 2025-05-19 13:18:13 +02:00
CODE_OF_CONDUCT.md - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
CONTRIBUTING.md - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
Dockerfile - Change Dockerfile to run as root user 2025-05-19 12:55:56 +02:00
LICENSE - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
README.md - Update Kaniko configuration and document environment variables () 2025-05-19 10:18:03 +00:00

kaniko (action)

CI License

Custom Kaniko image (forked from Googles gcr.io/kaniko-project/executor:debug) for Forgejo Actions.
Build & push OCI-compatible container images in your pipelines without a Docker daemon. Just set a few environment variables.


Highlights

Feature Benefit
Daemon-less builds Works in completely rootless, container-only environments
Debug base Includes /shell & common tools for troubleshooting
Registry-agnostic Push to Docker Hub, GHCR, Harbor, Quay, Google Artifact Registry, etc.
Small wrapper script Autodetects credentials and common env-var combos

Image tags

Tag Base Intended use
latest Google debug executor General CI pipelines

Quick start

# .forgejo/workflows/build.yaml
name: Build & push image

on:
  push:
    branches: [ main ]

jobs:
  build:
    runs-on: docker
    container:
      image: git.van-hemmen.com/actions/kaniko:latest
    steps:
      - name: Build & push with Kaniko
        env:
          # --- mandatory --------------------------------------------------------
          KANIKO_CONTEXT: git://git.van-hemmen.com/actions/kaniko.git
          GITHUB_REF_NAME: ${{ github.ref_name }}
          GIT_USERNAME:    ${{ secrets.GIT_USERNAME }}
          GIT_PASSWORD:    ${{ secrets.GIT_PASSWORD }}
    
          # --- optional (only needed when you plan to push) ---------------------
          REGISTRY_HOST:   ghcr.io
          REGISTRY_USER:   ${{ secrets.REGISTRY_USER }}
          REGISTRY_PASS:   ${{ secrets.REGISTRY_PASS }}
          KANIKO_DESTINATION: ghcr.io/myorg/myapp:${{ github.sha }}
    
          # --- fine-tuning ------------------------------------------------------
          KANIKO_DOCKERFILE: ./Dockerfile
          KANIKO_VERBOSITY:  info

Environment variables

Variable Required Purpose Example value
KANIKO_CONTEXT Yes Build context (git://). git://git.van-hemmen.com/actions/kaniko.git
GITHUB_REF_NAME Yes Branch or tag that is being built. ${{ github.ref_name }}
GIT_USERNAME Yes Username with access to KANIKO_CONTEXT when it is private. ${{ secrets.GIT_USERNAME }}
GIT_PASSWORD Yes Token/password paired with GIT_USERNAME. ${{ secrets.GIT_PASSWORD }}
REGISTRY_HOST No (default git.van-hemmen.com) Target registry hostname. ghcr.io
REGISTRY_USER No* Registry username. Enables push only if both REGISTRY_USER and REGISTRY_PASS are set. ${{ secrets.REGISTRY_USER }}
REGISTRY_PASS No* Registry password/token. ${{ secrets.REGISTRY_PASS }}
KANIKO_DESTINATION No Comma-separated list of image references to push (variables like ${{ github.sha }} are expanded). ghcr.io/myorg/app:${{ github.sha }},ghcr.io/myorg/app:latest
KANIKO_DOCKERFILE No (default ./Dockerfile) Path to the Dockerfile relative to the context. ./docker/Dockerfile.alpine
KANIKO_VERBOSITY No (default info) Log level (trace, debug, info, warn, error, fatal, panic). debug

* REGISTRY_USER / REGISTRY_PASS are only needed when the registry requires authentication.