Custom Kaniko image (from Google’s debug variant) for Forgejo Actions: build & push container images in CI/CD by just setting env vars—no Docker daemon needed. https://git.van-hemmen.com/actions/kaniko
Find a file
Guillaume B.B. Van Hemmen 503ef5c8df Update variable name from GITHUB_REF_NAME to GIT_REF_NAME
Standardize the environment variable naming for consistency across documentation and scripts. Updated all references in README.md and build.sh, ensuring functionality remains intact.
2025-05-19 13:21:19 +02:00
.forgejo/workflows - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
build.sh Update variable name from GITHUB_REF_NAME to GIT_REF_NAME 2025-05-19 13:21:19 +02:00
CODE_OF_CONDUCT.md - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
CONTRIBUTING.md - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
Dockerfile - Change Dockerfile to run as root user 2025-05-19 12:55:56 +02:00
LICENSE - Add custom Kaniko builder and CI workflows () 2025-05-19 09:48:07 +00:00
README.md Update variable name from GITHUB_REF_NAME to GIT_REF_NAME 2025-05-19 13:21:19 +02:00

kaniko (action)

CI License

Custom Kaniko image (forked from Googles gcr.io/kaniko-project/executor:debug) for Forgejo Actions.
Build & push OCI-compatible container images in your pipelines without a Docker daemon. Just set a few environment variables.


Highlights

Feature Benefit
Daemon-less builds Works in completely rootless, container-only environments
Debug base Includes /shell & common tools for troubleshooting
Registry-agnostic Push to Docker Hub, GHCR, Harbor, Quay, Google Artifact Registry, etc.
Small wrapper script Autodetects credentials and common env-var combos

Image tags

Tag Base Intended use
latest Google debug executor General CI pipelines

Quick start

# .forgejo/workflows/build.yaml
name: Build & push image

on:
  push:
    branches: [ main ]

jobs:
  build:
    runs-on: docker
    container:
      image: git.van-hemmen.com/actions/kaniko:latest
    steps:
      - name: Build & push with Kaniko
        env:
          # --- mandatory --------------------------------------------------------
          KANIKO_CONTEXT: git://git.van-hemmen.com/actions/kaniko.git
          GIT_REF_NAME: ${{ github.ref_name }}
          GIT_USERNAME:    ${{ secrets.GIT_USERNAME }}
          GIT_PASSWORD:    ${{ secrets.GIT_PASSWORD }}
    
          # --- optional (only needed when you plan to push) ---------------------
          REGISTRY_HOST:   ghcr.io
          REGISTRY_USER:   ${{ secrets.REGISTRY_USER }}
          REGISTRY_PASS:   ${{ secrets.REGISTRY_PASS }}
          KANIKO_DESTINATION: ghcr.io/myorg/myapp:${{ github.sha }}
    
          # --- fine-tuning ------------------------------------------------------
          KANIKO_DOCKERFILE: ./Dockerfile
          KANIKO_VERBOSITY:  info

Environment variables

Variable Required Purpose Example value
KANIKO_CONTEXT Yes Build context (git://). git://git.van-hemmen.com/actions/kaniko.git
GIT_REF_NAME Yes Branch or tag that is being built. ${{ github.ref_name }}
GIT_USERNAME Yes Username with access to KANIKO_CONTEXT when it is private. ${{ secrets.GIT_USERNAME }}
GIT_PASSWORD Yes Token/password paired with GIT_USERNAME. ${{ secrets.GIT_PASSWORD }}
REGISTRY_HOST No (default git.van-hemmen.com) Target registry hostname. ghcr.io
REGISTRY_USER No* Registry username. Enables push only if both REGISTRY_USER and REGISTRY_PASS are set. ${{ secrets.REGISTRY_USER }}
REGISTRY_PASS No* Registry password/token. ${{ secrets.REGISTRY_PASS }}
KANIKO_DESTINATION No Comma-separated list of image references to push (variables like ${{ github.sha }} are expanded). ghcr.io/myorg/app:${{ github.sha }},ghcr.io/myorg/app:latest
KANIKO_DOCKERFILE No (default ./Dockerfile) Path to the Dockerfile relative to the context. ./docker/Dockerfile.alpine
KANIKO_VERBOSITY No (default info) Log level (trace, debug, info, warn, error, fatal, panic). debug

* REGISTRY_USER / REGISTRY_PASS are only needed when the registry requires authentication.