Sure! I use Kaniko (Although I see now that it’s not maintained anymore). I’ll probably pull the image in locally to protect it…
Kaniko does the Docker in Docker, and I found an action that I use, but it looks like that was taken down… Luckily I archived it! Make an action in Forgejo (I have an infrastructure group that I add public repos to for actions. So this one is called action-koniko-build and all it has is this action.yml file in it:
name: Kaniko
description: Build a container image using Kaniko
inputs:
Dockerfile:
description: The Dockerfile to pass to Kaniko
required: true
image:
description: Name and tag under which to upload the image
required: true
registry:
description: Domain of the registry. Should be the same as the first path component of the tag.
required: true
username:
description: Username for the container registry
required: true
password:
description: Password for the container registry
required: true
context:
description: Workspace for the build
required: true
runs:
using: docker
image: docker://gcr.io/kaniko-project/executor:debug
entrypoint: /bin/sh
args:
- -c
- |
mkdir -p /kaniko/.docker
echo '{"auths":{"${{ inputs.registry }}":{"auth":"'$(printf "%s:%s" "${{ inputs.username }}" "${{ inputs.password }}" | base64 | tr -d '\n')'"}}}' > /kaniko/.docker/config.json
echo Config file follows!
cat /kaniko/.docker/config.json
/kaniko/executor --insecure --dockerfile ${{ inputs.Dockerfile }} --destination ${{ inputs.image }} --context dir://${{ inputs.context }}
Then, you can use it directly like:
name: Build and Deploy Docker Image
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: docker
steps:
# Checkout the repository
- name: Checkout code
uses: actions/checkout@v3
- name: Get current date # This is just how I label my containers, do whatever you prefer
id: date
run: echo "::set-output name=date::$(date '+%Y%m%d-%H%M')"
- uses: path.to.your.forgejo.instance:port/infrastructure/action-koniko-build@main # This is what I said above, it references your infrastructure action, on the main branch
with:
Dockerfile: cluster/charts/auth/operator/Dockerfile
image: path.to.your.forgejo.instance:port/group/repo:${{ steps.date.outputs.date }}
registry: path.to.your.forgejo.instance:port/v1
username: ${{ env.GITHUB_ACTOR }}
password: ${{ secrets.RUNNER_TOKEN }} # I haven't found a good secret option that works well, I should see if they have fixed the built-in token
context: ${{ env.GITHUB_WORKSPACE }}
I run my runners in Kubernetes in the same cluster as my forgejo instance, so this all hooks up pretty easy. Lmk if you want to see that at all if it’s relevant. The big thing is that you’ll need to have them be Privileged, and there’s some complicated stuff where you need to run both the runner and the “dind” container together.
Of course! Let me know how you run your containers and I may be able to help on that side too