From c72c4c0055061cf5dd328c05041d5b4a0f6097f4 Mon Sep 17 00:00:00 2001 From: TheAssassin Date: Sat, 1 Jun 2024 14:49:57 +0200 Subject: [PATCH] Build Docker image with Kaniko This eliminates the dependency on the host Docker daemon, thus allowing us to no longer mount it to the runner's workloads and thus securing everything. --- .gitea/workflows/docker.yml | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index c3f88e3..c56cd7c 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -1,4 +1,5 @@ name: Build and publish Docker image + on: push: pull_request: @@ -19,28 +20,22 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Log in to registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push Docker image - uses: docker/build-push-action@v5 + - name: Build Docker image with kaniko + uses: aevea/action-kaniko@9223ef89b8302afed279fc956849bfd45d7686d2 with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: | - linux/amd64 + image: ${{ env.IMAGE_NAME }} + registry: ${{ env.REGISTRY }} + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + tag: ${{ steps.meta.outputs.tags }} + platforms: linux/amd64 + tag_with_latest: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} - name: Trigger redeployment if: gitea.ref == 'refs/heads/main'