1
0
Fork 0

Build Docker image with Kaniko

This eliminates the dependency on the host Docker daemon, thus allowing
us to no longer mount it to the runner's workloads and thus securing
everything.
This commit is contained in:
TheAssassin 2024-06-01 14:49:57 +02:00
parent d94d9cfc1f
commit efefc01be6
1 changed files with 19 additions and 16 deletions

View File

@ -1,4 +1,5 @@
name: Build and publish Docker image name: Build and publish Docker image
on: on:
push: push:
pull_request: pull_request:
@ -19,28 +20,30 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Log in to registry - name: Generate suitable tag for kaniko
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image - name: Extract tag for kaniko action
uses: docker/build-push-action@v5 id: tag
env:
TAG: ${{ steps.meta.outputs.tags[0] }}
run: |
echo "::set-output name=tag::${TAG##*:}"
- name: Build Docker image with kaniko
uses: https://code.thetadev.de/ThetaDev/action-kaniko@dbb8da86cf2d498dde8ec1b3be967ceda17a21ff
with: with:
context: . image: ${{ env.IMAGE_NAME }}
push: true registry: ${{ env.REGISTRY }}
tags: ${{ steps.meta.outputs.tags }} username: ${{ secrets.DOCKER_USERNAME }}
labels: ${{ steps.meta.outputs.labels }} password: ${{ secrets.DOCKER_PASSWORD }}
platforms: | tag: ${{ steps.tag.outputs.tag }}
linux/amd64 platforms: linux/amd64
tag_with_latest: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
- name: Trigger redeployment - name: Trigger redeployment
if: gitea.ref == 'refs/heads/main' if: gitea.ref == 'refs/heads/main'