diff --git a/.gitea/workflows/build-image.yaml b/.gitea/workflows/build-image.yaml index 7341712..e9930e3 100644 --- a/.gitea/workflows/build-image.yaml +++ b/.gitea/workflows/build-image.yaml @@ -16,13 +16,18 @@ on: jobs: build: - # Runs in our custom ubuntu-act-runner image (Node 20 + Docker CLI + git) - # Docker daemon is the DinD sidecar via DOCKER_HOST=tcp://localhost:2376 - runs-on: ubuntu-latest + # Runs directly on runner host — buildah+skopeo available via tools volume + # No container spawned, no internet required in container + runs-on: docker steps: - name: 🔎 Checkout - uses: actions/checkout@v4 + run: | + git clone \ + --depth 1 \ + --branch "${{ gitea.ref_name }}" \ + "http://${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}@gitea.mod.home/ansible/ansible-runner.git" \ + . - name: 🏷️ Set Image Tags id: tags @@ -37,30 +42,34 @@ jobs: echo "tag_sha=${REGISTRY}/${ORG}/${IMAGE}:${SHORT_SHA}" >> $GITHUB_OUTPUT echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT - - name: 🐳 Docker Login → Gitea Registry - run: | - echo "${{ secrets.REGISTRY_PASSWORD }}" | \ - docker login gitea.mod.home \ - --username "${{ secrets.REGISTRY_USER }}" \ - --password-stdin - - - name: 🐳 Build Image + - name: 🔨 Build Image run: | BUILD_ARGS="" if [ "${{ inputs.force_rebuild }}" = "true" ]; then BUILD_ARGS="--no-cache" fi - docker build ${BUILD_ARGS} \ + buildah bud \ + --storage-driver vfs \ + ${BUILD_ARGS} \ -t ${{ steps.tags.outputs.tag_latest }} \ -t ${{ steps.tags.outputs.tag_sha }} \ -f docker/Dockerfile \ docker/ - - name: 🐳 Push Image + - name: 📤 Push Image → Gitea Registry run: | - docker push ${{ steps.tags.outputs.tag_latest }} - docker push ${{ steps.tags.outputs.tag_sha }} + skopeo copy \ + --dest-tls-verify=false \ + --dest-creds "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}" \ + containers-storage:${{ steps.tags.outputs.tag_latest }} \ + docker://${{ steps.tags.outputs.tag_latest }} + + skopeo copy \ + --dest-tls-verify=false \ + --dest-creds "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}" \ + containers-storage:${{ steps.tags.outputs.tag_sha }} \ + docker://${{ steps.tags.outputs.tag_sha }} - name: 📨 Telegram Notification if: always() diff --git a/.gitea/workflows/build-ubuntu-latest.yaml b/.gitea/workflows/build-ubuntu-latest.yaml index ffe1714..77695d5 100644 --- a/.gitea/workflows/build-ubuntu-latest.yaml +++ b/.gitea/workflows/build-ubuntu-latest.yaml @@ -10,8 +10,8 @@ on: jobs: build: - # Bootstraps itself — runs on docker:host (no container spawned) - # Docker CLI available via tools volume from initContainer + # Runs directly on runner host — buildah+skopeo available via tools volume + # No container spawned, no internet required in container runs-on: docker steps: @@ -36,25 +36,28 @@ jobs: echo "tag_sha=${REGISTRY}/${ORG}/${IMAGE}:${SHORT_SHA}" >> $GITHUB_OUTPUT echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT - - name: 🐳 Docker Login → Gitea Registry + - name: 🔨 Build Image run: | - echo "${{ secrets.REGISTRY_PASSWORD }}" | \ - docker login gitea.mod.home \ - --username "${{ secrets.REGISTRY_USER }}" \ - --password-stdin - - - name: 🐳 Build Image - run: | - docker build \ + buildah bud \ + --storage-driver vfs \ -t ${{ steps.tags.outputs.tag_latest }} \ -t ${{ steps.tags.outputs.tag_sha }} \ -f docker-ubuntu-latest/Dockerfile \ docker-ubuntu-latest/ - - name: 🐳 Push Image + - name: 📤 Push Image → Gitea Registry run: | - docker push ${{ steps.tags.outputs.tag_latest }} - docker push ${{ steps.tags.outputs.tag_sha }} + skopeo copy \ + --dest-tls-verify=false \ + --dest-creds "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}" \ + containers-storage:${{ steps.tags.outputs.tag_latest }} \ + docker://${{ steps.tags.outputs.tag_latest }} + + skopeo copy \ + --dest-tls-verify=false \ + --dest-creds "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}" \ + containers-storage:${{ steps.tags.outputs.tag_sha }} \ + docker://${{ steps.tags.outputs.tag_sha }} - name: 📨 Telegram Notification if: always()