Comment on what do y'all use for CI/CD?

• scrubbles@poptalk.scrubbles.tech ⁨1⁩ ⁨day⁩ ago

  Sure! I use Kaniko (Although I see now that it’s not maintained anymore). I’ll probably pull the image in locally to protect it…

  Kaniko does the Docker in Docker, and I found an action that I use, but it looks like that was taken down… Luckily I archived it! Make an action in Forgejo (I have an infrastructure group that I add public repos to for actions. So this one is called action-koniko-build and all it has is this action.yml file in it:

  name: Kaniko
  description: Build a container image using Kaniko
  inputs:
    Dockerfile:
      description: The Dockerfile to pass to Kaniko
      required: true
    image:
      description: Name and tag under which to upload the image
      required: true
    registry:
      description: Domain of the registry. Should be the same as the first path component of the tag.
      required: true
    username:
      description: Username for the container registry
      required: true
    password:
      description: Password for the container registry
      required: true
    context:
      description: Workspace for the build
      required: true
  runs:
    using: docker
    image: docker://gcr.io/kaniko-project/executor:debug
    entrypoint: /bin/sh
    args:
      - -c
      - |
        mkdir -p /kaniko/.docker
        echo '{"auths":{"${{ inputs.registry }}":{"auth":"'$(printf "%s:%s" "${{ inputs.username }}" "${{ inputs.password }}" | base64 | tr -d '\n')'"}}}' > /kaniko/.docker/config.json
        echo Config file follows!
        cat /kaniko/.docker/config.json
        /kaniko/executor --insecure --dockerfile ${{ inputs.Dockerfile }} --destination ${{ inputs.image }} --context dir://${{ inputs.context }}     
  

  Then, you can use it directly like:

  name: Build and Deploy Docker Image
  
  on:
    push:
      branches:
        - main
    workflow_dispatch:
  
  jobs:
    build:
      runs-on: docker
  
      steps:
      # Checkout the repository
      - name: Checkout code
        uses: actions/checkout@v3
  
      - name: Get current date # This is just how I label my containers, do whatever you prefer
        id: date
        run: echo "::set-output name=date::$(date '+%Y%m%d-%H%M')"
  
      - uses:  path.to.your.forgejo.instance:port/infrastructure/action-koniko-build@main # This is what I said above, it references your infrastructure action, on the main branch
        with:
          Dockerfile: cluster/charts/auth/operator/Dockerfile
          image: path.to.your.forgejo.instance:port/group/repo:${{ steps.date.outputs.date }}
          registry: path.to.your.forgejo.instance:port/v1
          username: ${{ env.GITHUB_ACTOR }}
          password: ${{ secrets.RUNNER_TOKEN }} # I haven't found a good secret option that works well, I should see if they have fixed the built-in token
          context: ${{ env.GITHUB_WORKSPACE }}
  

  I run my runners in Kubernetes in the same cluster as my forgejo instance, so this all hooks up pretty easy. Lmk if you want to see that at all if it’s relevant. The big thing is that you’ll need to have them be Privileged, and there’s some complicated stuff where you need to run both the runner and the “dind” container together.

  source

  • felbane@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Thanks for the write-up! I’ve been trying and failing to do DOOD and POOP runners via forgejo, but I haven’t had the time or energy to really dig in and figure out the issue. At this point I just want something to work so I’ll give your setup a try 😎

    source

    • scrubbles@poptalk.scrubbles.tech ⁨1⁩ ⁨day⁩ ago

      Of course! Let me know how you run your containers and I may be able to help on that side too

      source