Fix CI workflow to use Kaniko for containerized runner

Replace Docker-based build with Kaniko executor to support Docker-based Gitea runners that don't have Docker daemon access. Kaniko builds container images without requiring Docker, making it ideal for containerized CI environments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-29 13:50:22 +01:00 · 2025-10-29 13:50:22 +01:00 · 82093a0cf6
commit 82093a0cf6
parent 1c9c570ece
1 changed files with 16 additions and 31 deletions
--- a/.gitea/workflows/build-deploy.yml
+++ b/.gitea/workflows/build-deploy.yml
@ -8,40 +8,25 @@ on:
 jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: gcr.io/kaniko-project/executor:debug
      options: --user root
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
-      - name: Set up Docker Buildx
+      - name: Prepare Kaniko config
-        uses: docker/setup-buildx-action@v3
+        run: |
          mkdir -p /kaniko/.docker
          echo "{\"auths\":{\"code.puffinoffset.com\":{\"auth\":\"$(echo -n "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" | base64)\"}}}" > /kaniko/.docker/config.json
-      - name: Log in to Gitea Container Registry
+      - name: Build and push with Kaniko
-        uses: docker/login-action@v3
+        run: |
-        with:
+          /kaniko/executor \
-          registry: code.puffinoffset.com
+            --context=${{ github.workspace }} \
-          username: ${{ github.actor }}
+            --dockerfile=${{ github.workspace }}/Dockerfile \
-          password: ${{ secrets.GITHUB_TOKEN }}
+            --destination=code.puffinoffset.com/matt/puffin-app:latest \
-
+            --destination=code.puffinoffset.com/matt/puffin-app:main-${{ github.sha }} \
-      - name: Extract metadata
+            --cache=true \
-        id: meta
+            --cache-repo=code.puffinoffset.com/matt/puffin-app/cache
        uses: docker/metadata-action@v5
        with:
          images: code.puffinoffset.com/matt/puffin-app
          tags: |
            type=raw,value=latest,enable={{is_default_branch}}
            type=sha,prefix={{branch}}-
      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=registry,ref=code.puffinoffset.com/matt/puffin-app:buildcache
          cache-to: type=registry,ref=code.puffinoffset.com/matt/puffin-app:buildcache,mode=max
      - name: Image digest
        run: echo "Image pushed with digest ${{ steps.build.outputs.digest }}"