From 18d47d253b7d438d25bd040b9148142b53ef9101 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 09:09:30 +0000 Subject: [PATCH 01/14] modified: .gitea/workflows/ docker-image.deploy.yml --- .../actions/buildkit-build-push/action.yaml | 57 +++++++++++++++++++ .gitea/actions/kubectl-setup/action.yaml | 54 ++++++++++++++++++ .gitea/workflows/ docker-image.deploy.yml | 2 +- 3 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 .gitea/actions/buildkit-build-push/action.yaml create mode 100644 .gitea/actions/kubectl-setup/action.yaml diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml new file mode 100644 index 0000000..562a92b --- /dev/null +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -0,0 +1,57 @@ +name: BuildKit Build and Deploys +description: "Build and deploy images" + +inputs: + registry_addr: + description: registry address + required: true + registry_username: + description: "registry username" + required: true + registry_password: + description: "registry password" + required: true + buildkit_addr: + description: "buildkit address" + required: true + tags: + description: "image tags / buildctl image name" + required: true + context: + description: "buildctl build context" + required: false + default: "." + dockerfile: + description: "buildctl build dockerfile/folder" + required: true + default: "." +runs: + using: "composite" + steps: + - name: Authenticate to Gitea registry + shell: bash + run: | + # Create a temporary file inside GITHUB_TEMP + DOCKER_CONFIG_FILE="${RUNNER_TEMP}/docker_config.json" + + # Ensure cleanup ALWAYS happens + trap 'rm -f "$DOCKER_CONFIG_FILE"' EXIT + + # Generate auth entry + AUTH=$(printf "%s" "${{ inputs.registry_username }}:${{ inputs.registry_password }}" | base64 -w 0) + + printf '{"auths":{"%s":{"auth":"%s"}}}' \ + "${{ inputs.registry_addr }}" \ + "$AUTH" \ + > "$DOCKER_CONFIG_FILE" + + # Run BuildKit build + buildctl \ + --addr ${{ inputs.buildkit_addr }} \ + build \ + --frontend=dockerfile.v0 \ + --local context=${{ inputs.context }} \ + --local dockerfile=${{ inputs.dockerfile }} \ + --opt filename=Dockerfile \ + --output type=image,name=${{ inputs.tags }},push=true,registry.config=$RUNNER_TEMP + diff --git a/.gitea/actions/kubectl-setup/action.yaml b/.gitea/actions/kubectl-setup/action.yaml new file mode 100644 index 0000000..af668a5 --- /dev/null +++ b/.gitea/actions/kubectl-setup/action.yaml @@ -0,0 +1,54 @@ +name: Setup kubectl +description: "Reads kube config from inputs and sets kube config" + +inputs: + kube_server: + description: "Kubernetes server address" + required: true + kube_ca_base64: + description: "Base64 encoded CA cert" + required: true + kube_token: + description: "Kubernetes token" + required: true + test_connection: + description: "If 'true', a curl is executed to test connection" + required: false + default: "false" +runs: + using: "composite" + steps: + - name: Create kubeconfig + shell: bash + run: | + mkdir -p "${GITHUB_TEMP}/.kube" + cat > "${GITHUB_TEMP}/.kube/config" <> "${GITHUB_ENV}" + + - name: Test connection + if: ${{ inputs.test_connection == 'true' }} + shell: bash + run: | + echo "Testing connection to cluster..." + curl -ksS \ + --cacert <(echo "${{ inputs.kube_ca_base64 }}" | base64 -d) \ + -H "Authorization: Bearer ${{ inputs.kube_token }}" \ + ${{ inputs.kube_server }}/version \ No newline at end of file diff --git a/.gitea/workflows/ docker-image.deploy.yml b/.gitea/workflows/ docker-image.deploy.yml index a0432b1..850a577 100644 --- a/.gitea/workflows/ docker-image.deploy.yml +++ b/.gitea/workflows/ docker-image.deploy.yml @@ -23,7 +23,7 @@ jobs: curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1 - name: Build and Push Image - uses: ./.gitea/limbo_actions/buildkit-build-push + uses: ./.gitea/actions/buildkit-build-push with: registry_addr: git.limbosolutions.com registry_username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }} -- 2.49.1 From 845eebaa000df60b94b6b0fa525e26de7d171f12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 09:10:52 +0000 Subject: [PATCH 02/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .gitea/actions/buildkit-build-push/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index 562a92b..ca148e7 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -53,5 +53,5 @@ runs: --local context=${{ inputs.context }} \ --local dockerfile=${{ inputs.dockerfile }} \ --opt filename=Dockerfile \ - --output type=image,name=${{ inputs.tags }},push=true,registry.config=$RUNNER_TEMP + --output type=image,name=${{ inputs.tags }},push=true,registry.config=$DOCKER_CONFIG_FILE -- 2.49.1 From 3c10ca756a868be61439b2c728a989a8906b9b07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 09:19:25 +0000 Subject: [PATCH 03/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .../actions/buildkit-build-push/action.yaml | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index ca148e7..097cbeb 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -31,19 +31,24 @@ runs: - name: Authenticate to Gitea registry shell: bash run: | - # Create a temporary file inside GITHUB_TEMP - DOCKER_CONFIG_FILE="${RUNNER_TEMP}/docker_config.json" - # Ensure cleanup ALWAYS happens - trap 'rm -f "$DOCKER_CONFIG_FILE"' EXIT + DOCKER_CONFIG_DIR="${RUNNER_TEMP}/.buildctl_docker" + mkdir -p "$DOCKER_CONFIG_DIR" + + # clean up + trap 'rm -rf "$DOCKER_CONFIG_DIR"' EXIT - # Generate auth entry AUTH=$(printf "%s" "${{ inputs.registry_username }}:${{ inputs.registry_password }}" | base64 -w 0) - printf '{"auths":{"%s":{"auth":"%s"}}}' \ - "${{ inputs.registry_addr }}" \ - "$AUTH" \ - > "$DOCKER_CONFIG_FILE" + cat > "$DOCKER_CONFIG_DIR/config.json" < Date: Sun, 15 Mar 2026 09:22:03 +0000 Subject: [PATCH 04/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .gitea/actions/buildkit-build-push/action.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index 097cbeb..f7ba33c 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -50,6 +50,18 @@ runs: } EOF + echo "Checking config.json (safe output):" + if [ ! -f "$DOCKER_CONFIG_DIR/config.json" ]; then + echo "ERROR: config.json missing" + exit 1 + fi + + jq ' + .auths |= with_entries( + .value.auth = "***MASKED***" + ) + ' "$DOCKER_CONFIG_DIR/config.json" + # Run BuildKit build buildctl \ --addr ${{ inputs.buildkit_addr }} \ -- 2.49.1 From 155dc54516be658f529cbb89572896200b30f45f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 09:24:28 +0000 Subject: [PATCH 05/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .gitea/actions/buildkit-build-push/action.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index f7ba33c..68c83ab 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -62,6 +62,10 @@ runs: ) ' "$DOCKER_CONFIG_DIR/config.json" + DECODED_USER=$(printf "%s" "$AUTH" | base64 -d | cut -d: -f1) + echo "Registry user: $DECODED_USER" + + # Run BuildKit build buildctl \ --addr ${{ inputs.buildkit_addr }} \ -- 2.49.1 From a2085adbf82a141e44c7c1244f5fb810cddb276c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 09:28:03 +0000 Subject: [PATCH 06/14] modified: .gitea/workflows/ docker-image.deploy.yml --- .gitea/workflows/ docker-image.deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/ docker-image.deploy.yml b/.gitea/workflows/ docker-image.deploy.yml index 850a577..f5de89f 100644 --- a/.gitea/workflows/ docker-image.deploy.yml +++ b/.gitea/workflows/ docker-image.deploy.yml @@ -25,7 +25,7 @@ jobs: - name: Build and Push Image uses: ./.gitea/actions/buildkit-build-push with: - registry_addr: git.limbosolutions.com + registry_addr: https://git.limbosolutions.com registry_username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }} registry_password: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_PASSWORD }} buildkit_addr: tcp://buildkitd.buildkit.svc.cluster.local:1234 -- 2.49.1 From 48b103a82e127a1f3a0beb81606034d989f2520a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 09:32:58 +0000 Subject: [PATCH 07/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .gitea/actions/buildkit-build-push/action.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index 68c83ab..9cd41a4 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -65,6 +65,10 @@ runs: DECODED_USER=$(printf "%s" "$AUTH" | base64 -d | cut -d: -f1) echo "Registry user: $DECODED_USER" + echo "Testing registry.config visibility inside buildkitd:" + buildctl \ + --addr ${{ inputs.buildkit_addr }} \ + debug workers # Run BuildKit build buildctl \ -- 2.49.1 From df9550e774c00fed562c28ec34bfb788af0967d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 10:28:48 +0000 Subject: [PATCH 08/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .gitea/actions/buildkit-build-push/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index 9cd41a4..a111652 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -78,6 +78,6 @@ runs: --local context=${{ inputs.context }} \ --local dockerfile=${{ inputs.dockerfile }} \ --opt filename=Dockerfile \ - --output type=image,name=${{ inputs.tags }},push=true,registry.config=$DOCKER_CONFIG_DIR + --output type=image,name=${{ inputs.tags }} -- 2.49.1 From e1311eab6875da5fff1629b56f5f35eab1a5acf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 10:29:34 +0000 Subject: [PATCH 09/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .gitea/actions/buildkit-build-push/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index a111652..9cd41a4 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -78,6 +78,6 @@ runs: --local context=${{ inputs.context }} \ --local dockerfile=${{ inputs.dockerfile }} \ --opt filename=Dockerfile \ - --output type=image,name=${{ inputs.tags }} + --output type=image,name=${{ inputs.tags }},push=true,registry.config=$DOCKER_CONFIG_DIR -- 2.49.1 From 255177323ba79672d49413dde581cdf77d798ccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 10:38:34 +0000 Subject: [PATCH 10/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .gitea/actions/buildkit-build-push/action.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index 9cd41a4..ddd9d56 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -65,19 +65,21 @@ runs: DECODED_USER=$(printf "%s" "$AUTH" | base64 -d | cut -d: -f1) echo "Registry user: $DECODED_USER" + #export DOCKER_CONFIG=$DOCKER_CONFIG_DIR + echo "Testing registry.config visibility inside buildkitd:" buildctl \ --addr ${{ inputs.buildkit_addr }} \ debug workers # Run BuildKit build - buildctl \ + DOCKER_CONFIG=$DOCKER_CONFIG_DIR buildctl \ --addr ${{ inputs.buildkit_addr }} \ build \ --frontend=dockerfile.v0 \ --local context=${{ inputs.context }} \ --local dockerfile=${{ inputs.dockerfile }} \ --opt filename=Dockerfile \ - --output type=image,name=${{ inputs.tags }},push=true,registry.config=$DOCKER_CONFIG_DIR + --output type=image,name=${{ inputs.tags }},push=true -- 2.49.1 From 59d985ce96469252f090c933d7986886a2d2f95d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 10:43:19 +0000 Subject: [PATCH 11/14] modified: .gitea/actions/buildkit-build-push/action.yaml --- .../actions/buildkit-build-push/action.yaml | 30 ++++--------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml index ddd9d56..f6355c4 100644 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ b/.gitea/actions/buildkit-build-push/action.yaml @@ -28,18 +28,20 @@ inputs: runs: using: "composite" steps: - - name: Authenticate to Gitea registry + - name: run buildctl built and push shell: bash run: | + # create docker config temp folder DOCKER_CONFIG_DIR="${RUNNER_TEMP}/.buildctl_docker" mkdir -p "$DOCKER_CONFIG_DIR" # clean up trap 'rm -rf "$DOCKER_CONFIG_DIR"' EXIT - AUTH=$(printf "%s" "${{ inputs.registry_username }}:${{ inputs.registry_password }}" | base64 -w 0) + # setup file docker config (auth) temp file + AUTH=$(printf "%s" "${{ inputs.registry_username }}:${{ inputs.registry_password }}" | base64 -w 0) cat > "$DOCKER_CONFIG_DIR/config.json" < Date: Sun, 15 Mar 2026 10:52:37 +0000 Subject: [PATCH 12/14] modified: .gitea/workflows/ docker-image.deploy.yml --- .gitea/workflows/ docker-image.deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/ docker-image.deploy.yml b/.gitea/workflows/ docker-image.deploy.yml index f5de89f..c805bee 100644 --- a/.gitea/workflows/ docker-image.deploy.yml +++ b/.gitea/workflows/ docker-image.deploy.yml @@ -23,7 +23,7 @@ jobs: curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1 - name: Build and Push Image - uses: ./.gitea/actions/buildkit-build-push + uses: ./.gitea/limbo_actions/buildkit-build-push with: registry_addr: https://git.limbosolutions.com registry_username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }} -- 2.49.1 From a2424b4513837f8c05352260ca25bbeb9726fe8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 15 Mar 2026 10:53:28 +0000 Subject: [PATCH 13/14] deleted: .gitea/actions/buildkit-build-push/action.yaml --- .../actions/buildkit-build-push/action.yaml | 65 ------------------- 1 file changed, 65 deletions(-) delete mode 100644 .gitea/actions/buildkit-build-push/action.yaml diff --git a/.gitea/actions/buildkit-build-push/action.yaml b/.gitea/actions/buildkit-build-push/action.yaml deleted file mode 100644 index f6355c4..0000000 --- a/.gitea/actions/buildkit-build-push/action.yaml +++ /dev/null @@ -1,65 +0,0 @@ -name: BuildKit Build and Deploys -description: "Build and deploy images" - -inputs: - registry_addr: - description: registry address - required: true - registry_username: - description: "registry username" - required: true - registry_password: - description: "registry password" - required: true - buildkit_addr: - description: "buildkit address" - required: true - tags: - description: "image tags / buildctl image name" - required: true - context: - description: "buildctl build context" - required: false - default: "." - dockerfile: - description: "buildctl build dockerfile/folder" - required: true - default: "." -runs: - using: "composite" - steps: - - name: run buildctl built and push - shell: bash - run: | - - # create docker config temp folder - DOCKER_CONFIG_DIR="${RUNNER_TEMP}/.buildctl_docker" - mkdir -p "$DOCKER_CONFIG_DIR" - - # clean up - trap 'rm -rf "$DOCKER_CONFIG_DIR"' EXIT - - - # setup file docker config (auth) temp file - AUTH=$(printf "%s" "${{ inputs.registry_username }}:${{ inputs.registry_password }}" | base64 -w 0) - cat > "$DOCKER_CONFIG_DIR/config.json" < Date: Sun, 15 Mar 2026 10:55:32 +0000 Subject: [PATCH 14/14] deleted: .gitea/actions/kubectl-setup/action.yaml --- .gitea/actions/kubectl-setup/action.yaml | 54 ------------------------ 1 file changed, 54 deletions(-) delete mode 100644 .gitea/actions/kubectl-setup/action.yaml diff --git a/.gitea/actions/kubectl-setup/action.yaml b/.gitea/actions/kubectl-setup/action.yaml deleted file mode 100644 index af668a5..0000000 --- a/.gitea/actions/kubectl-setup/action.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: Setup kubectl -description: "Reads kube config from inputs and sets kube config" - -inputs: - kube_server: - description: "Kubernetes server address" - required: true - kube_ca_base64: - description: "Base64 encoded CA cert" - required: true - kube_token: - description: "Kubernetes token" - required: true - test_connection: - description: "If 'true', a curl is executed to test connection" - required: false - default: "false" -runs: - using: "composite" - steps: - - name: Create kubeconfig - shell: bash - run: | - mkdir -p "${GITHUB_TEMP}/.kube" - cat > "${GITHUB_TEMP}/.kube/config" <> "${GITHUB_ENV}" - - - name: Test connection - if: ${{ inputs.test_connection == 'true' }} - shell: bash - run: | - echo "Testing connection to cluster..." - curl -ksS \ - --cacert <(echo "${{ inputs.kube_ca_base64 }}" | base64 -d) \ - -H "Authorization: Bearer ${{ inputs.kube_token }}" \ - ${{ inputs.kube_server }}/version \ No newline at end of file -- 2.49.1