improve docker builds

.github/workflows/build.yml

@@ -36,7 +36,7 @@ defaults:
     shell: bash
 
 env:
-  DOCKER_IMAGE_REPO: vegardit/gitea-act-runner
+  DOCKER_IMAGE_REPO: ${{ github.repository_owner }}/gitea-act-runner
   TRIVY_CACHE_DIR: ~/.trivy/cache
 
 jobs:
@@ -96,19 +96,29 @@ jobs:
     - name: Install dos2unix
       run: sudo apt-get install --no-install-recommends -y dos2unix
 
+    - name: "Determine if docker images shall be published"
+      run: |
+        # ACT -> https://nektosact.com/usage/index.html#skipping-steps
+        if [[ $GITHUB_REF_NAME == 'main' && $GITHUB_EVENT_NAME != 'pull_request' && -n $ACT ]]; then
+          echo "DOCKER_PUSH_GHCR=true" > "$GITHUB_ENV"
+          if [[ -n "${{ secrets.DOCKER_HUB_USERNAME }}" ]]; then
+            echo "DOCKER_PUSH=true" > "$GITHUB_ENV"
+          fi
+        fi
+
     - name: Install regclient
-      if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }}  # https://github.com/nektos/act#skipping-steps
+      if: ${{ env.DOCKER_PUSH_GHCR }}
       uses: iarekylew00t/regctl-installer@v1
 
     - name: Login to docker.io
-      if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }}  # https://github.com/nektos/act#skipping-steps
+      if: ${{ env.DOCKER_PUSH }}
       uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKER_HUB_USERNAME }}
         password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
     - name: Login to ghcr.io
-      if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }}  # https://github.com/nektos/act#skipping-steps
+      if: ${{ env.DOCKER_PUSH_GHCR }}
       uses: docker/login-action@v3
       with:
         registry: ghcr.io
@@ -119,19 +129,18 @@ jobs:
       env:
         DOCKER_IMAGE_TAG_PREFIX: ${{ matrix.DOCKER_IMAGE_TAG_PREFIX }}
         DOCKER_IMAGE_FLAVOR: ${{ matrix.DOCKER_IMAGE_FLAVOR }}
-        DOCKER_PUSH: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }}
         TRIVY_GITHUB_TOKEN: ${{ github.token }}
       run: |
         if [[ -n "${{ inputs.VERSION }}" ]]; then
            export GITEA_ACT_RUNNER_VERSION="${{ inputs.VERSION }}"
-        else:
+        else
            export GITEA_ACT_RUNNER_VERSION="${{ matrix.GITEA_ACT_RUNNER_VERSION }}"
         fi
         bash build-image.sh
 
     - name: Delete untagged images
       uses: actions/github-script@v7
-      if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }}  # https://github.com/nektos/act#skipping-steps
+      if: ${{ env.DOCKER_PUSH_GHCR }}
       continue-on-error: true
       with:
         github-token: ${{ secrets.GHA_DELETE_PACKAGES }}

build-image.sh

@@ -76,8 +76,8 @@ docker buildx build "$project_root" \
   --build-arg GIT_REPO_URL="$(git config --get remote.origin.url)" \
   --build-arg GITEA_ACT_RUNNER_VERSION="$gitea_act_runner_effective_version" \
   --build-arg FLAVOR=$DOCKER_IMAGE_FLAVOR \
-  $(if [[ "${ACT:-}" == "true" ]]; then \
-    echo -n "--output type=docker"; \
+  $(if [[ "${ACT:-}" == "true" || "${DOCKER_PUSH:-}" != "true" ]]; then \
+    echo -n "--load --output type=docker"; \
   else \
     echo -n "--platform linux/amd64,linux/arm64,linux/arm/v7"; \
   fi) \
@@ -88,16 +88,16 @@ docker buildx build "$project_root" \
 docker buildx stop
 set +x
 
+if [[ "${DOCKER_PUSH:-}" == "true" ]]; then
+  docker image pull $image_name
+fi
 
 #################################################
 # push image to ghcr.io
 #################################################
-if [[ "${DOCKER_PUSH:-}" == "true" ]]; then
-  set -x;
-  docker image pull $image_name
-  regctl image copy $image_name ghcr.io/$image_name
-  regctl image copy $image_name2 ghcr.io/$image_name2
-  set +x
+if [[ "${DOCKER_PUSH_GHCR:-}" == "true" ]]; then
+  (set -x; regctl image copy $image_name ghcr.io/$image_name)
+  (set -x; regctl image copy $image_name2 ghcr.io/$image_name2)
 fi
 
 
@@ -106,15 +106,14 @@ fi
 #################################################
 echo
 log INFO "Testing docker image [$image_name]..."
-set -x
-docker run --rm $image_name act_runner --version
-set +x
+(set -x; docker run --rm $image_name act_runner --version)
 echo
 
 
 #################################################
 # perform security audit
 #################################################
-if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 ]]; then
+# TODO see https://gitea.com/gitea/act_runner/issues/513
+if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 && "$GITEA_ACT_RUNNER_VERSION" == "nightly" ]]; then
   bash "$shared_lib/cmd/audit-image.sh" $image_name
 fi

image/Dockerfile

@@ -79,7 +79,11 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
     amd64|arm64) ;;
     *) echo "Unsupported arch: $arch"; exit 1;;
   esac
-  act_runner_download_url=https://gitea.com/gitea/act_runner/releases/download/v${GITEA_ACT_RUNNER_VERSION}/act_runner-${GITEA_ACT_RUNNER_VERSION}-linux-${arch}
+  if [[ $GITEA_ACT_RUNNER_VERSION == "nightly" ]]; then
+    act_runner_download_url=https://dl.gitea.com/act_runner/nightly/act_runner-${GITEA_ACT_RUNNER_VERSION}-linux-${arch}
+  else
+    act_runner_download_url=https://gitea.com/gitea/act_runner/releases/download/v${GITEA_ACT_RUNNER_VERSION}/act_runner-${GITEA_ACT_RUNNER_VERSION}-linux-${arch}
+  fi
   echo "Downloading [$act_runner_download_url]..."
   curl "$act_runner_download_url" -o /usr/local/bin/act_runner
   chmod 755 /usr/local/bin/act_runner