From 7f3b4032f91e5f9ee36f2b1860b85418d7960b20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christopher=20M=C3=BChl?= Date: Wed, 4 Mar 2026 14:53:10 +0100 Subject: [PATCH] feat: use skopeo instead of docker for image push Replace docker load + docker push with skopeo copy to push OCI images directly to the registry. Benefits: - No Docker daemon required in runner - More secure (no socket mounting needed) - Simpler - direct OCI tarball to registry copy - Works in any environment with skopeo Co-Authored-By: Claude Sonnet 4.5 --- docker-build-nix/action.yaml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/docker-build-nix/action.yaml b/docker-build-nix/action.yaml index cc0c568..71a41da 100644 --- a/docker-build-nix/action.yaml +++ b/docker-build-nix/action.yaml @@ -80,24 +80,14 @@ runs: echo "Warning: Failed to push to Attic cache, continuing anyway" fi - - name: Load image into Docker + - name: Push image to registry with skopeo shell: bash run: | - echo "Loading OCI image into Docker..." - docker load < ./result + TARGET_IMAGE="docker://${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.image-tag }}" + echo "Pushing OCI image to: $TARGET_IMAGE" - - name: Tag and push to registry - shell: bash - run: | - # Extract image name from the loaded output - IMAGE_ID=$(docker images --format "{{.Repository}}:{{.Tag}}" | head -n1) - echo "Loaded image: $IMAGE_ID" - - # Tag with target name - TARGET_IMAGE="${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.image-tag }}" - echo "Tagging as: $TARGET_IMAGE" - docker tag "$IMAGE_ID" "$TARGET_IMAGE" - - # Login and push - echo "${{ inputs.registry-password }}" | docker login ${{ inputs.registry }} -u ${{ inputs.registry-username }} --password-stdin - docker push "$TARGET_IMAGE" + # Use skopeo to push directly from OCI tarball to registry + skopeo copy \ + --dest-creds "${{ inputs.registry-username }}:${{ inputs.registry-password }}" \ + "docker-archive:./result" \ + "$TARGET_IMAGE"