feat: switch to Kaniko for containerd-native CI/CD

- Replace buildah with Kaniko for optimal containerd compatibility
- Kaniko is specifically designed for building in Kubernetes/containerd environments
- No package installation needed - Kaniko runs in its own container
- Maintains Harbor registry integration and caching capabilities
- Simplifies runner deployment by removing package management

Benefits:
- Native containerd support (no Docker daemon needed)
- No package installation in CI runners
- Optimized for Kubernetes environments
- Same Harbor registry functionality with cleaner architecture
- Better resource usage than DinD approach

.gitea/workflows/ci.yml

@@ -42,22 +42,16 @@ jobs:
     if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/master'
     steps:
       - uses: actions/checkout@v4
-      - name: Install buildah and podman
-        run: |
-          apt-get update
-          apt-get install -y buildah podman
-      - name: Log in to Harbor with buildah
-        run: |
-          buildah login --username ${{ secrets.DOCKER_USERNAME }} --password ${{ secrets.DOCKER_PASSWORD }} registry.bk.glpx.pro
-      - name: Build and push frontend with buildah
-        run: |
-          buildah build \
-            --tag registry.bk.glpx.pro/turash/turash-frontend:latest \
-            --tag registry.bk.glpx.pro/turash/turash-frontend:${{ gitea.sha }} \
-            --file bugulma/frontend/Dockerfile \
-            bugulma/frontend
-          buildah push registry.bk.glpx.pro/turash/turash-frontend:latest
-          buildah push registry.bk.glpx.pro/turash/turash-frontend:${{ gitea.sha }}
+      - name: Build and push frontend with Kaniko
+        uses: aevea/action-kaniko@master
+        with:
+          registry: registry.bk.glpx.pro
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          image: turash/turash-frontend
+          tag: latest,${{ gitea.sha }}
+          cache: true
+          cache_registry: registry.bk.glpx.pro/turash/turash-frontend
 
   backend-lint:
     runs-on: ubuntu-latest
@@ -92,22 +86,16 @@ jobs:
     if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/master'
     steps:
       - uses: actions/checkout@v4
-      - name: Install buildah and podman
-        run: |
-          apt-get update
-          apt-get install -y buildah podman
-      - name: Log in to Harbor with buildah
-        run: |
-          buildah login --username ${{ secrets.DOCKER_USERNAME }} --password ${{ secrets.DOCKER_PASSWORD }} registry.bk.glpx.pro
-      - name: Build and push backend with buildah
-        run: |
-          buildah build \
-            --tag registry.bk.glpx.pro/turash/turash-backend:latest \
-            --tag registry.bk.glpx.pro/turash/turash-backend:${{ gitea.sha }} \
-            --file bugulma/backend/Dockerfile \
-            bugulma/backend
-          buildah push registry.bk.glpx.pro/turash/turash-backend:latest
-          buildah push registry.bk.glpx.pro/turash/turash-backend:${{ gitea.sha }}
+      - name: Build and push backend with Kaniko
+        uses: aevea/action-kaniko@master
+        with:
+          registry: registry.bk.glpx.pro
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          image: turash/turash-backend
+          tag: latest,${{ gitea.sha }}
+          cache: true
+          cache_registry: registry.bk.glpx.pro/turash/turash-backend
 
   e2e-test:
     runs-on: ubuntu-latest

k8s/gitea-runners/deployment.yaml

@@ -22,7 +22,7 @@ spec:
         - sh
         - -c
         - |
-          apk add --no-cache nodejs npm buildah podman || true
+          apk add --no-cache nodejs npm || true
           cd /data
           if [ ! -f .runner ]; then
             /usr/local/bin/act_runner register --instance "$GITEA_INSTANCE_URL" --token "$GITEA_RUNNER_REGISTRATION_TOKEN" --name "$GITEA_RUNNER_NAME" --labels "$GITEA_RUNNER_LABELS" --no-interactive || true