# Forgejo Actions environment for building OCI container images

Building OCI container images inside Forgejo Actions is somewhat non-trivial.
We need to execute Buildah inside of a rootless Podman container, which
eventually leads to a podman-in-podman scenario. Thankfully, this is not as
complex as docker-in-docker.

This image contains everything we need for executing `make image` in our
Golang repos:

- Go toolchain (for helper scripts called by Makefile)
- Docker wrapper (for abstracting Buildah away from human Makefile users)
- Podman configuration files

## Usage

Referencing this container from `.forgejo/workflows/workflow.yml`:

```yaml
jobs:
  oci-image:
    runs-on: docker
    container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
```

See full [live
example](https://git.frostfs.info/TrueCloudLab/action-env/src/branch/master/.forgejo/workflows/build.yml)
in action in this repo.

## Initial Forgejo setup

We use this image to build all images in this repo. To avoid chicken-and-egg
situation in case of disaster recovery, the first version of this image must
be pushed from outside of Forgejo Actions, e.g. from sysadmin laptop:

```console
$ make oci-image-builder-bookworm
$ make push-oci-image-builder-bookworm
```