From 7cf9b1b9145753c1f663c7209d7c8a1519fb1665 Mon Sep 17 00:00:00 2001
From: Mathias Beaulieu-Duncan <mathias@openharbor.io>
Date: Tue, 3 Feb 2026 17:39:57 -0500
Subject: [PATCH] Install apko as binary instead of running via Docker

The Gitea runner executes inside Docker, so volume mounts from
docker run resolve against the host filesystem where the workspace
path does not exist. Install apko directly on the runner to avoid
the Docker-in-Docker volume mount issue.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .gitea/workflows/build.yaml | 14 ++++++++------
 .gitea/workflows/scout.yaml | 10 +++++++---
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index a02b815..f70545b 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -94,6 +94,11 @@ jobs:
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
 
+      - name: Install apko
+        run: |
+          curl -fsSL https://github.com/chainguard-dev/apko/releases/latest/download/apko_$(curl -fsSL https://api.github.com/repos/chainguard-dev/apko/releases/latest | jq -r .tag_name | sed 's/^v//')_linux_amd64.tar.gz \
+            | tar xz -C /usr/local/bin apko
+
       - name: Build apko base images
         run: |
           set -euo pipefail
@@ -101,12 +106,9 @@ jobs:
           for VARIANT in runtime runtime-invariant sdk; do
             for ARCH in x86_64 aarch64; do
               echo "::group::Building apko base: $VARIANT ($ARCH)"
-              mkdir -p ${{ github.workspace }}/build-${ARCH}/${VARIANT}
-              docker run --rm \
-                -v ${{ github.workspace }}/apko:/work \
-                -v ${{ github.workspace }}/build-${ARCH}/${VARIANT}:/output \
-                cgr.dev/chainguard/apko build \
-                  --arch $ARCH /work/${VARIANT}.yaml ${VARIANT}:latest /output/rootfs.tar.gz
+              mkdir -p build-${ARCH}/${VARIANT}
+              apko build --arch $ARCH \
+                apko/${VARIANT}.yaml ${VARIANT}:latest build-${ARCH}/${VARIANT}/rootfs.tar.gz
               echo "::endgroup::"
             done
           done
diff --git a/.gitea/workflows/scout.yaml b/.gitea/workflows/scout.yaml
index 9e74566..73cadfa 100644
--- a/.gitea/workflows/scout.yaml
+++ b/.gitea/workflows/scout.yaml
@@ -74,12 +74,16 @@ jobs:
           echo "lts_major=$LTS_MAJOR" >> $GITHUB_OUTPUT
           echo "lts_runtime=$LTS_RUNTIME" >> $GITHUB_OUTPUT
 
+      - name: Install apko
+        run: |
+          curl -fsSL https://github.com/chainguard-dev/apko/releases/latest/download/apko_$(curl -fsSL https://api.github.com/repos/chainguard-dev/apko/releases/latest | jq -r .tag_name | sed 's/^v//')_linux_amd64.tar.gz \
+            | tar xz -C /usr/local/bin apko
+
       - name: Build test image (${{ matrix.arch }})
         run: |
           # Build apko base
-          docker run --rm -v ${{ github.workspace }}/apko:/work cgr.dev/chainguard/apko build \
-            --arch ${{ matrix.arch == 'amd64' && 'x86_64' || 'aarch64' }} \
-            /work/runtime.yaml runtime:latest /tmp/rootfs.tar.gz
+          apko build --arch ${{ matrix.arch == 'amd64' && 'x86_64' || 'aarch64' }} \
+            apko/runtime.yaml runtime:latest /tmp/rootfs.tar.gz
 
           # Download .NET runtime
           DOTNET_ARCH=${{ matrix.arch == 'amd64' && 'x64' || 'arm64' }}