https://duggan.ie/tag/docker/
@duggan — docker
2026-01-05T20:59:48.000Z
Ross Duggan
ross@duggan.ie
https://duggan.ie/
https://duggan.ie/favicon.ico
https://duggan.ie/og-image.png
All rights reserved 2026, Ross Duggan
Posts tagged docker
https://duggan.ie/posts/self-hosting-git-and-builds-without-running-a-bunch-of-web-services
Self-hosting git and builds without running a bunch of web services
2026-01-05T20:59:48.000Z
Ross Duggan
ross@duggan.ie
https://duggan.ie/
<p><span style="white-space: pre-wrap;">My main side project at the moment is this blog. I tinker away with it when I feel like it. I'm not working on it with anyone else, not fielding pull requests, and not writing documentation.</span></p><p><span style="white-space: pre-wrap;">That said, I do still like having it in version control. I like having a </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">Dockerfile</span></code><span style="white-space: pre-wrap;"> to encapsulate dependencies and configuration, and using docker compose as a portable runtime manager. It's probably not everyone's idea of a simple setup, but I like it.</span></p><p><span style="white-space: pre-wrap;">The blog is deployed to a small VPS in </span><a href="http://hetzner.com" rel="noreferrer"><span style="white-space: pre-wrap;">Hetzner</span></a><span style="white-space: pre-wrap;">, running behind nginx.</span></p><p><span style="white-space: pre-wrap;">GitHub, Github Actions, and the GitHub Container Registry have been how I've been handling builds, but it's been slow, and it's started to seem absurd to have all these builds occurring in some random datacenter presumably on the other side of the Atlantic ocean, that I am then pulling back to a server in Europe.</span></p><p><span style="white-space: pre-wrap;">I started fishing around for a locally hosted replacement, coming across </span><a href="http://forgejo.org" rel="noreferrer"><span style="white-space: pre-wrap;">Forgejo</span></a><span style="white-space: pre-wrap;">, </span><a href="http://woodpecker-ci.org" rel="noreferrer"><span style="white-space: pre-wrap;">Woodpecker CI</span></a><span style="white-space: pre-wrap;">, and </span><a href="https://onedev.io" rel="noreferrer"><span style="white-space: pre-wrap;">OneDev</span></a><span style="white-space: pre-wrap;"> in addition to more familiar names like </span><a href="https://gitlab.com" rel="noreferrer"><span style="white-space: pre-wrap;">GitLab</span></a><span style="white-space: pre-wrap;"> and </span><a href="http://sourcehut.org" rel="noreferrer"><span style="white-space: pre-wrap;">SourceHut</span></a><span style="white-space: pre-wrap;">.</span></p><p><span style="white-space: pre-wrap;">At some point it occurred to me that this was a lot of ceremony for something relatively simple. How hard could it be just to have a git remote and hang some builds off it? I'm not trying to launch my own GitHub here.</span></p><p><span style="white-space: pre-wrap;">I want to:</span></p><ol><li value="1"><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">git push</span></code><span style="white-space: pre-wrap;"> to a </span><span class="tooltip-wrapper tooltip-trigger cursor-help underline decoration-dotted" data-tooltip="true"><span style="white-space: pre-wrap;">central</span><template data-tooltip-content=""><p><span style="white-space: pre-wrap;">I code from a couple of different machines, so having an actual central remote upstream makes things easier.</span></p><p><span style="white-space: pre-wrap;">You could probably do a lot of this on just your local machine with a few tweaks.</span></p></template></span><span style="white-space: pre-wrap;"> repo</span></li><li value="2"><span style="white-space: pre-wrap;">When I push, it kicks of a container image build</span></li><li value="3"><span style="white-space: pre-wrap;">That image is pushed to an image registry that I can deploy from</span></li></ol><p><span style="white-space: pre-wrap;">This does not need several UIs and databases. In any case git being git, you can always switch out for something more complex later.</span></p><aside class="callout my-6"><div class="border-l-4 border-blue-500 bg-blue-50 dark:bg-blue-900/20 px-6 py-4 rounded-r-lg"><strong class="block text-sm font-semibold uppercase tracking-wide text-blue-700 dark:text-blue-300">Note</strong><div class="mt-2 text-base leading-relaxed"><p class="mb-0">One piece of plumbing that makes all this much more flexible is Tailscale. It is not strictly required, but having the various machines on the same private network, regardless of their physical location, makes some parts easier.</p></div></div></aside><h3 id="hosting-a-git-repo" class="group relative"><a href="#hosting-a-git-repo" class="absolute -left-6 top-1/2 -translate-y-1/2 opacity-0 group-hover:opacity-100 transition-opacity duration-200 text-gray-400 hover:text-gray-600 no-underline">#</a><span style="white-space: pre-wrap;">Hosting a git repo</span></h3><p><span style="white-space: pre-wrap;">On GitHub, an SSH clone URL looks something like:</span></p><blockquote><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">git@github.com:duggan/duggan.ie.git</span></code></blockquote><p><span style="white-space: pre-wrap;">It's an SSH URI just like it would be with </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">scp</span></code><span style="white-space: pre-wrap;"> or </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">rsync</span></code><span style="white-space: pre-wrap;">. A helpful breakdown from </span><a href="https://stackoverflow.com/a/70330178" rel="noreferrer"><span style="white-space: pre-wrap;">Mike Slinn and Jaditpol on StackOverflow</span></a><span style="white-space: pre-wrap;">:</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1
2
3
4"><span style="white-space: pre-wrap;"> git@github</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">com</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;">myuser</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">myrepo</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">git</span><br><span style="white-space: pre-wrap;"> \_</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;"> \________</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;"> \_______________</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">|</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">|</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">|</span><br><span style="white-space: pre-wrap;"> user host path</span></pre><p><span style="white-space: pre-wrap;">Since I'm the only user, I don't need to get fancy, and I can just use my own login.</span></p><p><span style="white-space: pre-wrap;">The </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">origin</span></code><span style="white-space: pre-wrap;"> of a git repo is more or less just the contents of the </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">.git</span></code><span style="white-space: pre-wrap;"> directory in a remote location. That's it. You don't even need to run a git server if you're happy enough using ssh for transport.</span></p><p><span style="white-space: pre-wrap;">I put it outside my home path just to keep it a little out of the way, as I won't need to interact with it too often:</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1
2
3
4
5
6"><span style="white-space: pre-wrap;">sudo mkdir </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">p </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">srv</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">git</span><br><span style="white-space: pre-wrap;">sudo chown </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span class="editor-tokenConstant" style="white-space: pre-wrap;">R</span><span style="white-space: pre-wrap;"> $</span><span class="editor-tokenConstant" style="white-space: pre-wrap;">USER</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;">$</span><span class="editor-tokenConstant" style="white-space: pre-wrap;">USER</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">srv</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">git</span><br><span style="white-space: pre-wrap;">cd </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">srv</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">git</span><br><span style="white-space: pre-wrap;">mkdir example</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">git</span><br><span style="white-space: pre-wrap;">cd example</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">git</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><br><span style="white-space: pre-wrap;">git init </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">--</span><span style="white-space: pre-wrap;">bare</span></pre><p><span style="white-space: pre-wrap;">In my case I've replaced my GitHub </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">origin</span></code><span style="white-space: pre-wrap;"> with this one directly in the </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">.git/config</span></code><span style="white-space: pre-wrap;"> of my local checkout, but when I was testing the waters I just added an additional remote:</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1"><span style="white-space: pre-wrap;">$ git remote add test ross@buildmachine</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">srv</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">git</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">duggan</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">ie</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">git</span></pre><h3 id="building-an-image-on-push" class="group relative"><a href="#building-an-image-on-push" class="absolute -left-6 top-1/2 -translate-y-1/2 opacity-0 group-hover:opacity-100 transition-opacity duration-200 text-gray-400 hover:text-gray-600 no-underline">#</a><span style="white-space: pre-wrap;">Building an image on push</span></h3><p><span style="white-space: pre-wrap;">Git's own hooks system, combined with a Makefile and Docker, is enough to put together a pretty flexible build system for anything you can deploy using a container.</span></p><p><span style="white-space: pre-wrap;">In my newly minted upstream repo, I added a file named </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">post-receive</span></code><span style="white-space: pre-wrap;"> into the </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">hooks</span></code><span style="white-space: pre-wrap;"> directory, i.e., </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">/srv/git/duggan.ie.git/hooks/post-receive</span></code><span style="white-space: pre-wrap;"> (and </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">chmod +x</span></code><span style="white-space: pre-wrap;"> it):</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38"><span style="white-space: pre-wrap;">#!/bin/bash</span><br><br><span style="white-space: pre-wrap;">set </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">e</span><br><br><span style="white-space: pre-wrap;"># Read the push </span><span class="editor-tokenFunction" style="white-space: pre-wrap;">info</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">(</span><span style="white-space: pre-wrap;">branch being updated</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">)</span><br><span class="editor-tokenKeyword" style="white-space: pre-wrap;">while</span><span style="white-space: pre-wrap;"> read oldrev newrev refname</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">;</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">do</span><br><span style="white-space: pre-wrap;"> # Only trigger on main branch</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">if</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">[</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">[</span><span style="white-space: pre-wrap;"> $refname </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">==</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenString" style="white-space: pre-wrap;">"refs/heads/main"</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">]</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">]</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">;</span><span style="white-space: pre-wrap;"> then</span><br><span style="white-space: pre-wrap;"> echo </span><span class="editor-tokenString" style="white-space: pre-wrap;">"=== Build triggered for main branch ==="</span><br><br><span style="white-space: pre-wrap;"> # Get repo name from current directory</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenConstant" style="white-space: pre-wrap;">REPO_NAME</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">=</span><span class="editor-tokenFunction" style="white-space: pre-wrap;">$</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">(</span><span style="white-space: pre-wrap;">basename </span><span class="editor-tokenString" style="white-space: pre-wrap;">"$(pwd)"</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">git</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">)</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenConstant" style="white-space: pre-wrap;">WORK_TREE</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">=</span><span class="editor-tokenString" style="white-space: pre-wrap;">"/tmp/git-build-${REPO_NAME}"</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenConstant" style="white-space: pre-wrap;">GIT_DIR</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">=</span><span class="editor-tokenFunction" style="white-space: pre-wrap;">$</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">(</span><span style="white-space: pre-wrap;">pwd</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">)</span><br><br><span style="white-space: pre-wrap;"> # Clean checkout</span><br><span style="white-space: pre-wrap;"> rm </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">rf </span><span class="editor-tokenString" style="white-space: pre-wrap;">"$WORK_TREE"</span><br><span style="white-space: pre-wrap;"> mkdir </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">p </span><span class="editor-tokenString" style="white-space: pre-wrap;">"$WORK_TREE"</span><br><span style="white-space: pre-wrap;"> git </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">--</span><span style="white-space: pre-wrap;">work</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">tree</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">=</span><span class="editor-tokenString" style="white-space: pre-wrap;">"$WORK_TREE"</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">--</span><span style="white-space: pre-wrap;">git</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">dir</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">=</span><span class="editor-tokenString" style="white-space: pre-wrap;">"$GIT_DIR"</span><span style="white-space: pre-wrap;"> checkout </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">f main</span><br><br><span style="white-space: pre-wrap;"> cd </span><span class="editor-tokenString" style="white-space: pre-wrap;">"$WORK_TREE"</span><br><span style="white-space: pre-wrap;"> # Check </span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">for</span><span style="white-space: pre-wrap;"> Makefile and build target</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">if</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">[</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">[</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">f Makefile </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">]</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">]</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">;</span><span style="white-space: pre-wrap;"> then</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">if</span><span style="white-space: pre-wrap;"> grep </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">q </span><span class="editor-tokenString" style="white-space: pre-wrap;">"^build:"</span><span style="white-space: pre-wrap;"> Makefile</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">;</span><span style="white-space: pre-wrap;"> then</span><br><span style="white-space: pre-wrap;"> echo </span><span class="editor-tokenString" style="white-space: pre-wrap;">"=== Running make build ==="</span><br><span style="white-space: pre-wrap;"> make build</span><br><span style="white-space: pre-wrap;"> echo </span><span class="editor-tokenString" style="white-space: pre-wrap;">"=== Build complete ==="</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">else</span><br><span style="white-space: pre-wrap;"> echo </span><span class="editor-tokenString" style="white-space: pre-wrap;">"Makefile found but no 'build' target, skipping"</span><br><span style="white-space: pre-wrap;"> fi</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">else</span><br><span style="white-space: pre-wrap;"> echo </span><span class="editor-tokenString" style="white-space: pre-wrap;">"No Makefile found, skipping build"</span><br><span style="white-space: pre-wrap;"> fi</span><br><br><span style="white-space: pre-wrap;"> # Cleanup</span><br><span style="white-space: pre-wrap;"> rm </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">rf </span><span class="editor-tokenString" style="white-space: pre-wrap;">"$WORK_TREE"</span><br><span style="white-space: pre-wrap;"> fi</span><br><span style="white-space: pre-wrap;">done</span></pre><p><span style="white-space: pre-wrap;">When I push to the repo, this looks for a </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">Makefile</span></code><span style="white-space: pre-wrap;"> in the root of the repo, checks for a </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">build</span></code><span style="white-space: pre-wrap;"> command and executes it.</span></p><p><figure class="video-wrapper"><video src="/files/4ab4a809cd6e7fa2.mp4" autoplay="" muted="" loop="" playsinline="" data-playback="silentLoop" title="push1.mp4" style="max-width: 100%; height: auto"></video></figure><span style="white-space: pre-wrap;">My </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">Makefile</span></code><span style="white-space: pre-wrap;"> is super basic, just:</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1
2
3
4
5"><span class="editor-tokenConstant" style="white-space: pre-wrap;">IMAGE</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">=</span><span style="white-space: pre-wrap;">localhost</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span class="editor-tokenNumber" style="white-space: pre-wrap;">5000</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">duggan</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">ie</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;">latest</span><br><br><span style="white-space: pre-wrap;">build</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> </span><span style="white-space: pre-wrap;">docker build </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;">t </span><span class="editor-tokenFunction" style="white-space: pre-wrap;">$</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">(</span><span class="editor-tokenConstant" style="white-space: pre-wrap;">IMAGE</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">)</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><br><span style="white-space: pre-wrap;"> </span><span style="white-space: pre-wrap;">docker push </span><span class="editor-tokenFunction" style="white-space: pre-wrap;">$</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">(</span><span class="editor-tokenConstant" style="white-space: pre-wrap;">IMAGE</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">)</span></pre><p><span style="white-space: pre-wrap;">As a bonus, I could have thrown that post-receive script into a </span><span class="tooltip-wrapper tooltip-trigger cursor-help underline decoration-dotted" data-tooltip="true"><span style="white-space: pre-wrap;">git template</span><template data-tooltip-content=""><p><span style="white-space: pre-wrap;">For example, you can throw `post-receive` into a directory at `/srv/git/template` then configure via the git config:</span></p><p><br><span style="white-space: pre-wrap;">git config --global init.templateDir /srv/git/template</span></p><p><br></p></template></span><span style="white-space: pre-wrap;"> so that new repos are automatically created with a copy of the post receive script, but it doesn't seem necessary just yet.</span></p><p><span style="white-space: pre-wrap;">On the build machine I've also enabled my user account to run docker directly without requiring </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">sudo</span></code><span style="white-space: pre-wrap;">:</span></p><p><div class="link-preview-card border border-gray-200 rounded-lg overflow-hidden my-4"><a href="https://docs.docker.com/engine/install/linux-postinstall/" target="_blank" rel="noopener noreferrer" class="no-underline text-inherit flex flex-row"><div class="flex-1 p-3 min-w-0"><div class="link-preview-site flex items-center gap-1.5 mb-2 text-xs text-gray-500"><img src="/files/7d2f187075a49630.svg" class="w-4 h-4 m-0"><span>Docker Documentation</span></div><div class="link-preview-title font-semibold text-base leading-tight mb-1">Post-installation steps</div><div class="link-preview-description text-sm text-gray-500 leading-snug line-clamp-2">Find the recommended Docker Engine post-installation steps for Linux users, including how to run Docker as a non-root user and more.</div><div class="text-xs text-gray-400 mt-2">docs.docker.com</div></div><div class="w-[200px] shrink-0 overflow-hidden bg-gray-100"><img src="/files/9fdaa65db57e044d.webp" alt="Post-installation steps" class="w-full h-full object-cover m-0"></div></a></div></p><h3 id="hosting-an-image" class="group relative"><a href="#hosting-an-image" class="absolute -left-6 top-1/2 -translate-y-1/2 opacity-0 group-hover:opacity-100 transition-opacity duration-200 text-gray-400 hover:text-gray-600 no-underline">#</a><span style="white-space: pre-wrap;">Hosting an image</span></h3><p><span style="white-space: pre-wrap;">At this point the image is built, which will be fine if I just wanted to run the container on the same machine, but I need to deploy this to my little Hetzner VPS.</span></p><p><span style="white-space: pre-wrap;">This is where Tailscale comes in handy, as it lets me have Docker's own </span><a href="https://distribution.github.io/distribution/" rel="noreferrer"><span style="white-space: pre-wrap;">container registry</span></a><span style="white-space: pre-wrap;"> running on my build server, which I then pull from on the VPS. It's very straightforward to set up.</span></p><p><span style="white-space: pre-wrap;">On the build server I have a </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">docker-compose.yml</span></code><span style="white-space: pre-wrap;"> file with the registry configured:</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1
2
3
4
5
6
7
8
9
10
11"><span style="white-space: pre-wrap;"> </span><span style="white-space: pre-wrap;">services</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> registry</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> image</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;"> registry</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span class="editor-tokenNumber" style="white-space: pre-wrap;">2</span><br><span style="white-space: pre-wrap;"> container_name</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;"> registry</span><br><span style="white-space: pre-wrap;"> restart</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;"> always</span><br><span style="white-space: pre-wrap;"> ports</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenString" style="white-space: pre-wrap;">"5000:5000"</span><br><span style="white-space: pre-wrap;"> volumes</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenOperator" style="white-space: pre-wrap;">-</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">data</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span class="editor-tokenKeyword" style="white-space: pre-wrap;">var</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">lib</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">registry</span><br><span style="white-space: pre-wrap;"> environment</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenConstant" style="white-space: pre-wrap;">REGISTRY_STORAGE_DELETE_ENABLED</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenString" style="white-space: pre-wrap;">"true"</span></pre><h3 id="deploying-from-a-private-registry" class="group relative"><a href="#deploying-from-a-private-registry" class="absolute -left-6 top-1/2 -translate-y-1/2 opacity-0 group-hover:opacity-100 transition-opacity duration-200 text-gray-400 hover:text-gray-600 no-underline">#</a><span style="white-space: pre-wrap;">Deploying from a private registry</span></h3><p><span style="white-space: pre-wrap;">With the registry and VPS both on the Tailscale network, I can allow regular HTTP traffic, which requires a small tweak to Docker on the VPS.</span></p><p><span style="white-space: pre-wrap;">In </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">/etc/docker/daemon.json</span></code><span style="white-space: pre-wrap;">:</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1
2
3"><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">{</span><br><span style="white-space: pre-wrap;"> </span><span class="editor-tokenString" style="white-space: pre-wrap;">"insecure-registries"</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;"> </span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">[</span><span class="editor-tokenString" style="white-space: pre-wrap;">"buildmachine:5000"</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">]</span><br><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">}</span></pre><p><span style="white-space: pre-wrap;">With that done, I'm able to update my </span><code spellcheck="false" style="white-space: pre-wrap;"><span class="bg-gray-50 dark:bg-gray-800/30 font-mono px-2 py-0.5 rounded border border-gray-200/60 dark:border-gray-700/50 text-gray-800 dark:text-gray-200 relative before:absolute before:inset-0 before:bg-gradient-to-r before:from-blue-50/30 before:to-purple-50/30 dark:before:from-blue-900/20 dark:before:to-purple-900/20 before:-z-10">make deploy</span></code><span style="white-space: pre-wrap;"> command to point at the new registry:</span></p><pre class="editor-code line-numbers" spellcheck="false" data-highlight-language="javascript" data-gutter="1
2
3
4"><span style="white-space: pre-wrap;">services</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> web</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><br><span style="white-space: pre-wrap;"> image</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;"> buildmachine</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span class="editor-tokenNumber" style="white-space: pre-wrap;">5000</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">/</span><span style="white-space: pre-wrap;">duggan</span><span class="editor-tokenPunctuation" style="white-space: pre-wrap;">.</span><span style="white-space: pre-wrap;">ie</span><span class="editor-tokenOperator" style="white-space: pre-wrap;">:</span><span style="white-space: pre-wrap;">latest</span><br></pre><p><span style="white-space: pre-wrap;">This all works much more quickly than before, and since it's running the builds over SSH directly, I'm getting feedback faster than I would refreshing a build log.</span></p><hr><p><i><em class="italic" style="white-space: pre-wrap;">There is currently no comments system. If you'd like to share an opinion either with me or about this post, please feel free to do so with me either via email (</em></i><a href="mailto:ross@duggan.ie" rel="noreferrer" dir="ltr"><i><em class="italic" style="white-space: pre-wrap;">ross@duggan.ie</em></i></a><i><em class="italic" style="white-space: pre-wrap;">) on Mastodon (</em></i><a href="http://mastodon.ie/@duggan" rel="noreferrer" dir="ltr"><i><em class="italic" style="white-space: pre-wrap;">@duggan@mastodon.ie</em></i></a><i><em class="italic" style="white-space: pre-wrap;">) or even on </em></i><a href="https://news.ycombinator.com" rel="noreferrer" dir="ltr"><i><em class="italic" style="white-space: pre-wrap;">Hacker News</em></i></a><a href="https://news.ycombinator.com" rel="noreferrer"><i><em class="italic" style="white-space: pre-wrap;">.</em></i></a></p>
2026-01-12T00:12:06.449Z
<p><span style="white-space: pre-wrap;">GitHub, Github Actions, and the GitHub Container Registry have been how I've been handling builds, but it's been slow, and it's started to seem absurd to have all these builds occurring in some random datacenter presumably on the other side of the Atlantic ocean, that I am then pulling back to a server in Europe.</span></p><p><span style="white-space: pre-wrap;">I started fishing around for a locally hosted replacement, coming across </span><a href="http://forgejo.org" rel="noreferrer"><span style="white-space: pre-wrap;">Forgejo</span></a><span style="white-space: pre-wrap;">, </span><a href="http://woodpecker-ci.org" rel="noreferrer"><span style="white-space: pre-wrap;">Woodpecker CI</span></a><span style="white-space: pre-wrap;">, and </span><a href="https://onedev.io" rel="noreferrer"><span style="white-space: pre-wrap;">OneDev</span></a><span style="white-space: pre-wrap;"> in addition to more familiar names like </span><a href="https://gitlab.com" rel="noreferrer"><span style="white-space: pre-wrap;">GitLab</span></a><span style="white-space: pre-wrap;"> and </span><a href="http://sourcehut.org" rel="noreferrer"><span style="white-space: pre-wrap;">SourceHut</span></a><span style="white-space: pre-wrap;">.</span></p><p><span style="white-space: pre-wrap;">At some point it occurred to me that this was a lot of ceremony for something relatively simple. How hard could it be just to have a git remote and hang some builds off it? I'm not trying to launch my own GitHub here.</span></p>