Split rootless and with root for dockerd

.woodpecker/build.yaml

@@ -61,6 +61,18 @@ steps:
         org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI.
         org.opencontainers.image.ref.name: kokuwaio/dockerd
 
+  dockerd-rootless-pr:
+    <<: *pr
+    settings:
+      <<: *settings-pr
+      name: registry.kokuwa.io/kokuwaio/dockerd:ci-${CI_PIPELINE_NUMBER}-rootless
+      target: dockerd-rootless
+      annotation:
+        <<: *annotation
+        org.opencontainers.image.title: Docker Daemon for WoodpeckerCI
+        org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI.
+        org.opencontainers.image.ref.name: kokuwaio/dockerd
+
   cli-pr:
     <<: *pr
     settings:
@@ -110,6 +122,24 @@ steps:
         org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI.
         org.opencontainers.image.ref.name: kokuwaio/dockerd
 
+  dockerd-rootless:
+    <<: *push
+    settings:
+      <<: *settings-push
+      name:
+        - registry.kokuwa.io/kokuwaio/dockerd:rootless
+        - registry.kokuwa.io/kokuwaio/dockerd:28.2.2-rootless
+        - docker.io/kokuwaio/dockerd:rootless
+        - docker.io/kokuwaio/dockerd:28.2.2-rootless
+        - ghcr.io/kokuwaio/dockerd:rootless
+        - ghcr.io/kokuwaio/dockerd:28.2.2-rootless
+      target: dockerd-rootless
+      annotation:
+        <<: *annotation
+        org.opencontainers.image.title: Docker Daemon for WoodpeckerCI
+        org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI.
+        org.opencontainers.image.ref.name: kokuwaio/dockerd
+
   cli:
     <<: *push
     settings:

.woodpecker/test.yaml

@@ -12,7 +12,7 @@ labels:
 
 services:
   - name: dockerd
-    image: registry.kokuwa.io/kokuwaio/dockerd:ci-${CI_PIPELINE_NUMBER}
+    image: registry.kokuwa.io/kokuwaio/dockerd:ci-${CI_PIPELINE_NUMBER}-rootless
     ports: [2375]
     privileged: true
 

Dockerfile

@@ -5,7 +5,6 @@
 ##
 
 FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS download
-SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 WORKDIR /tmp/docker
 RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
 	--mount=type=cache,target=/var/cache \
@@ -25,7 +24,21 @@ RUN ARCH=$(dpkg --print-architecture) && curl --fail --silent --parallel --remot
 ##
 
 FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS dockerd
-SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
+RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
+	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	--mount=type=cache,target=/var/cache \
+	--mount=type=tmpfs,target=/var/log \
+	apt-get -qq update && \
+	apt-get -qq install --yes --no-install-recommends /tmp/docker/containerd*.deb /tmp/docker/docker-ce-cli* /tmp/docker/docker-ce_*.deb ca-certificates && \
+	rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status
+COPY --chmod=555 entrypoint-rootless.sh /usr/bin/entrypoint.sh
+ENTRYPOINT ["/usr/bin/entrypoint.sh"]
+
+##
+## Docker Daemon (rootless)
+##
+
+FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS dockerd-rootless
 RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
 	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
 	--mount=type=cache,target=/var/cache \
@@ -46,7 +59,6 @@ USER 1000
 ##
 
 FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS cli-base
-SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
 	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
 	--mount=type=cache,target=/var/cache \

Dockerfile.dockerignore

@@ -1,3 +1,4 @@
 .*
 
 !entrypoint.sh
+!entrypoint-rootless.sh

README.md

@@ -14,7 +14,7 @@ Also usable with Gitlab, Github or locally, see examples for usage.
 
 ## Features
 
-- dockerd: includes rootlesskit
+- dockerd: with and without rootlesskit
 - dockerd: configures mirror for dockerd
 - cli: with buildkit
 - cli: [variants](https://hub.docker.com/r/kokuwaio/docker-cli/tags):