From e7ef7e9439424c18148636ca85fa7f81a54a291d Mon Sep 17 00:00:00 2001
From: Nicolas Cantu <nicolas.cantu@pm.me>
Date: Wed, 10 Sep 2025 12:51:56 +0200
Subject: [PATCH] ci(build): enable SSH forwarding for docker buildx (--ssh
 default) and allow buildkit entitlements

---
 .gitea/workflows/dev.yml  | 2 ++
 scripts/build_and_push.sh | 1 +
 2 files changed, 3 insertions(+)

diff --git a/.gitea/workflows/dev.yml b/.gitea/workflows/dev.yml
index d26eee4..9549219 100644
--- a/.gitea/workflows/dev.yml
+++ b/.gitea/workflows/dev.yml
@@ -22,6 +22,8 @@ jobs:
           git config --global url.ssh://git@git.4nkweb.com/.insteadOf https://git.4nkweb.com/
       - name: Setup Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-flags: --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
       - name: Login to Gitea Registry
         uses: docker/login-action@v3
         with:
diff --git a/scripts/build_and_push.sh b/scripts/build_and_push.sh
index 5aa36d2..061f254 100644
--- a/scripts/build_and_push.sh
+++ b/scripts/build_and_push.sh
@@ -64,6 +64,7 @@ for name in "${submodules[@]}"; do
     date -Is
     docker buildx build \
       --pull \
+      --ssh default \
       --progress=plain \
       --tag "${full_ref}" \
       "${path}"