From c050d11ab49878ed4e0b432be0b17014c017c1e3 Mon Sep 17 00:00:00 2001 From: "Billy D." Date: Thu, 19 Feb 2026 07:04:24 -0500 Subject: [PATCH] fix: login to registries before buildx setup for auth propagation - Move Docker Hub + Gitea logins before setup-buildx-action so BuildKit container inherits credentials from ~/.docker/config.json - Remove broken 'Configure Docker for insecure registry' step (DinD runner already configured via configmap daemon.json, systemd unavailable) - Make Docker Hub login unconditional using secrets (not vars) - Fixes 429 Too Many Requests on docker.io base image pulls --- .gitea/workflows/ci.yml | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 15698e8..fe44375 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -83,26 +83,10 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."gitea-http.gitea.svc.cluster.local:3000"] - http = true - insecure = true - - - name: Configure Docker for insecure registry - run: | - sudo mkdir -p /etc/docker - echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker || sudo service docker restart || true - sleep 2 - - name: Login to Docker Hub - if: vars.DOCKERHUB_USERNAME != '' uses: docker/login-action@v3 with: - username: ${{ vars.DOCKERHUB_USERNAME }} + username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Gitea Registry @@ -112,6 +96,14 @@ jobs: username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true + insecure = true + - name: Extract metadata id: meta uses: docker/metadata-action@v5