diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml index 89ad423..8ca010b 100644 --- a/.gitea/workflows/build-push.yaml +++ b/.gitea/workflows/build-push.yaml @@ -23,9 +23,9 @@ on: default: 'all' env: - # Use external registry URL for proper Bearer token auth flow - REGISTRY: registry.lab.daviestechlabs.io/daviestechlabs - REGISTRY_HOST: registry.lab.daviestechlabs.io + # Use internal cluster HTTP endpoint (no TLS cert issues for in-cluster runner) + REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs + REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000 NTFY_URL: http://ntfy.observability.svc.cluster.local:80 jobs: @@ -98,19 +98,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # Configure Docker daemon to allow insecure registry (self-signed cert) - - name: Configure Docker for insecure registry - run: | - sudo mkdir -p /etc/docker - echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker || sudo service docker restart || true - sleep 2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: buildkitd-config-inline: | - [registry."registry.lab.daviestechlabs.io"] + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true insecure = true # Login to Docker Hub to avoid pull rate limits @@ -121,14 +114,11 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Login to Gitea registry (uses docker/login-action for buildx compatibility) + # Login to Gitea registry (direct docker login for rootless DinD compatibility) - name: Login to Gitea Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - name: Extract metadata id: meta @@ -161,19 +151,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # Configure Docker daemon to allow insecure registry (self-signed cert) - - name: Configure Docker for insecure registry - run: | - sudo mkdir -p /etc/docker - echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker || sudo service docker restart || true - sleep 2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: buildkitd-config-inline: | - [registry."registry.lab.daviestechlabs.io"] + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true insecure = true - name: Login to Docker Hub @@ -185,11 +168,8 @@ jobs: - name: Login to Gitea Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - name: Extract metadata id: meta @@ -222,19 +202,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # Configure Docker daemon to allow insecure registry (self-signed cert) - - name: Configure Docker for insecure registry - run: | - sudo mkdir -p /etc/docker - echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker || sudo service docker restart || true - sleep 2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: buildkitd-config-inline: | - [registry."registry.lab.daviestechlabs.io"] + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true insecure = true - name: Login to Docker Hub @@ -246,11 +219,8 @@ jobs: - name: Login to Gitea Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - name: Extract metadata id: meta @@ -283,19 +253,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # Configure Docker daemon to allow insecure registry (self-signed cert) - - name: Configure Docker for insecure registry - run: | - sudo mkdir -p /etc/docker - echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker || sudo service docker restart || true - sleep 2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: buildkitd-config-inline: | - [registry."registry.lab.daviestechlabs.io"] + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true insecure = true - name: Login to Docker Hub @@ -307,11 +270,8 @@ jobs: - name: Login to Gitea Registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - name: Extract metadata id: meta