daviestechlabs/kuberay-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Use internal HTTP endpoint for rootless DinD runner
Some checks failed
Build and Push Images / determine-version (push) Successful in 1m30s
Details
Build and Push Images / build-nvidia (push) Failing after 6m24s
Details
Build and Push Images / build-strixhalo (push) Failing after 5m14s
Details
Build and Push Images / build-rdna2 (push) Failing after 6m54s
Details
Build and Push Images / build-intel (push) Failing after 5m59s
Details
Build and Push Images / Release (push) Has been skipped
Details
Build and Push Images / Notify (push) Successful in 2s
Details

Browse Source 
- Switch from external HTTPS to internal HTTP (gitea-http.gitea.svc.cluster.local:3000)
- Remove sudo commands that don't work in rootless Docker-in-Docker
- Use direct docker login with --password-stdin for compatibility
- Add http=true to buildkitd config for HTTP registry
This commit is contained in:
Billy Davies
2026-02-04 15:27:53 -05:00
parent 110d1eab55
commit 9e9a93b838
1 changed files with 20 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
.gitea/workflows/build-push.yaml
View File

@@ -23,9 +23,9 @@ on:
default: 'all'
env:
# Use external registry URL for proper Bearer token auth flow
REGISTRY: registry.lab.daviestechlabs.io/daviestechlabs
REGISTRY_HOST: registry.lab.daviestechlabs.io
# Use internal cluster HTTP endpoint (no TLS cert issues for in-cluster runner)
REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs
REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000
NTFY_URL: http://ntfy.observability.svc.cluster.local:80
jobs:
@@ -98,19 +98,12 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
# Configure Docker daemon to allow insecure registry (self-signed cert)
- name: Configure Docker for insecure registry
run: |
sudo mkdir -p /etc/docker
echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker || sudo service docker restart || true
sleep 2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
# Login to Docker Hub to avoid pull rate limits
@@ -121,14 +114,11 @@ jobs:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Login to Gitea registry (uses docker/login-action for buildx compatibility)
# Login to Gitea registry (direct docker login for rootless DinD compatibility)
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin
- name: Extract metadata
id: meta
@@ -161,19 +151,12 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
# Configure Docker daemon to allow insecure registry (self-signed cert)
- name: Configure Docker for insecure registry
run: |
sudo mkdir -p /etc/docker
echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker || sudo service docker restart || true
sleep 2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
- name: Login to Docker Hub
@@ -185,11 +168,8 @@ jobs:
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin
- name: Extract metadata
id: meta
@@ -222,19 +202,12 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
# Configure Docker daemon to allow insecure registry (self-signed cert)
- name: Configure Docker for insecure registry
run: |
sudo mkdir -p /etc/docker
echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker || sudo service docker restart || true
sleep 2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
- name: Login to Docker Hub
@@ -246,11 +219,8 @@ jobs:
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin
- name: Extract metadata
id: meta
@@ -283,19 +253,12 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
# Configure Docker daemon to allow insecure registry (self-signed cert)
- name: Configure Docker for insecure registry
run: |
sudo mkdir -p /etc/docker
echo '{"insecure-registries": ["registry.lab.daviestechlabs.io"]}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker || sudo service docker restart || true
sleep 2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
- name: Login to Docker Hub
@@ -307,11 +270,8 @@ jobs:
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin
- name: Extract metadata
id: meta