From bc3c115b90ecac3389e9a89b6728bea8a7c1c99a Mon Sep 17 00:00:00 2001 From: "Billy D." Date: Wed, 4 Feb 2026 18:08:28 -0500 Subject: [PATCH] fix: Use internal HTTP endpoint with buildx config and direct auth - Back to internal endpoint (avoids Cloudflare 100MB limit) - buildkitd-config-inline: http=true, insecure=true for HTTP registry - Create ~/.docker/config.json directly with base64 auth - No docker login command (it defaults to HTTPS) - Buildx reads config.json for push authentication --- .gitea/workflows/build-push.yaml | 114 ++++++++++++++++++++++--------- 1 file changed, 83 insertions(+), 31 deletions(-) diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml index 27ee851..fed41b3 100644 --- a/.gitea/workflows/build-push.yaml +++ b/.gitea/workflows/build-push.yaml @@ -23,9 +23,9 @@ on: default: 'all' env: - # Use external HTTPS endpoint with valid Let's Encrypt cert - REGISTRY: git.daviestechlabs.io/daviestechlabs - REGISTRY_HOST: git.daviestechlabs.io + # Use internal HTTP endpoint (avoids Cloudflare 100MB limit and HTTPS issues) + REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs + REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000 NTFY_URL: http://ntfy.observability.svc.cluster.local:80 jobs: @@ -100,6 +100,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true + insecure = true # Login to Docker Hub to avoid pull rate limits - name: Login to Docker Hub @@ -109,14 +114,22 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Login to Gitea registry (external HTTPS with valid cert) - - name: Login to Gitea Registry + # Configure Gitea registry auth (create config.json directly for HTTP registry) + - name: Configure Gitea Registry Auth if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0) + mkdir -p ~/.docker + cat > ~/.docker/config.json << EOF + { + "auths": { + "${{ env.REGISTRY_HOST }}": { + "auth": "$AUTH" + } + } + } + EOF + echo "Auth configured for ${{ env.REGISTRY_HOST }}" - name: Extract metadata id: meta @@ -151,6 +164,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true + insecure = true - name: Login to Docker Hub if: vars.DOCKERHUB_USERNAME != '' @@ -159,14 +177,22 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Login to Gitea registry (external HTTPS with valid cert) - - name: Login to Gitea Registry + # Configure Gitea registry auth (create config.json directly for HTTP registry) + - name: Configure Gitea Registry Auth if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0) + mkdir -p ~/.docker + cat > ~/.docker/config.json << EOF + { + "auths": { + "${{ env.REGISTRY_HOST }}": { + "auth": "$AUTH" + } + } + } + EOF + echo "Auth configured for ${{ env.REGISTRY_HOST }}" - name: Extract metadata id: meta @@ -201,6 +227,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true + insecure = true - name: Login to Docker Hub if: vars.DOCKERHUB_USERNAME != '' @@ -209,14 +240,22 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Login to Gitea registry (external HTTPS with valid cert) - - name: Login to Gitea Registry + # Configure Gitea registry auth (create config.json directly for HTTP registry) + - name: Configure Gitea Registry Auth if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0) + mkdir -p ~/.docker + cat > ~/.docker/config.json << EOF + { + "auths": { + "${{ env.REGISTRY_HOST }}": { + "auth": "$AUTH" + } + } + } + EOF + echo "Auth configured for ${{ env.REGISTRY_HOST }}" - name: Extract metadata id: meta @@ -251,6 +290,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [registry."gitea-http.gitea.svc.cluster.local:3000"] + http = true + insecure = true - name: Login to Docker Hub if: vars.DOCKERHUB_USERNAME != '' @@ -259,14 +303,22 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Login to Gitea registry (external HTTPS with valid cert) - - name: Login to Gitea Registry + # Configure Gitea registry auth (create config.json directly for HTTP registry) + - name: Configure Gitea Registry Auth if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + run: | + AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0) + mkdir -p ~/.docker + cat > ~/.docker/config.json << EOF + { + "auths": { + "${{ env.REGISTRY_HOST }}": { + "auth": "$AUTH" + } + } + } + EOF + echo "Auth configured for ${{ env.REGISTRY_HOST }}" - name: Extract metadata id: meta