fix: Use internal HTTP endpoint with buildx config and direct auth

- Back to internal endpoint (avoids Cloudflare 100MB limit) - buildkitd-config-inline: http=true, insecure=true for HTTP registry - Create ~/.docker/config.json directly with base64 auth - No docker login command (it defaults to HTTPS) - Buildx reads config.json for push authentication
2026-02-04 18:08:28 -05:00
parent dd6c400581
commit bc3c115b90
1 changed files with 83 additions and 31 deletions
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -23,9 +23,9 @@ on:
        default: 'all'

 env:
-  # Use external HTTPS endpoint with valid Let's Encrypt cert
-  REGISTRY: git.daviestechlabs.io/daviestechlabs
-  REGISTRY_HOST: git.daviestechlabs.io
+  # Use internal HTTP endpoint (avoids Cloudflare 100MB limit and HTTPS issues)
+  REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs
+  REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000
  NTFY_URL: http://ntfy.observability.svc.cluster.local:80

 jobs:
@@ -100,6 +100,11 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-config-inline: |
+            [registry."gitea-http.gitea.svc.cluster.local:3000"]
+              http = true
+              insecure = true

      # Login to Docker Hub to avoid pull rate limits
      - name: Login to Docker Hub
@@ -109,14 +114,22 @@ jobs:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

-      # Login to Gitea registry (external HTTPS with valid cert)
-      - name: Login to Gitea Registry
+      # Configure Gitea registry auth (create config.json directly for HTTP registry)
+      - name: Configure Gitea Registry Auth
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY_HOST }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+        run: |
+          AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
+          mkdir -p ~/.docker
+          cat > ~/.docker/config.json << EOF
+          {
+            "auths": {
+              "${{ env.REGISTRY_HOST }}": {
+                "auth": "$AUTH"
+              }
+            }
+          }
+          EOF
+          echo "Auth configured for ${{ env.REGISTRY_HOST }}"

      - name: Extract metadata
        id: meta
@@ -151,6 +164,11 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-config-inline: |
+            [registry."gitea-http.gitea.svc.cluster.local:3000"]
+              http = true
+              insecure = true

      - name: Login to Docker Hub
        if: vars.DOCKERHUB_USERNAME != ''
@@ -159,14 +177,22 @@ jobs:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

-      # Login to Gitea registry (external HTTPS with valid cert)
-      - name: Login to Gitea Registry
+      # Configure Gitea registry auth (create config.json directly for HTTP registry)
+      - name: Configure Gitea Registry Auth
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY_HOST }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+        run: |
+          AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
+          mkdir -p ~/.docker
+          cat > ~/.docker/config.json << EOF
+          {
+            "auths": {
+              "${{ env.REGISTRY_HOST }}": {
+                "auth": "$AUTH"
+              }
+            }
+          }
+          EOF
+          echo "Auth configured for ${{ env.REGISTRY_HOST }}"

      - name: Extract metadata
        id: meta
@@ -201,6 +227,11 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-config-inline: |
+            [registry."gitea-http.gitea.svc.cluster.local:3000"]
+              http = true
+              insecure = true

      - name: Login to Docker Hub
        if: vars.DOCKERHUB_USERNAME != ''
@@ -209,14 +240,22 @@ jobs:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

-      # Login to Gitea registry (external HTTPS with valid cert)
-      - name: Login to Gitea Registry
+      # Configure Gitea registry auth (create config.json directly for HTTP registry)
+      - name: Configure Gitea Registry Auth
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY_HOST }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+        run: |
+          AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
+          mkdir -p ~/.docker
+          cat > ~/.docker/config.json << EOF
+          {
+            "auths": {
+              "${{ env.REGISTRY_HOST }}": {
+                "auth": "$AUTH"
+              }
+            }
+          }
+          EOF
+          echo "Auth configured for ${{ env.REGISTRY_HOST }}"

      - name: Extract metadata
        id: meta
@@ -251,6 +290,11 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-config-inline: |
+            [registry."gitea-http.gitea.svc.cluster.local:3000"]
+              http = true
+              insecure = true

      - name: Login to Docker Hub
        if: vars.DOCKERHUB_USERNAME != ''
@@ -259,14 +303,22 @@ jobs:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

-      # Login to Gitea registry (external HTTPS with valid cert)
-      - name: Login to Gitea Registry
+      # Configure Gitea registry auth (create config.json directly for HTTP registry)
+      - name: Configure Gitea Registry Auth
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY_HOST }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+        run: |
+          AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
+          mkdir -p ~/.docker
+          cat > ~/.docker/config.json << EOF
+          {
+            "auths": {
+              "${{ env.REGISTRY_HOST }}": {
+                "auth": "$AUTH"
+              }
+            }
+          }
+          EOF
+          echo "Auth configured for ${{ env.REGISTRY_HOST }}"

      - name: Extract metadata
        id: meta