diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml index 381652d..27ee851 100644 --- a/.gitea/workflows/build-push.yaml +++ b/.gitea/workflows/build-push.yaml @@ -23,9 +23,9 @@ on: default: 'all' env: - # Use internal cluster HTTP endpoint (no TLS cert issues for in-cluster runner) - REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs - REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000 + # Use external HTTPS endpoint with valid Let's Encrypt cert + REGISTRY: git.daviestechlabs.io/daviestechlabs + REGISTRY_HOST: git.daviestechlabs.io NTFY_URL: http://ntfy.observability.svc.cluster.local:80 jobs: @@ -100,11 +100,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."gitea-http.gitea.svc.cluster.local:3000"] - http = true - insecure = true # Login to Docker Hub to avoid pull rate limits - name: Login to Docker Hub @@ -114,23 +109,14 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Create docker config for buildx to use (no daemon restart needed) - - name: Configure registry credentials + # Login to Gitea registry (external HTTPS with valid cert) + - name: Login to Gitea Registry if: github.event_name != 'pull_request' - run: | - mkdir -p ~/.docker - echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true - # Also try creating auth directly for buildx - AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) - cat > ~/.docker/config.json << EOF - { - "auths": { - "${{ env.REGISTRY_HOST }}": { - "auth": "$AUTH" - } - } - } - EOF + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_TOKEN }} - name: Extract metadata id: meta @@ -165,11 +151,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."gitea-http.gitea.svc.cluster.local:3000"] - http = true - insecure = true - name: Login to Docker Hub if: vars.DOCKERHUB_USERNAME != '' @@ -178,23 +159,14 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Create docker config for buildx to use (no daemon restart needed) - - name: Configure registry credentials + # Login to Gitea registry (external HTTPS with valid cert) + - name: Login to Gitea Registry if: github.event_name != 'pull_request' - run: | - mkdir -p ~/.docker - echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true - # Also try creating auth directly for buildx - AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) - cat > ~/.docker/config.json << EOF - { - "auths": { - "${{ env.REGISTRY_HOST }}": { - "auth": "$AUTH" - } - } - } - EOF + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_TOKEN }} - name: Extract metadata id: meta @@ -229,11 +201,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."gitea-http.gitea.svc.cluster.local:3000"] - http = true - insecure = true - name: Login to Docker Hub if: vars.DOCKERHUB_USERNAME != '' @@ -242,23 +209,14 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Create docker config for buildx to use (no daemon restart needed) - - name: Configure registry credentials + # Login to Gitea registry (external HTTPS with valid cert) + - name: Login to Gitea Registry if: github.event_name != 'pull_request' - run: | - mkdir -p ~/.docker - echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true - # Also try creating auth directly for buildx - AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) - cat > ~/.docker/config.json << EOF - { - "auths": { - "${{ env.REGISTRY_HOST }}": { - "auth": "$AUTH" - } - } - } - EOF + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_TOKEN }} - name: Extract metadata id: meta @@ -293,11 +251,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."gitea-http.gitea.svc.cluster.local:3000"] - http = true - insecure = true - name: Login to Docker Hub if: vars.DOCKERHUB_USERNAME != '' @@ -306,23 +259,14 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Create docker config for buildx to use (no daemon restart needed) - - name: Configure registry credentials + # Login to Gitea registry (external HTTPS with valid cert) + - name: Login to Gitea Registry if: github.event_name != 'pull_request' - run: | - mkdir -p ~/.docker - echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true - # Also try creating auth directly for buildx - AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) - cat > ~/.docker/config.json << EOF - { - "auths": { - "${{ env.REGISTRY_HOST }}": { - "auth": "$AUTH" - } - } - } - EOF + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_TOKEN }} - name: Extract metadata id: meta