daviestechlabs/kuberay-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Use external HTTPS endpoint with valid cert for registry
Some checks failed
Build and Push Images / determine-version (push) Successful in 54s
Details
Build and Push Images / Release (push) Has been cancelled
Details
Build and Push Images / Notify (push) Has been cancelled
Details
Build and Push Images / build-strixhalo (push) Has been cancelled
Details
Build and Push Images / build-intel (push) Has been cancelled
Details
Build and Push Images / build-rdna2 (push) Has been cancelled
Details
Build and Push Images / build-nvidia (push) Has been cancelled
Details

Browse Source 
Simplify approach - use git.daviestechlabs.io external endpoint
which has valid Let's Encrypt cert. Much cleaner than fighting
with HTTP/HTTPS issues on internal endpoints.

- Remove buildkitd-config-inline (not needed for valid HTTPS)
- Remove manual config.json creation
- Use standard docker/login-action for Gitea registry
This commit is contained in:
Billy Davies
2026-02-04 18:01:58 -05:00
parent a77d5db274
commit dd6c400581
1 changed files with 31 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
.gitea/workflows/build-push.yaml
View File

@@ -23,9 +23,9 @@ on:
default: 'all' default: 'all'
env: env:
# Use internal cluster HTTP endpoint (no TLS cert issues for in-cluster runner) # Use external HTTPS endpoint with valid Let's Encrypt cert
REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs REGISTRY: git.daviestechlabs.io/daviestechlabs
REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000 REGISTRY_HOST: git.daviestechlabs.io
NTFY_URL: http://ntfy.observability.svc.cluster.local:80 NTFY_URL: http://ntfy.observability.svc.cluster.local:80
jobs: jobs:
@@ -100,11 +100,6 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
# Login to Docker Hub to avoid pull rate limits # Login to Docker Hub to avoid pull rate limits
- name: Login to Docker Hub - name: Login to Docker Hub
@@ -114,23 +109,14 @@ jobs:
username: ${{ vars.DOCKERHUB_USERNAME }} username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
# Create docker config for buildx to use (no daemon restart needed) # Login to Gitea registry (external HTTPS with valid cert)
- name: Configure registry credentials - name: Login to Gitea Registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
run: | uses: docker/login-action@v3
mkdir -p ~/.docker with:
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true registry: ${{ env.REGISTRY_HOST }}
# Also try creating auth directly for buildx username: ${{ secrets.REGISTRY_USER }}
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) password: ${{ secrets.REGISTRY_TOKEN }}
cat > ~/.docker/config.json << EOF
{
"auths": {
"${{ env.REGISTRY_HOST }}": {
"auth": "$AUTH"
}
}
}
EOF
- name: Extract metadata - name: Extract metadata
id: meta id: meta
@@ -165,11 +151,6 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
- name: Login to Docker Hub - name: Login to Docker Hub
if: vars.DOCKERHUB_USERNAME != '' if: vars.DOCKERHUB_USERNAME != ''
@@ -178,23 +159,14 @@ jobs:
username: ${{ vars.DOCKERHUB_USERNAME }} username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
# Create docker config for buildx to use (no daemon restart needed) # Login to Gitea registry (external HTTPS with valid cert)
- name: Configure registry credentials - name: Login to Gitea Registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
run: | uses: docker/login-action@v3
mkdir -p ~/.docker with:
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true registry: ${{ env.REGISTRY_HOST }}
# Also try creating auth directly for buildx username: ${{ secrets.REGISTRY_USER }}
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) password: ${{ secrets.REGISTRY_TOKEN }}
cat > ~/.docker/config.json << EOF
{
"auths": {
"${{ env.REGISTRY_HOST }}": {
"auth": "$AUTH"
}
}
}
EOF
- name: Extract metadata - name: Extract metadata
id: meta id: meta
@@ -229,11 +201,6 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
- name: Login to Docker Hub - name: Login to Docker Hub
if: vars.DOCKERHUB_USERNAME != '' if: vars.DOCKERHUB_USERNAME != ''
@@ -242,23 +209,14 @@ jobs:
username: ${{ vars.DOCKERHUB_USERNAME }} username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
# Create docker config for buildx to use (no daemon restart needed) # Login to Gitea registry (external HTTPS with valid cert)
- name: Configure registry credentials - name: Login to Gitea Registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
run: | uses: docker/login-action@v3
mkdir -p ~/.docker with:
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true registry: ${{ env.REGISTRY_HOST }}
# Also try creating auth directly for buildx username: ${{ secrets.REGISTRY_USER }}
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) password: ${{ secrets.REGISTRY_TOKEN }}
cat > ~/.docker/config.json << EOF
{
"auths": {
"${{ env.REGISTRY_HOST }}": {
"auth": "$AUTH"
}
}
}
EOF
- name: Extract metadata - name: Extract metadata
id: meta id: meta
@@ -293,11 +251,6 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."gitea-http.gitea.svc.cluster.local:3000"]
http = true
insecure = true
- name: Login to Docker Hub - name: Login to Docker Hub
if: vars.DOCKERHUB_USERNAME != '' if: vars.DOCKERHUB_USERNAME != ''
@@ -306,23 +259,14 @@ jobs:
username: ${{ vars.DOCKERHUB_USERNAME }} username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
# Create docker config for buildx to use (no daemon restart needed) # Login to Gitea registry (external HTTPS with valid cert)
- name: Configure registry credentials - name: Login to Gitea Registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
run: | uses: docker/login-action@v3
mkdir -p ~/.docker with:
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true registry: ${{ env.REGISTRY_HOST }}
# Also try creating auth directly for buildx username: ${{ secrets.REGISTRY_USER }}
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64) password: ${{ secrets.REGISTRY_TOKEN }}
cat > ~/.docker/config.json << EOF
{
"auths": {
"${{ env.REGISTRY_HOST }}": {
"auth": "$AUTH"
}
}
}
EOF
- name: Extract metadata - name: Extract metadata
id: meta id: meta