fix: Use external HTTPS endpoint with valid cert for registry
Some checks failed
Build and Push Images / determine-version (push) Successful in 54s
Build and Push Images / Release (push) Has been cancelled
Build and Push Images / Notify (push) Has been cancelled
Build and Push Images / build-strixhalo (push) Has been cancelled
Build and Push Images / build-intel (push) Has been cancelled
Build and Push Images / build-rdna2 (push) Has been cancelled
Build and Push Images / build-nvidia (push) Has been cancelled
Some checks failed
Build and Push Images / determine-version (push) Successful in 54s
Build and Push Images / Release (push) Has been cancelled
Build and Push Images / Notify (push) Has been cancelled
Build and Push Images / build-strixhalo (push) Has been cancelled
Build and Push Images / build-intel (push) Has been cancelled
Build and Push Images / build-rdna2 (push) Has been cancelled
Build and Push Images / build-nvidia (push) Has been cancelled
Simplify approach - use git.daviestechlabs.io external endpoint which has valid Let's Encrypt cert. Much cleaner than fighting with HTTP/HTTPS issues on internal endpoints. - Remove buildkitd-config-inline (not needed for valid HTTPS) - Remove manual config.json creation - Use standard docker/login-action for Gitea registry
This commit is contained in:
@@ -23,9 +23,9 @@ on:
|
||||
default: 'all'
|
||||
|
||||
env:
|
||||
# Use internal cluster HTTP endpoint (no TLS cert issues for in-cluster runner)
|
||||
REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs
|
||||
REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000
|
||||
# Use external HTTPS endpoint with valid Let's Encrypt cert
|
||||
REGISTRY: git.daviestechlabs.io/daviestechlabs
|
||||
REGISTRY_HOST: git.daviestechlabs.io
|
||||
NTFY_URL: http://ntfy.observability.svc.cluster.local:80
|
||||
|
||||
jobs:
|
||||
@@ -100,11 +100,6 @@ jobs:
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
buildkitd-config-inline: |
|
||||
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
||||
http = true
|
||||
insecure = true
|
||||
|
||||
# Login to Docker Hub to avoid pull rate limits
|
||||
- name: Login to Docker Hub
|
||||
@@ -114,23 +109,14 @@ jobs:
|
||||
username: ${{ vars.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
# Create docker config for buildx to use (no daemon restart needed)
|
||||
- name: Configure registry credentials
|
||||
# Login to Gitea registry (external HTTPS with valid cert)
|
||||
- name: Login to Gitea Registry
|
||||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
mkdir -p ~/.docker
|
||||
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true
|
||||
# Also try creating auth directly for buildx
|
||||
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64)
|
||||
cat > ~/.docker/config.json << EOF
|
||||
{
|
||||
"auths": {
|
||||
"${{ env.REGISTRY_HOST }}": {
|
||||
"auth": "$AUTH"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY_HOST }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
@@ -165,11 +151,6 @@ jobs:
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
buildkitd-config-inline: |
|
||||
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
||||
http = true
|
||||
insecure = true
|
||||
|
||||
- name: Login to Docker Hub
|
||||
if: vars.DOCKERHUB_USERNAME != ''
|
||||
@@ -178,23 +159,14 @@ jobs:
|
||||
username: ${{ vars.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
# Create docker config for buildx to use (no daemon restart needed)
|
||||
- name: Configure registry credentials
|
||||
# Login to Gitea registry (external HTTPS with valid cert)
|
||||
- name: Login to Gitea Registry
|
||||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
mkdir -p ~/.docker
|
||||
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true
|
||||
# Also try creating auth directly for buildx
|
||||
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64)
|
||||
cat > ~/.docker/config.json << EOF
|
||||
{
|
||||
"auths": {
|
||||
"${{ env.REGISTRY_HOST }}": {
|
||||
"auth": "$AUTH"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY_HOST }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
@@ -229,11 +201,6 @@ jobs:
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
buildkitd-config-inline: |
|
||||
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
||||
http = true
|
||||
insecure = true
|
||||
|
||||
- name: Login to Docker Hub
|
||||
if: vars.DOCKERHUB_USERNAME != ''
|
||||
@@ -242,23 +209,14 @@ jobs:
|
||||
username: ${{ vars.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
# Create docker config for buildx to use (no daemon restart needed)
|
||||
- name: Configure registry credentials
|
||||
# Login to Gitea registry (external HTTPS with valid cert)
|
||||
- name: Login to Gitea Registry
|
||||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
mkdir -p ~/.docker
|
||||
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true
|
||||
# Also try creating auth directly for buildx
|
||||
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64)
|
||||
cat > ~/.docker/config.json << EOF
|
||||
{
|
||||
"auths": {
|
||||
"${{ env.REGISTRY_HOST }}": {
|
||||
"auth": "$AUTH"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY_HOST }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
@@ -293,11 +251,6 @@ jobs:
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
buildkitd-config-inline: |
|
||||
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
||||
http = true
|
||||
insecure = true
|
||||
|
||||
- name: Login to Docker Hub
|
||||
if: vars.DOCKERHUB_USERNAME != ''
|
||||
@@ -306,23 +259,14 @@ jobs:
|
||||
username: ${{ vars.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
# Create docker config for buildx to use (no daemon restart needed)
|
||||
- name: Configure registry credentials
|
||||
# Login to Gitea registry (external HTTPS with valid cert)
|
||||
- name: Login to Gitea Registry
|
||||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
mkdir -p ~/.docker
|
||||
echo "${{ secrets.REGISTRY_TOKEN }}" | docker --config ~/.docker login ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin || true
|
||||
# Also try creating auth directly for buildx
|
||||
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64)
|
||||
cat > ~/.docker/config.json << EOF
|
||||
{
|
||||
"auths": {
|
||||
"${{ env.REGISTRY_HOST }}": {
|
||||
"auth": "$AUTH"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY_HOST }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
|
||||
Reference in New Issue
Block a user