fix: switch to plain docker build/push with insecure registry [skip images]

- Drop buildx (setup-buildx-action, build-push-action, buildkit config) - Remove stale buildx builder cleanup step - Use insecure registry config with SIGHUP daemon reload - Use CLI docker login with org-level PAT secrets - Drop registry build cache (incompatible with plain docker build)
2026-02-21 22:40:13 -05:00
parent f44e402dca
commit ff6bce5b4f
1 changed files with 26 additions and 43 deletions
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -126,46 +126,21 @@ jobs:
        if: steps.check.outputs.skip != 'true'
        uses: actions/checkout@v4

-      # Clean stale buildx builders from persistent Docker cache (prevents GPU capability errors)
-      - name: Clean stale buildx builders
+      - name: Configure insecure registry
        if: steps.check.outputs.skip != 'true'
        run: |
-          for b in $(docker buildx ls --format '{{.Name}}' 2>/dev/null | grep -v default | grep -v '\*' | sort -u); do
-            docker buildx rm "$b" --force 2>/dev/null || true
-          done
-          docker container prune --force 2>/dev/null || true
+          sudo mkdir -p /etc/docker
+          echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
+          sudo kill -SIGHUP "$(pidof dockerd)" || true
+          sleep 3

-      - name: Set up Docker Buildx
-        if: steps.check.outputs.skip != 'true'
-        uses: docker/setup-buildx-action@v3
-        with:
-          buildkitd-config-inline: |
-            [registry."gitea-http.gitea.svc.cluster.local:3000"]
-              http = true
-              insecure = true
+      - name: Login to Gitea Registry
+        if: steps.check.outputs.skip != 'true' && github.event_name != 'pull_request'
+        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "${{ env.REGISTRY_HOST }}" -u "${{ secrets.REGISTRY_USER }}" --password-stdin

      - name: Login to Docker Hub
        if: steps.check.outputs.skip != 'true' && vars.DOCKERHUB_USERNAME != ''
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Configure Gitea Registry Auth
-        if: steps.check.outputs.skip != 'true' && github.event_name != 'pull_request'
-        run: |
-          AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
-          mkdir -p ~/.docker
-          cat > ~/.docker/config.json << EOF
-          {
-            "auths": {
-              "${{ env.REGISTRY_HOST }}": {
-                "auth": "$AUTH"
-              }
-            }
-          }
-          EOF
-          echo "Auth configured for ${{ env.REGISTRY_HOST }}"
+        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ vars.DOCKERHUB_USERNAME }}" --password-stdin

      - name: Extract metadata
        if: steps.check.outputs.skip != 'true'
@@ -179,15 +154,23 @@ jobs:

      - name: Build and push
        if: steps.check.outputs.skip != 'true'
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: dockerfiles/${{ matrix.dockerfile }}
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.REGISTRY }}/ray-worker-${{ matrix.name }}:buildcache
-          cache-to: type=registry,ref=${{ env.REGISTRY }}/ray-worker-${{ matrix.name }}:buildcache,mode=max,image-manifest=true,compression=zstd
+        run: |
+          # Build with all tags
+          TAGS=""
+          while IFS= read -r tag; do
+            [ -n "$tag" ] && TAGS="$TAGS -t $tag"
+          done <<< "${{ steps.meta.outputs.tags }}"
+          docker build $TAGS \
+            --label "org.opencontainers.image.source=${{ gitea.server_url }}/${{ gitea.repository }}" \
+            --label "org.opencontainers.image.revision=${{ gitea.sha }}" \
+            -f dockerfiles/${{ matrix.dockerfile }} \
+            .
+          # Push each tag (skip for PRs)
+          if [[ "${{ github.event_name }}" != "pull_request" ]]; then
+            while IFS= read -r tag; do
+              [ -n "$tag" ] && docker push "$tag"
+            done <<< "${{ steps.meta.outputs.tags }}"
+          fi

  release:
    name: Release