From 2ef915b37a4c4272ca881f4dc9db2c24a6ec9c38 Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Sat, 28 Mar 2026 16:46:56 -0700 Subject: [PATCH] Use Buildah for registry publishing --- .gitea/workflows/ci.yaml | 22 ++++------------------ README.md | 6 +----- 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index 3cadae8..bfc3bf6 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -40,30 +40,16 @@ jobs: - name: Login to Gitea Registry env: REGISTRY_HOST: ${{ vars.REGISTRY_HOST }} - REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }} - REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: | - push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}" - tls_verify=true - if [ "${REGISTRY_INSECURE}" = "true" ]; then - tls_verify=false - fi - printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify="${tls_verify}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${push_host}" + printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify=false -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${REGISTRY_HOST}" - name: Build and Push Image env: REGISTRY_HOST: ${{ vars.REGISTRY_HOST }} - REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }} - REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }} run: | - push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}" - tls_verify=true - if [ "${REGISTRY_INSECURE}" = "true" ]; then - tls_verify=false - fi export BUILDAH_ISOLATION=chroot - image="${push_host}/${GITHUB_REPOSITORY}" + image="${REGISTRY_HOST}/${GITHUB_REPOSITORY}" buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" . - buildah push --tls-verify="${tls_verify}" "${image}:main" - buildah push --tls-verify="${tls_verify}" "${image}:sha-${GITHUB_SHA}" + buildah push --tls-verify=false "${image}:main" + buildah push --tls-verify=false "${image}:sha-${GITHUB_SHA}" diff --git a/README.md b/README.md index 9eb213c..f515c61 100644 --- a/README.md +++ b/README.md @@ -57,11 +57,7 @@ It runs on pushes to `main` and pull requests, and currently: - runs `go build .` - builds and pushes `:main` and `:sha-` container tags on pushes to `main` -The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and these repository variables: - -- `REGISTRY_HOST` for the canonical registry hostname -- optional `REGISTRY_PUSH_HOST` when runners should push to a different internal endpoint -- optional `REGISTRY_INSECURE=true` when that push endpoint is plain HTTP or has a certificate the runner should not verify +The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and a repository variable named `REGISTRY_HOST` for the registry hostname. The cluster runner deployed for this repo provides the required runner label.