Use Buildah for registry publishing
CI / test (push) Successful in 28s
CI / publish (push) Failing after 21s

This commit is contained in:
Joe Julian
2026-03-28 16:46:56 -07:00
parent a1147dd6c1
commit 2ef915b37a
2 changed files with 5 additions and 23 deletions
+4 -18
View File
@@ -40,30 +40,16 @@ jobs:
- name: Login to Gitea Registry - name: Login to Gitea Registry
env: env:
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }} REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
run: | run: |
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}" printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify=false -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${REGISTRY_HOST}"
tls_verify=true
if [ "${REGISTRY_INSECURE}" = "true" ]; then
tls_verify=false
fi
printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify="${tls_verify}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${push_host}"
- name: Build and Push Image - name: Build and Push Image
env: env:
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }} REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
run: | run: |
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
tls_verify=true
if [ "${REGISTRY_INSECURE}" = "true" ]; then
tls_verify=false
fi
export BUILDAH_ISOLATION=chroot export BUILDAH_ISOLATION=chroot
image="${push_host}/${GITHUB_REPOSITORY}" image="${REGISTRY_HOST}/${GITHUB_REPOSITORY}"
buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" . buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
buildah push --tls-verify="${tls_verify}" "${image}:main" buildah push --tls-verify=false "${image}:main"
buildah push --tls-verify="${tls_verify}" "${image}:sha-${GITHUB_SHA}" buildah push --tls-verify=false "${image}:sha-${GITHUB_SHA}"
+1 -5
View File
@@ -57,11 +57,7 @@ It runs on pushes to `main` and pull requests, and currently:
- runs `go build .` - runs `go build .`
- builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main` - builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main`
The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and these repository variables: The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and a repository variable named `REGISTRY_HOST` for the registry hostname.
- `REGISTRY_HOST` for the canonical registry hostname
- optional `REGISTRY_PUSH_HOST` when runners should push to a different internal endpoint
- optional `REGISTRY_INSECURE=true` when that push endpoint is plain HTTP or has a certificate the runner should not verify
The cluster runner deployed for this repo provides the required runner label. The cluster runner deployed for this repo provides the required runner label.