Use Buildah for registry publishing
This commit is contained in:
@@ -40,30 +40,16 @@ jobs:
|
|||||||
- name: Login to Gitea Registry
|
- name: Login to Gitea Registry
|
||||||
env:
|
env:
|
||||||
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
||||||
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
|
|
||||||
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
|
|
||||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
|
printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify=false -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${REGISTRY_HOST}"
|
||||||
tls_verify=true
|
|
||||||
if [ "${REGISTRY_INSECURE}" = "true" ]; then
|
|
||||||
tls_verify=false
|
|
||||||
fi
|
|
||||||
printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify="${tls_verify}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${push_host}"
|
|
||||||
|
|
||||||
- name: Build and Push Image
|
- name: Build and Push Image
|
||||||
env:
|
env:
|
||||||
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
||||||
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
|
|
||||||
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
|
|
||||||
run: |
|
run: |
|
||||||
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
|
|
||||||
tls_verify=true
|
|
||||||
if [ "${REGISTRY_INSECURE}" = "true" ]; then
|
|
||||||
tls_verify=false
|
|
||||||
fi
|
|
||||||
export BUILDAH_ISOLATION=chroot
|
export BUILDAH_ISOLATION=chroot
|
||||||
image="${push_host}/${GITHUB_REPOSITORY}"
|
image="${REGISTRY_HOST}/${GITHUB_REPOSITORY}"
|
||||||
buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
|
buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
|
||||||
buildah push --tls-verify="${tls_verify}" "${image}:main"
|
buildah push --tls-verify=false "${image}:main"
|
||||||
buildah push --tls-verify="${tls_verify}" "${image}:sha-${GITHUB_SHA}"
|
buildah push --tls-verify=false "${image}:sha-${GITHUB_SHA}"
|
||||||
|
|||||||
@@ -57,11 +57,7 @@ It runs on pushes to `main` and pull requests, and currently:
|
|||||||
- runs `go build .`
|
- runs `go build .`
|
||||||
- builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main`
|
- builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main`
|
||||||
|
|
||||||
The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and these repository variables:
|
The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and a repository variable named `REGISTRY_HOST` for the registry hostname.
|
||||||
|
|
||||||
- `REGISTRY_HOST` for the canonical registry hostname
|
|
||||||
- optional `REGISTRY_PUSH_HOST` when runners should push to a different internal endpoint
|
|
||||||
- optional `REGISTRY_INSECURE=true` when that push endpoint is plain HTTP or has a certificate the runner should not verify
|
|
||||||
|
|
||||||
The cluster runner deployed for this repo provides the required runner label.
|
The cluster runner deployed for this repo provides the required runner label.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user