Support internal registry publishing in CI
CI / test (push) Successful in 29s
CI / publish (push) Failing after 20s

This commit is contained in:
Joe Julian
2026-03-28 16:45:13 -07:00
parent b2f0b887b8
commit a1147dd6c1
2 changed files with 29 additions and 8 deletions
+22 -7
View File
@@ -32,23 +32,38 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Install Docker CLI
- name: Install Buildah
run: |
apt-get update
apt-get install -y docker.io
apt-get install -y buildah
- name: Login to Gitea Registry
env:
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
run: |
printf '%s' "${REGISTRY_PASSWORD}" | docker login "${REGISTRY_HOST}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
tls_verify=true
if [ "${REGISTRY_INSECURE}" = "true" ]; then
tls_verify=false
fi
printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify="${tls_verify}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${push_host}"
- name: Build and Push Image
env:
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
run: |
image="${REGISTRY_HOST}/${GITHUB_REPOSITORY}"
docker build -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
docker push "${image}:main"
docker push "${image}:sha-${GITHUB_SHA}"
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
tls_verify=true
if [ "${REGISTRY_INSECURE}" = "true" ]; then
tls_verify=false
fi
export BUILDAH_ISOLATION=chroot
image="${push_host}/${GITHUB_REPOSITORY}"
buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
buildah push --tls-verify="${tls_verify}" "${image}:main"
buildah push --tls-verify="${tls_verify}" "${image}:sha-${GITHUB_SHA}"
+7 -1
View File
@@ -57,7 +57,13 @@ It runs on pushes to `main` and pull requests, and currently:
- runs `go build .`
- builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main`
The workflow expects a runner with the `ubuntu-latest` label and a repository Actions secret named `REGISTRY_PASSWORD` that can push to the Gitea container registry. The cluster runner deployed for this repo provides the required runner label.
The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and these repository variables:
- `REGISTRY_HOST` for the canonical registry hostname
- optional `REGISTRY_PUSH_HOST` when runners should push to a different internal endpoint
- optional `REGISTRY_INSECURE=true` when that push endpoint is plain HTTP or has a certificate the runner should not verify
The cluster runner deployed for this repo provides the required runner label.
## Container