Support internal registry publishing in CI
This commit is contained in:
@@ -32,23 +32,38 @@ jobs:
|
|||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Install Docker CLI
|
- name: Install Buildah
|
||||||
run: |
|
run: |
|
||||||
apt-get update
|
apt-get update
|
||||||
apt-get install -y docker.io
|
apt-get install -y buildah
|
||||||
|
|
||||||
- name: Login to Gitea Registry
|
- name: Login to Gitea Registry
|
||||||
env:
|
env:
|
||||||
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
||||||
|
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
|
||||||
|
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
|
||||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
printf '%s' "${REGISTRY_PASSWORD}" | docker login "${REGISTRY_HOST}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin
|
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
|
||||||
|
tls_verify=true
|
||||||
|
if [ "${REGISTRY_INSECURE}" = "true" ]; then
|
||||||
|
tls_verify=false
|
||||||
|
fi
|
||||||
|
printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify="${tls_verify}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${push_host}"
|
||||||
|
|
||||||
- name: Build and Push Image
|
- name: Build and Push Image
|
||||||
env:
|
env:
|
||||||
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
||||||
|
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
|
||||||
|
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
|
||||||
run: |
|
run: |
|
||||||
image="${REGISTRY_HOST}/${GITHUB_REPOSITORY}"
|
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
|
||||||
docker build -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
|
tls_verify=true
|
||||||
docker push "${image}:main"
|
if [ "${REGISTRY_INSECURE}" = "true" ]; then
|
||||||
docker push "${image}:sha-${GITHUB_SHA}"
|
tls_verify=false
|
||||||
|
fi
|
||||||
|
export BUILDAH_ISOLATION=chroot
|
||||||
|
image="${push_host}/${GITHUB_REPOSITORY}"
|
||||||
|
buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
|
||||||
|
buildah push --tls-verify="${tls_verify}" "${image}:main"
|
||||||
|
buildah push --tls-verify="${tls_verify}" "${image}:sha-${GITHUB_SHA}"
|
||||||
|
|||||||
@@ -57,7 +57,13 @@ It runs on pushes to `main` and pull requests, and currently:
|
|||||||
- runs `go build .`
|
- runs `go build .`
|
||||||
- builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main`
|
- builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main`
|
||||||
|
|
||||||
The workflow expects a runner with the `ubuntu-latest` label and a repository Actions secret named `REGISTRY_PASSWORD` that can push to the Gitea container registry. The cluster runner deployed for this repo provides the required runner label.
|
The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and these repository variables:
|
||||||
|
|
||||||
|
- `REGISTRY_HOST` for the canonical registry hostname
|
||||||
|
- optional `REGISTRY_PUSH_HOST` when runners should push to a different internal endpoint
|
||||||
|
- optional `REGISTRY_INSECURE=true` when that push endpoint is plain HTTP or has a certificate the runner should not verify
|
||||||
|
|
||||||
|
The cluster runner deployed for this repo provides the required runner label.
|
||||||
|
|
||||||
## Container
|
## Container
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user