Support internal registry publishing in CI
This commit is contained in:
@@ -32,23 +32,38 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Docker CLI
|
||||
- name: Install Buildah
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y docker.io
|
||||
apt-get install -y buildah
|
||||
|
||||
- name: Login to Gitea Registry
|
||||
env:
|
||||
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
||||
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
|
||||
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
run: |
|
||||
printf '%s' "${REGISTRY_PASSWORD}" | docker login "${REGISTRY_HOST}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin
|
||||
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
|
||||
tls_verify=true
|
||||
if [ "${REGISTRY_INSECURE}" = "true" ]; then
|
||||
tls_verify=false
|
||||
fi
|
||||
printf '%s' "${REGISTRY_PASSWORD}" | buildah login --tls-verify="${tls_verify}" -u "${GITHUB_REPOSITORY_OWNER}" --password-stdin "${push_host}"
|
||||
|
||||
- name: Build and Push Image
|
||||
env:
|
||||
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
||||
REGISTRY_PUSH_HOST: ${{ vars.REGISTRY_PUSH_HOST }}
|
||||
REGISTRY_INSECURE: ${{ vars.REGISTRY_INSECURE }}
|
||||
run: |
|
||||
image="${REGISTRY_HOST}/${GITHUB_REPOSITORY}"
|
||||
docker build -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
|
||||
docker push "${image}:main"
|
||||
docker push "${image}:sha-${GITHUB_SHA}"
|
||||
push_host="${REGISTRY_PUSH_HOST:-${REGISTRY_HOST}}"
|
||||
tls_verify=true
|
||||
if [ "${REGISTRY_INSECURE}" = "true" ]; then
|
||||
tls_verify=false
|
||||
fi
|
||||
export BUILDAH_ISOLATION=chroot
|
||||
image="${push_host}/${GITHUB_REPOSITORY}"
|
||||
buildah bud --storage-driver=vfs --format docker -t "${image}:main" -t "${image}:sha-${GITHUB_SHA}" .
|
||||
buildah push --tls-verify="${tls_verify}" "${image}:main"
|
||||
buildah push --tls-verify="${tls_verify}" "${image}:sha-${GITHUB_SHA}"
|
||||
|
||||
@@ -57,7 +57,13 @@ It runs on pushes to `main` and pull requests, and currently:
|
||||
- runs `go build .`
|
||||
- builds and pushes `:main` and `:sha-<commit>` container tags on pushes to `main`
|
||||
|
||||
The workflow expects a runner with the `ubuntu-latest` label and a repository Actions secret named `REGISTRY_PASSWORD` that can push to the Gitea container registry. The cluster runner deployed for this repo provides the required runner label.
|
||||
The workflow expects a runner with the `ubuntu-latest` label, a repository Actions secret named `REGISTRY_PASSWORD`, and these repository variables:
|
||||
|
||||
- `REGISTRY_HOST` for the canonical registry hostname
|
||||
- optional `REGISTRY_PUSH_HOST` when runners should push to a different internal endpoint
|
||||
- optional `REGISTRY_INSECURE=true` when that push endpoint is plain HTTP or has a certificate the runner should not verify
|
||||
|
||||
The cluster runner deployed for this repo provides the required runner label.
|
||||
|
||||
## Container
|
||||
|
||||
|
||||
Reference in New Issue
Block a user