Fix Docker build with PostgreSQL dependencies

This commit is contained in:
2025-09-16 16:02:23 -04:00
parent 5e2a3b1aba
commit 722f260726
+32 -121
View File
@@ -1,24 +1,17 @@
name: Docker Build & Deploy (Dev Branch) name: Docker Build & Deploy (DEV)
on: on:
push: push:
branches: [ dev ] branches: [ dev ]
pull_request: pull_request:
# Build DEV image with cache (if available) branches: [ dev ]
echo "Building DEV image with layer caching..."
docker build \
$CACHE_ARGS \
--tag nfoguard:dev \
--tag nfoguard:dev-${{ github.sha }} \
--tag "$CACHE_IMAGE" \
.s: [ dev ]
jobs: jobs:
build-dev: build-dev:
runs-on: host runs-on: host
steps: steps:
- name: Checkout code - name: Checkout code (DEV)
run: | run: |
echo "Current workspace: $(pwd)" echo "Current workspace: $(pwd)"
@@ -26,31 +19,30 @@ jobs:
rm -rf * .git* 2>/dev/null || true rm -rf * .git* 2>/dev/null || true
# Clone the repository since Gitea runner doesn't auto-checkout # Clone the repository since Gitea runner doesn't auto-checkout
echo "Cloning repository (dev branch)..." echo "Cloning repository..."
git clone -b dev http://${{ secrets.username }}:${{ secrets.token }}@192.168.253.221:3000/jskala/NFOguard.git /tmp/repo git clone http://${{ secrets.username }}:${{ secrets.token }}@192.168.253.221:3000/jskala/NFOguard.git /tmp/repo
cp -r /tmp/repo/* . cp -r /tmp/repo/* .
cp -r /tmp/repo/.* . 2>/dev/null || true cp -r /tmp/repo/.* . 2>/dev/null || true
rm -rf /tmp/repo rm -rf /tmp/repo
echo "Dev branch repository cloned successfully" echo "Repository cloned successfully"
ls -la ls -la
echo "Checking Dockerfile:" echo "Checking Dockerfile:"
head -30 Dockerfile head -30 Dockerfile
- name: Check Docker availability - name: Check Docker availability (DEV)
run: | run: |
echo "Checking Docker installation..." echo "Checking Docker installation..."
which docker || (echo "Docker not found in PATH" && exit 1) which docker || (echo "Docker not found in PATH" && exit 1)
docker --version || (echo "Docker not available" && exit 1) docker --version || (echo "Docker not available" && exit 1)
docker info || (echo "Docker daemon not running" && exit 1) docker info || (echo "Docker daemon not running" && exit 1)
- name: Configure Docker for local registry - name: Configure Docker for local registry (DEV)
run: | run: |
echo "Configuring Docker client for insecure local registry..." echo "Configuring Docker client for insecure local registry..."
LOCAL_REGISTRY="192.168.253.221:3000" LOCAL_REGISTRY="192.168.253.221:3000"
# We can't use sudo in the container, so we'll configure the client differently export DOCKER_CONFIG=/tmp/docker-config-dev
export DOCKER_CONFIG=/tmp/docker-config
mkdir -p $DOCKER_CONFIG mkdir -p $DOCKER_CONFIG
# Create Docker client config for insecure registry # Create Docker client config for insecure registry
@@ -66,9 +58,7 @@ jobs:
} }
EOF EOF
echo "Docker client config created" echo "Docker client config created for DEV"
echo "Note: Since we can't modify daemon config in container, we'll use --insecure-registry flag"
echo "Testing registry connectivity..." echo "Testing registry connectivity..."
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible" curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
@@ -103,109 +93,47 @@ jobs:
# Build DEV image with cache (if available) # Build DEV image with cache (if available)
echo "Building DEV image with layer caching..." echo "Building DEV image with layer caching..."
docker build docker build \
$CACHE_ARGS $CACHE_ARGS \
--tag nfoguard:dev --tag nfoguard:dev \
--tag nfoguard:dev-${{ github.sha }} --tag nfoguard:dev-${{ github.sha }} \
--tag "$CACHE_IMAGE" --tag "$CACHE_IMAGE" \
. .
echo "DEV Docker image built and tagged successfully" echo "DEV Docker image built and tagged successfully"
# Show layer info for debugging
echo "=== DEV Image layer history ==="
docker history nfoguard:dev --format "table {{.CreatedBy}}\t{{.Size}}" | head -5 || echo "Layer history completed"
- name: Login and Push to Gitea registry (DEV tags) - name: Login and Push to Gitea registry (DEV tags)
continue-on-error: true
run: | run: |
echo "Using LOCAL IP ONLY - no Cloudflare tunnel!" echo "Using LOCAL IP ONLY for DEV push!"
export DOCKER_CONFIG=/tmp/docker-config export DOCKER_CONFIG=/tmp/docker-config-dev
# Force local IP - never use domain
LOCAL_REGISTRY="192.168.253.221:3000" LOCAL_REGISTRY="192.168.253.221:3000"
echo "Registry: $LOCAL_REGISTRY (LOCAL IP ONLY)" echo "Registry: $LOCAL_REGISTRY (DEV TAGS)"
# Check image size # Try login to local registry
IMAGE_SIZE=$(docker images nfoguard:dev --format "table {{.Size}}" | tail -n1)
echo "DEV Image size: $IMAGE_SIZE"
echo "Testing local registry connectivity..."
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Local registry accessible via HTTP" || echo "❌ Local registry not accessible"
# Configure Docker to skip TLS for this specific registry
export DOCKER_OPTS="--insecure-registry=$LOCAL_REGISTRY"
# Create a script that forces HTTP for our local registry
cat > /tmp/docker-local << EOF
#!/bin/bash
export DOCKER_TLS_VERIFY=""
export DOCKER_HOST=""
exec docker "\$@"
EOF
chmod +x /tmp/docker-local
# Try multiple approaches to handle the HTTP issue
echo "Attempting login to LOCAL registry..."
# Approach 1: Try with explicit HTTP in auth
if echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin 2>/dev/null; then if echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin 2>/dev/null; then
echo "✅ Login succeeded with direct method" echo "✅ DEV Login succeeded"
else
echo "⚠️ Direct login failed, trying workarounds..."
# Approach 2: Try to modify the login URL handling # Tag for local registry
export DOCKER_BUILDKIT=0
if echo "${{ secrets.token }}" | timeout 30 docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin; then
echo "✅ Login succeeded with workaround"
else
echo "❌ All login attempts failed"
echo "The issue is Docker client trying HTTPS on HTTP registry"
echo "We need to configure the Docker daemon on the host to allow insecure registries"
echo ""
echo "SOLUTION: Run this on the host machine:"
echo "sudo mkdir -p /etc/docker"
echo 'echo '"'"'{"insecure-registries":["'$LOCAL_REGISTRY'"]}'"'"' | sudo tee /etc/docker/daemon.json'
echo "sudo systemctl restart docker"
echo ""
echo "For now, continuing without registry push (DEV build succeeded)"
exit 0
fi
fi
# Tag for local registry (cache image already tagged in build step)
docker tag nfoguard:dev "$LOCAL_REGISTRY/jskala/nfoguard:dev" docker tag nfoguard:dev "$LOCAL_REGISTRY/jskala/nfoguard:dev"
docker tag nfoguard:dev "$LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}" docker tag nfoguard:dev "$LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}"
echo "Pushing DEV images to LOCAL registry (gigabit speed!)..." # Push DEV images
echo "=== Pushing DEV cache image ==="
timeout 60 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev-buildcache" && echo "✅ DEV cache pushed" || echo "⚠️ DEV cache push failed"
# Push with reasonable timeout for local network echo "=== Pushing DEV latest tag ==="
echo "=== Pushing DEV cache image (for faster future builds) ==="
timeout 60 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev-buildcache" && echo "✅ DEV cache image pushed" || echo "⚠️ DEV cache push failed"
echo "=== Pushing DEV latest tag to LOCAL IP ==="
if timeout 120 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev"; then if timeout 120 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev"; then
echo "✅ DEV latest tag pushed successfully to LOCAL registry" echo "✅ DEV tag pushed successfully"
echo "=== Pushing DEV SHA tag to LOCAL IP ==="
if timeout 60 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}"; then if timeout 60 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}"; then
echo "✅ DEV SHA tag pushed successfully to LOCAL registry" echo "✅ DEV SHA tag pushed successfully"
else
echo "⚠️ DEV SHA tag push failed but latest succeeded"
fi fi
else
echo "❌ Push to LOCAL registry failed"
echo "This is likely because Docker daemon needs insecure-registry configuration"
echo "DEV image is built successfully and available locally"
fi fi
else
echo "🎉 DEV Build workflow completed (using LOCAL network only)!" echo " DEV local registry login failed - continuing to Docker Hub"
echo "" fi
echo "📦 Available DEV images:"
echo " - $LOCAL_REGISTRY/jskala/nfoguard:dev"
echo " - $LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}"
echo ""
echo "🚀 Usage: docker pull $LOCAL_REGISTRY/jskala/nfoguard:dev"
- name: Push DEV to Docker Hub - name: Push DEV to Docker Hub
if: github.ref == 'refs/heads/dev' if: github.ref == 'refs/heads/dev'
@@ -213,7 +141,7 @@ jobs:
echo "=== Pushing DEV image to Docker Hub ===" echo "=== Pushing DEV image to Docker Hub ==="
# Use temporary config directory to avoid permission issues # Use temporary config directory to avoid permission issues
export DOCKER_CONFIG=/tmp/docker-config-dev export DOCKER_CONFIG=/tmp/docker-config-dev-hub
mkdir -p $DOCKER_CONFIG mkdir -p $DOCKER_CONFIG
if echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker --config $DOCKER_CONFIG login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin; then if echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker --config $DOCKER_CONFIG login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin; then
@@ -246,20 +174,3 @@ jobs:
echo "❌ Docker Hub login failed for DEV push" echo "❌ Docker Hub login failed for DEV push"
exit 1 exit 1
fi fi
deploy-dev:
needs: build-dev
runs-on: host
if: github.ref == 'refs/heads/dev'
steps:
- name: Deploy DEV application
run: |
echo "DEV deployment ready..."
echo "The DEV image is built and pushed as:"
echo " 192.168.253.221:3000/jskala/nfoguard:dev"
echo ""
echo "To use DEV image in your docker-compose:"
echo " image: 192.168.253.221:3000/jskala/nfoguard:dev"
echo ""
echo "DEV deployment completed"