From c1e1a0529e8c4cd32a05b37232d6b5532ad4aae5 Mon Sep 17 00:00:00 2001 From: SBCrumb Date: Tue, 9 Sep 2025 16:40:57 -0400 Subject: [PATCH] updates AGAIN --- .gitea/workflows/ci.yml | 97 +++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 48 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index ceff2c0..2694123 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -39,42 +39,31 @@ jobs: - name: Configure Docker for local registry run: | - echo "Configuring Docker daemon for insecure local registry..." + echo "Configuring Docker client for insecure local registry..." LOCAL_REGISTRY="192.168.253.221:3000" - # Check current Docker daemon config - if [ -f /etc/docker/daemon.json ]; then - echo "Current daemon.json:" - sudo cat /etc/docker/daemon.json - else - echo "No existing daemon.json found" - fi + # We can't use sudo in the container, so we'll configure the client differently + export DOCKER_CONFIG=/tmp/docker-config + mkdir -p $DOCKER_CONFIG - # Create or update daemon.json - sudo mkdir -p /etc/docker - sudo tee /etc/docker/daemon.json > /dev/null << EOF + # Create Docker client config for insecure registry + cat > $DOCKER_CONFIG/config.json << EOF { - "insecure-registries": ["$LOCAL_REGISTRY"] + "auths": {}, + "HttpHeaders": { + "User-Agent": "Docker-Client/20.10.0 (linux)" + }, + "credsStore": "", + "credHelpers": {}, + "experimental": "disabled" } EOF - echo "New daemon.json created:" - sudo cat /etc/docker/daemon.json - - # Restart Docker daemon - echo "Restarting Docker daemon..." - sudo systemctl restart docker - - # Wait for Docker to restart and verify - sleep 10 - - echo "Verifying Docker daemon..." - docker info | grep -A5 "Insecure Registries" || echo "Checking insecure registries..." + echo "Docker client config created" + echo "Note: Since we can't modify daemon config in container, we'll use --insecure-registry flag" echo "Testing registry connectivity..." curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible" - - echo "Docker configured for insecure registry: $LOCAL_REGISTRY" - name: Build Docker image run: | @@ -87,52 +76,64 @@ jobs: run: | echo "Using local network connection to avoid Cloudflare tunnel timeouts..." export DOCKER_CONFIG=/tmp/docker-config - mkdir -p $DOCKER_CONFIG # Use local IP directly - no tunnel overhead LOCAL_REGISTRY="192.168.253.221:3000" echo "Registry: $LOCAL_REGISTRY" - # Note: Docker daemon must be pre-configured for insecure registry - # See configure-docker-insecure.md for setup instructions - echo "Testing registry connectivity..." curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible" - # Login to local registry - echo "Attempting login to local registry..." - echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin + # Since we can't configure daemon, we need to use a workaround + # Let's try to create a custom docker command wrapper + cat > /tmp/docker-insecure << 'EOF' + #!/bin/bash + # Custom docker wrapper for insecure registry + if [[ "$*" == *"192.168.253.221:3000"* ]]; then + # For registry operations, we need to find an alternative approach + # Let's try using the domain name but with HTTP + original_cmd="$*" + modified_cmd="${original_cmd//192.168.253.221:3000/gitea.skalas.org}" + echo "Executing: docker $modified_cmd" + exec docker $modified_cmd + else + exec docker "$@" + fi + EOF + chmod +x /tmp/docker-insecure - # Tag images for local registry - docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:latest" - docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}" + # Fallback: Use domain name which should support HTTPS + REGISTRY="gitea.skalas.org" + echo "Fallback to domain registry: $REGISTRY" - echo "Pushing to local registry (much faster!)..." + # Login to registry + echo "Attempting login to registry..." + echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$REGISTRY" -u "${{ secrets.username }}" --password-stdin - # Push to local network - should be very fast + # Tag images for registry + docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:latest" + docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:${{ github.sha }}" + + echo "Pushing to registry..." + + # Push with shorter timeout since local network should be faster echo "=== Pushing latest tag ===" - if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:latest"; then + if timeout 300 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:latest"; then echo "✅ Latest tag pushed successfully" echo "=== Pushing SHA tag ===" - if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"; then + if timeout 180 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:${{ github.sha }}"; then echo "✅ SHA tag pushed successfully" else echo "⚠️ SHA tag push failed but latest succeeded" fi else - echo "❌ Local registry push failed" - echo "Please run: sudo systemctl restart docker" - echo "And configure /etc/docker/daemon.json with insecure-registries" + echo "❌ Registry push failed" docker images | grep nfoguard exit 1 fi - # Verify the push worked - echo "=== Verifying push ===" - curl -s "http://$LOCAL_REGISTRY/v2/jskala/nfoguard/tags/list" || echo "Could not verify (but push likely succeeded)" - - echo "🎉 Local registry push completed!" + echo "🎉 Registry push completed!" deploy: needs: build