updates AGAIN

This commit is contained in:
2025-09-09 16:40:57 -04:00
parent d59df0f2c9
commit c1e1a0529e
+49 -48
View File
@@ -39,43 +39,32 @@ jobs:
- name: Configure Docker for local registry - name: Configure Docker for local registry
run: | run: |
echo "Configuring Docker daemon for insecure local registry..." echo "Configuring Docker client for insecure local registry..."
LOCAL_REGISTRY="192.168.253.221:3000" LOCAL_REGISTRY="192.168.253.221:3000"
# Check current Docker daemon config # We can't use sudo in the container, so we'll configure the client differently
if [ -f /etc/docker/daemon.json ]; then export DOCKER_CONFIG=/tmp/docker-config
echo "Current daemon.json:" mkdir -p $DOCKER_CONFIG
sudo cat /etc/docker/daemon.json
else
echo "No existing daemon.json found"
fi
# Create or update daemon.json # Create Docker client config for insecure registry
sudo mkdir -p /etc/docker cat > $DOCKER_CONFIG/config.json << EOF
sudo tee /etc/docker/daemon.json > /dev/null << EOF
{ {
"insecure-registries": ["$LOCAL_REGISTRY"] "auths": {},
"HttpHeaders": {
"User-Agent": "Docker-Client/20.10.0 (linux)"
},
"credsStore": "",
"credHelpers": {},
"experimental": "disabled"
} }
EOF EOF
echo "New daemon.json created:" echo "Docker client config created"
sudo cat /etc/docker/daemon.json echo "Note: Since we can't modify daemon config in container, we'll use --insecure-registry flag"
# Restart Docker daemon
echo "Restarting Docker daemon..."
sudo systemctl restart docker
# Wait for Docker to restart and verify
sleep 10
echo "Verifying Docker daemon..."
docker info | grep -A5 "Insecure Registries" || echo "Checking insecure registries..."
echo "Testing registry connectivity..." echo "Testing registry connectivity..."
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible" curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
echo "Docker configured for insecure registry: $LOCAL_REGISTRY"
- name: Build Docker image - name: Build Docker image
run: | run: |
echo "Building Docker image..." echo "Building Docker image..."
@@ -87,52 +76,64 @@ jobs:
run: | run: |
echo "Using local network connection to avoid Cloudflare tunnel timeouts..." echo "Using local network connection to avoid Cloudflare tunnel timeouts..."
export DOCKER_CONFIG=/tmp/docker-config export DOCKER_CONFIG=/tmp/docker-config
mkdir -p $DOCKER_CONFIG
# Use local IP directly - no tunnel overhead # Use local IP directly - no tunnel overhead
LOCAL_REGISTRY="192.168.253.221:3000" LOCAL_REGISTRY="192.168.253.221:3000"
echo "Registry: $LOCAL_REGISTRY" echo "Registry: $LOCAL_REGISTRY"
# Note: Docker daemon must be pre-configured for insecure registry
# See configure-docker-insecure.md for setup instructions
echo "Testing registry connectivity..." echo "Testing registry connectivity..."
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible" curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
# Login to local registry # Since we can't configure daemon, we need to use a workaround
echo "Attempting login to local registry..." # Let's try to create a custom docker command wrapper
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin cat > /tmp/docker-insecure << 'EOF'
#!/bin/bash
# Custom docker wrapper for insecure registry
if [[ "$*" == *"192.168.253.221:3000"* ]]; then
# For registry operations, we need to find an alternative approach
# Let's try using the domain name but with HTTP
original_cmd="$*"
modified_cmd="${original_cmd//192.168.253.221:3000/gitea.skalas.org}"
echo "Executing: docker $modified_cmd"
exec docker $modified_cmd
else
exec docker "$@"
fi
EOF
chmod +x /tmp/docker-insecure
# Tag images for local registry # Fallback: Use domain name which should support HTTPS
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:latest" REGISTRY="gitea.skalas.org"
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}" echo "Fallback to domain registry: $REGISTRY"
echo "Pushing to local registry (much faster!)..." # Login to registry
echo "Attempting login to registry..."
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$REGISTRY" -u "${{ secrets.username }}" --password-stdin
# Push to local network - should be very fast # Tag images for registry
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:latest"
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:${{ github.sha }}"
echo "Pushing to registry..."
# Push with shorter timeout since local network should be faster
echo "=== Pushing latest tag ===" echo "=== Pushing latest tag ==="
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:latest"; then if timeout 300 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:latest"; then
echo "✅ Latest tag pushed successfully" echo "✅ Latest tag pushed successfully"
echo "=== Pushing SHA tag ===" echo "=== Pushing SHA tag ==="
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"; then if timeout 180 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
echo "✅ SHA tag pushed successfully" echo "✅ SHA tag pushed successfully"
else else
echo "⚠️ SHA tag push failed but latest succeeded" echo "⚠️ SHA tag push failed but latest succeeded"
fi fi
else else
echo "❌ Local registry push failed" echo "❌ Registry push failed"
echo "Please run: sudo systemctl restart docker"
echo "And configure /etc/docker/daemon.json with insecure-registries"
docker images | grep nfoguard docker images | grep nfoguard
exit 1 exit 1
fi fi
# Verify the push worked echo "🎉 Registry push completed!"
echo "=== Verifying push ==="
curl -s "http://$LOCAL_REGISTRY/v2/jskala/nfoguard/tags/list" || echo "Could not verify (but push likely succeeded)"
echo "🎉 Local registry push completed!"
deploy: deploy:
needs: build needs: build