updates AGAIN
This commit is contained in:
+49
-48
@@ -39,42 +39,31 @@ jobs:
|
|||||||
|
|
||||||
- name: Configure Docker for local registry
|
- name: Configure Docker for local registry
|
||||||
run: |
|
run: |
|
||||||
echo "Configuring Docker daemon for insecure local registry..."
|
echo "Configuring Docker client for insecure local registry..."
|
||||||
LOCAL_REGISTRY="192.168.253.221:3000"
|
LOCAL_REGISTRY="192.168.253.221:3000"
|
||||||
|
|
||||||
# Check current Docker daemon config
|
# We can't use sudo in the container, so we'll configure the client differently
|
||||||
if [ -f /etc/docker/daemon.json ]; then
|
export DOCKER_CONFIG=/tmp/docker-config
|
||||||
echo "Current daemon.json:"
|
mkdir -p $DOCKER_CONFIG
|
||||||
sudo cat /etc/docker/daemon.json
|
|
||||||
else
|
|
||||||
echo "No existing daemon.json found"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create or update daemon.json
|
# Create Docker client config for insecure registry
|
||||||
sudo mkdir -p /etc/docker
|
cat > $DOCKER_CONFIG/config.json << EOF
|
||||||
sudo tee /etc/docker/daemon.json > /dev/null << EOF
|
|
||||||
{
|
{
|
||||||
"insecure-registries": ["$LOCAL_REGISTRY"]
|
"auths": {},
|
||||||
|
"HttpHeaders": {
|
||||||
|
"User-Agent": "Docker-Client/20.10.0 (linux)"
|
||||||
|
},
|
||||||
|
"credsStore": "",
|
||||||
|
"credHelpers": {},
|
||||||
|
"experimental": "disabled"
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
echo "New daemon.json created:"
|
echo "Docker client config created"
|
||||||
sudo cat /etc/docker/daemon.json
|
echo "Note: Since we can't modify daemon config in container, we'll use --insecure-registry flag"
|
||||||
|
|
||||||
# Restart Docker daemon
|
|
||||||
echo "Restarting Docker daemon..."
|
|
||||||
sudo systemctl restart docker
|
|
||||||
|
|
||||||
# Wait for Docker to restart and verify
|
|
||||||
sleep 10
|
|
||||||
|
|
||||||
echo "Verifying Docker daemon..."
|
|
||||||
docker info | grep -A5 "Insecure Registries" || echo "Checking insecure registries..."
|
|
||||||
|
|
||||||
echo "Testing registry connectivity..."
|
echo "Testing registry connectivity..."
|
||||||
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
||||||
|
|
||||||
echo "Docker configured for insecure registry: $LOCAL_REGISTRY"
|
|
||||||
|
|
||||||
- name: Build Docker image
|
- name: Build Docker image
|
||||||
run: |
|
run: |
|
||||||
@@ -87,52 +76,64 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
echo "Using local network connection to avoid Cloudflare tunnel timeouts..."
|
echo "Using local network connection to avoid Cloudflare tunnel timeouts..."
|
||||||
export DOCKER_CONFIG=/tmp/docker-config
|
export DOCKER_CONFIG=/tmp/docker-config
|
||||||
mkdir -p $DOCKER_CONFIG
|
|
||||||
|
|
||||||
# Use local IP directly - no tunnel overhead
|
# Use local IP directly - no tunnel overhead
|
||||||
LOCAL_REGISTRY="192.168.253.221:3000"
|
LOCAL_REGISTRY="192.168.253.221:3000"
|
||||||
echo "Registry: $LOCAL_REGISTRY"
|
echo "Registry: $LOCAL_REGISTRY"
|
||||||
|
|
||||||
# Note: Docker daemon must be pre-configured for insecure registry
|
|
||||||
# See configure-docker-insecure.md for setup instructions
|
|
||||||
|
|
||||||
echo "Testing registry connectivity..."
|
echo "Testing registry connectivity..."
|
||||||
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
||||||
|
|
||||||
# Login to local registry
|
# Since we can't configure daemon, we need to use a workaround
|
||||||
echo "Attempting login to local registry..."
|
# Let's try to create a custom docker command wrapper
|
||||||
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin
|
cat > /tmp/docker-insecure << 'EOF'
|
||||||
|
#!/bin/bash
|
||||||
|
# Custom docker wrapper for insecure registry
|
||||||
|
if [[ "$*" == *"192.168.253.221:3000"* ]]; then
|
||||||
|
# For registry operations, we need to find an alternative approach
|
||||||
|
# Let's try using the domain name but with HTTP
|
||||||
|
original_cmd="$*"
|
||||||
|
modified_cmd="${original_cmd//192.168.253.221:3000/gitea.skalas.org}"
|
||||||
|
echo "Executing: docker $modified_cmd"
|
||||||
|
exec docker $modified_cmd
|
||||||
|
else
|
||||||
|
exec docker "$@"
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
chmod +x /tmp/docker-insecure
|
||||||
|
|
||||||
# Tag images for local registry
|
# Fallback: Use domain name which should support HTTPS
|
||||||
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:latest"
|
REGISTRY="gitea.skalas.org"
|
||||||
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"
|
echo "Fallback to domain registry: $REGISTRY"
|
||||||
|
|
||||||
echo "Pushing to local registry (much faster!)..."
|
# Login to registry
|
||||||
|
echo "Attempting login to registry..."
|
||||||
|
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$REGISTRY" -u "${{ secrets.username }}" --password-stdin
|
||||||
|
|
||||||
# Push to local network - should be very fast
|
# Tag images for registry
|
||||||
|
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:latest"
|
||||||
|
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:${{ github.sha }}"
|
||||||
|
|
||||||
|
echo "Pushing to registry..."
|
||||||
|
|
||||||
|
# Push with shorter timeout since local network should be faster
|
||||||
echo "=== Pushing latest tag ==="
|
echo "=== Pushing latest tag ==="
|
||||||
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:latest"; then
|
if timeout 300 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:latest"; then
|
||||||
echo "✅ Latest tag pushed successfully"
|
echo "✅ Latest tag pushed successfully"
|
||||||
|
|
||||||
echo "=== Pushing SHA tag ==="
|
echo "=== Pushing SHA tag ==="
|
||||||
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
|
if timeout 180 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
|
||||||
echo "✅ SHA tag pushed successfully"
|
echo "✅ SHA tag pushed successfully"
|
||||||
else
|
else
|
||||||
echo "⚠️ SHA tag push failed but latest succeeded"
|
echo "⚠️ SHA tag push failed but latest succeeded"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "❌ Local registry push failed"
|
echo "❌ Registry push failed"
|
||||||
echo "Please run: sudo systemctl restart docker"
|
|
||||||
echo "And configure /etc/docker/daemon.json with insecure-registries"
|
|
||||||
docker images | grep nfoguard
|
docker images | grep nfoguard
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verify the push worked
|
echo "🎉 Registry push completed!"
|
||||||
echo "=== Verifying push ==="
|
|
||||||
curl -s "http://$LOCAL_REGISTRY/v2/jskala/nfoguard/tags/list" || echo "Could not verify (but push likely succeeded)"
|
|
||||||
|
|
||||||
echo "🎉 Local registry push completed!"
|
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
needs: build
|
needs: build
|
||||||
|
|||||||
Reference in New Issue
Block a user