updates AGAIN

This commit is contained in:
2025-09-09 16:40:57 -04:00
parent d59df0f2c9
commit c1e1a0529e
+49 -48
View File
@@ -39,43 +39,32 @@ jobs:
- name: Configure Docker for local registry
run: |
echo "Configuring Docker daemon for insecure local registry..."
echo "Configuring Docker client for insecure local registry..."
LOCAL_REGISTRY="192.168.253.221:3000"
# Check current Docker daemon config
if [ -f /etc/docker/daemon.json ]; then
echo "Current daemon.json:"
sudo cat /etc/docker/daemon.json
else
echo "No existing daemon.json found"
fi
# We can't use sudo in the container, so we'll configure the client differently
export DOCKER_CONFIG=/tmp/docker-config
mkdir -p $DOCKER_CONFIG
# Create or update daemon.json
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json > /dev/null << EOF
# Create Docker client config for insecure registry
cat > $DOCKER_CONFIG/config.json << EOF
{
"insecure-registries": ["$LOCAL_REGISTRY"]
"auths": {},
"HttpHeaders": {
"User-Agent": "Docker-Client/20.10.0 (linux)"
},
"credsStore": "",
"credHelpers": {},
"experimental": "disabled"
}
EOF
echo "New daemon.json created:"
sudo cat /etc/docker/daemon.json
# Restart Docker daemon
echo "Restarting Docker daemon..."
sudo systemctl restart docker
# Wait for Docker to restart and verify
sleep 10
echo "Verifying Docker daemon..."
docker info | grep -A5 "Insecure Registries" || echo "Checking insecure registries..."
echo "Docker client config created"
echo "Note: Since we can't modify daemon config in container, we'll use --insecure-registry flag"
echo "Testing registry connectivity..."
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
echo "Docker configured for insecure registry: $LOCAL_REGISTRY"
- name: Build Docker image
run: |
echo "Building Docker image..."
@@ -87,52 +76,64 @@ jobs:
run: |
echo "Using local network connection to avoid Cloudflare tunnel timeouts..."
export DOCKER_CONFIG=/tmp/docker-config
mkdir -p $DOCKER_CONFIG
# Use local IP directly - no tunnel overhead
LOCAL_REGISTRY="192.168.253.221:3000"
echo "Registry: $LOCAL_REGISTRY"
# Note: Docker daemon must be pre-configured for insecure registry
# See configure-docker-insecure.md for setup instructions
echo "Testing registry connectivity..."
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
# Login to local registry
echo "Attempting login to local registry..."
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin
# Since we can't configure daemon, we need to use a workaround
# Let's try to create a custom docker command wrapper
cat > /tmp/docker-insecure << 'EOF'
#!/bin/bash
# Custom docker wrapper for insecure registry
if [[ "$*" == *"192.168.253.221:3000"* ]]; then
# For registry operations, we need to find an alternative approach
# Let's try using the domain name but with HTTP
original_cmd="$*"
modified_cmd="${original_cmd//192.168.253.221:3000/gitea.skalas.org}"
echo "Executing: docker $modified_cmd"
exec docker $modified_cmd
else
exec docker "$@"
fi
EOF
chmod +x /tmp/docker-insecure
# Tag images for local registry
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:latest"
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"
# Fallback: Use domain name which should support HTTPS
REGISTRY="gitea.skalas.org"
echo "Fallback to domain registry: $REGISTRY"
echo "Pushing to local registry (much faster!)..."
# Login to registry
echo "Attempting login to registry..."
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$REGISTRY" -u "${{ secrets.username }}" --password-stdin
# Push to local network - should be very fast
# Tag images for registry
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:latest"
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:${{ github.sha }}"
echo "Pushing to registry..."
# Push with shorter timeout since local network should be faster
echo "=== Pushing latest tag ==="
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:latest"; then
if timeout 300 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:latest"; then
echo "✅ Latest tag pushed successfully"
echo "=== Pushing SHA tag ==="
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
if timeout 180 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
echo "✅ SHA tag pushed successfully"
else
echo "⚠️ SHA tag push failed but latest succeeded"
fi
else
echo "❌ Local registry push failed"
echo "Please run: sudo systemctl restart docker"
echo "And configure /etc/docker/daemon.json with insecure-registries"
echo "❌ Registry push failed"
docker images | grep nfoguard
exit 1
fi
# Verify the push worked
echo "=== Verifying push ==="
curl -s "http://$LOCAL_REGISTRY/v2/jskala/nfoguard/tags/list" || echo "Could not verify (but push likely succeeded)"
echo "🎉 Local registry push completed!"
echo "🎉 Registry push completed!"
deploy:
needs: build