updates AGAIN
This commit is contained in:
+49
-48
@@ -39,43 +39,32 @@ jobs:
|
||||
|
||||
- name: Configure Docker for local registry
|
||||
run: |
|
||||
echo "Configuring Docker daemon for insecure local registry..."
|
||||
echo "Configuring Docker client for insecure local registry..."
|
||||
LOCAL_REGISTRY="192.168.253.221:3000"
|
||||
|
||||
# Check current Docker daemon config
|
||||
if [ -f /etc/docker/daemon.json ]; then
|
||||
echo "Current daemon.json:"
|
||||
sudo cat /etc/docker/daemon.json
|
||||
else
|
||||
echo "No existing daemon.json found"
|
||||
fi
|
||||
# We can't use sudo in the container, so we'll configure the client differently
|
||||
export DOCKER_CONFIG=/tmp/docker-config
|
||||
mkdir -p $DOCKER_CONFIG
|
||||
|
||||
# Create or update daemon.json
|
||||
sudo mkdir -p /etc/docker
|
||||
sudo tee /etc/docker/daemon.json > /dev/null << EOF
|
||||
# Create Docker client config for insecure registry
|
||||
cat > $DOCKER_CONFIG/config.json << EOF
|
||||
{
|
||||
"insecure-registries": ["$LOCAL_REGISTRY"]
|
||||
"auths": {},
|
||||
"HttpHeaders": {
|
||||
"User-Agent": "Docker-Client/20.10.0 (linux)"
|
||||
},
|
||||
"credsStore": "",
|
||||
"credHelpers": {},
|
||||
"experimental": "disabled"
|
||||
}
|
||||
EOF
|
||||
|
||||
echo "New daemon.json created:"
|
||||
sudo cat /etc/docker/daemon.json
|
||||
|
||||
# Restart Docker daemon
|
||||
echo "Restarting Docker daemon..."
|
||||
sudo systemctl restart docker
|
||||
|
||||
# Wait for Docker to restart and verify
|
||||
sleep 10
|
||||
|
||||
echo "Verifying Docker daemon..."
|
||||
docker info | grep -A5 "Insecure Registries" || echo "Checking insecure registries..."
|
||||
echo "Docker client config created"
|
||||
echo "Note: Since we can't modify daemon config in container, we'll use --insecure-registry flag"
|
||||
|
||||
echo "Testing registry connectivity..."
|
||||
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
||||
|
||||
echo "Docker configured for insecure registry: $LOCAL_REGISTRY"
|
||||
|
||||
- name: Build Docker image
|
||||
run: |
|
||||
echo "Building Docker image..."
|
||||
@@ -87,52 +76,64 @@ jobs:
|
||||
run: |
|
||||
echo "Using local network connection to avoid Cloudflare tunnel timeouts..."
|
||||
export DOCKER_CONFIG=/tmp/docker-config
|
||||
mkdir -p $DOCKER_CONFIG
|
||||
|
||||
# Use local IP directly - no tunnel overhead
|
||||
LOCAL_REGISTRY="192.168.253.221:3000"
|
||||
echo "Registry: $LOCAL_REGISTRY"
|
||||
|
||||
# Note: Docker daemon must be pre-configured for insecure registry
|
||||
# See configure-docker-insecure.md for setup instructions
|
||||
|
||||
echo "Testing registry connectivity..."
|
||||
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
||||
|
||||
# Login to local registry
|
||||
echo "Attempting login to local registry..."
|
||||
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin
|
||||
# Since we can't configure daemon, we need to use a workaround
|
||||
# Let's try to create a custom docker command wrapper
|
||||
cat > /tmp/docker-insecure << 'EOF'
|
||||
#!/bin/bash
|
||||
# Custom docker wrapper for insecure registry
|
||||
if [[ "$*" == *"192.168.253.221:3000"* ]]; then
|
||||
# For registry operations, we need to find an alternative approach
|
||||
# Let's try using the domain name but with HTTP
|
||||
original_cmd="$*"
|
||||
modified_cmd="${original_cmd//192.168.253.221:3000/gitea.skalas.org}"
|
||||
echo "Executing: docker $modified_cmd"
|
||||
exec docker $modified_cmd
|
||||
else
|
||||
exec docker "$@"
|
||||
fi
|
||||
EOF
|
||||
chmod +x /tmp/docker-insecure
|
||||
|
||||
# Tag images for local registry
|
||||
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:latest"
|
||||
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"
|
||||
# Fallback: Use domain name which should support HTTPS
|
||||
REGISTRY="gitea.skalas.org"
|
||||
echo "Fallback to domain registry: $REGISTRY"
|
||||
|
||||
echo "Pushing to local registry (much faster!)..."
|
||||
# Login to registry
|
||||
echo "Attempting login to registry..."
|
||||
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$REGISTRY" -u "${{ secrets.username }}" --password-stdin
|
||||
|
||||
# Push to local network - should be very fast
|
||||
# Tag images for registry
|
||||
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:latest"
|
||||
docker tag nfoguard:latest "$REGISTRY/jskala/nfoguard:${{ github.sha }}"
|
||||
|
||||
echo "Pushing to registry..."
|
||||
|
||||
# Push with shorter timeout since local network should be faster
|
||||
echo "=== Pushing latest tag ==="
|
||||
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:latest"; then
|
||||
if timeout 300 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:latest"; then
|
||||
echo "✅ Latest tag pushed successfully"
|
||||
|
||||
echo "=== Pushing SHA tag ==="
|
||||
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
|
||||
if timeout 180 docker --config $DOCKER_CONFIG push "$REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
|
||||
echo "✅ SHA tag pushed successfully"
|
||||
else
|
||||
echo "⚠️ SHA tag push failed but latest succeeded"
|
||||
fi
|
||||
else
|
||||
echo "❌ Local registry push failed"
|
||||
echo "Please run: sudo systemctl restart docker"
|
||||
echo "And configure /etc/docker/daemon.json with insecure-registries"
|
||||
echo "❌ Registry push failed"
|
||||
docker images | grep nfoguard
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify the push worked
|
||||
echo "=== Verifying push ==="
|
||||
curl -s "http://$LOCAL_REGISTRY/v2/jskala/nfoguard/tags/list" || echo "Could not verify (but push likely succeeded)"
|
||||
|
||||
echo "🎉 Local registry push completed!"
|
||||
echo "🎉 Registry push completed!"
|
||||
|
||||
deploy:
|
||||
needs: build
|
||||
|
||||
Reference in New Issue
Block a user