name: Docker Build & Deploy (Dev Branch) on: push: branches: [ dev ] pull_request: branches: [ dev ] jobs: build-dev: runs-on: host steps: - name: Checkout code run: | echo "Current workspace: $(pwd)" # Clean workspace first rm -rf * .git* 2>/dev/null || true # Clone the repository since Gitea runner doesn't auto-checkout echo "Cloning repository (dev branch)..." git clone -b dev http://${{ secrets.username }}:${{ secrets.token }}@192.168.253.221:3000/jskala/NFOguard.git /tmp/repo cp -r /tmp/repo/* . cp -r /tmp/repo/.* . 2>/dev/null || true rm -rf /tmp/repo echo "Dev branch repository cloned successfully" ls -la echo "Checking Dockerfile:" head -30 Dockerfile - name: Check Docker availability run: | echo "Checking Docker installation..." which docker || (echo "Docker not found in PATH" && exit 1) docker --version || (echo "Docker not available" && exit 1) docker info || (echo "Docker daemon not running" && exit 1) - name: Configure Docker for local registry run: | echo "Configuring Docker client for insecure local registry..." LOCAL_REGISTRY="192.168.253.221:3000" # We can't use sudo in the container, so we'll configure the client differently export DOCKER_CONFIG=/tmp/docker-config mkdir -p $DOCKER_CONFIG # Create Docker client config for insecure registry cat > $DOCKER_CONFIG/config.json << EOF { "auths": {}, "HttpHeaders": { "User-Agent": "Docker-Client/20.10.0 (linux)" }, "credsStore": "", "credHelpers": {}, "experimental": "disabled" } EOF echo "Docker client config created" echo "Note: Since we can't modify daemon config in container, we'll use --insecure-registry flag" echo "Testing registry connectivity..." curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible" - name: Build Docker image with caching (DEV) run: | echo "Building DEV Docker image with layer caching..." LOCAL_REGISTRY="192.168.253.221:3000" CACHE_IMAGE="$LOCAL_REGISTRY/jskala/nfoguard:dev-buildcache" # Clear any existing Docker configs to prevent permission issues unset DOCKER_CONFIG export HOME=/tmp/docker-home-dev mkdir -p $HOME # Enable Docker BuildKit for better caching export DOCKER_BUILDKIT=1 # Check if DEV cache image exists and pull it echo "Checking for existing DEV cache image..." CACHE_ARGS="" if curl -s "http://$LOCAL_REGISTRY/v2/jskala/nfoguard/manifests/dev-buildcache" > /dev/null 2>&1; then echo "✅ DEV cache manifest found, pulling image..." if docker pull "$CACHE_IMAGE" 2>/dev/null; then echo "✅ DEV cache image pulled successfully" CACHE_ARGS="--cache-from=$CACHE_IMAGE" else echo "⚠️ DEV cache manifest exists but pull failed" fi else echo "ℹ️ No DEV cache image found (first build or cache expired)" fi # Build DEV image with cache (if available) echo "Building DEV image with layer caching..." docker build $CACHE_ARGS --tag nfoguard:dev --tag nfoguard:dev-${{ github.sha }} --tag "$CACHE_IMAGE" . echo "DEV Docker image built and tagged successfully" # Show layer info for debugging echo "=== DEV Image layer history ===" docker history nfoguard:dev --format "table {{.CreatedBy}}\t{{.Size}}" | head -5 || echo "Layer history completed" - name: Login and Push to Gitea registry (DEV tags) run: | echo "Using LOCAL IP ONLY - no Cloudflare tunnel!" export DOCKER_CONFIG=/tmp/docker-config # Force local IP - never use domain LOCAL_REGISTRY="192.168.253.221:3000" echo "Registry: $LOCAL_REGISTRY (LOCAL IP ONLY)" # Check image size IMAGE_SIZE=$(docker images nfoguard:dev --format "table {{.Size}}" | tail -n1) echo "DEV Image size: $IMAGE_SIZE" echo "Testing local registry connectivity..." curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Local registry accessible via HTTP" || echo "❌ Local registry not accessible" # Configure Docker to skip TLS for this specific registry export DOCKER_OPTS="--insecure-registry=$LOCAL_REGISTRY" # Create a script that forces HTTP for our local registry cat > /tmp/docker-local << EOF #!/bin/bash export DOCKER_TLS_VERIFY="" export DOCKER_HOST="" exec docker "\$@" EOF chmod +x /tmp/docker-local # Try multiple approaches to handle the HTTP issue echo "Attempting login to LOCAL registry..." # Approach 1: Try with explicit HTTP in auth if echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin 2>/dev/null; then echo "✅ Login succeeded with direct method" else echo "⚠️ Direct login failed, trying workarounds..." # Approach 2: Try to modify the login URL handling export DOCKER_BUILDKIT=0 if echo "${{ secrets.token }}" | timeout 30 docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin; then echo "✅ Login succeeded with workaround" else echo "❌ All login attempts failed" echo "The issue is Docker client trying HTTPS on HTTP registry" echo "We need to configure the Docker daemon on the host to allow insecure registries" echo "" echo "SOLUTION: Run this on the host machine:" echo "sudo mkdir -p /etc/docker" echo 'echo '"'"'{"insecure-registries":["'$LOCAL_REGISTRY'"]}'"'"' | sudo tee /etc/docker/daemon.json' echo "sudo systemctl restart docker" echo "" echo "For now, continuing without registry push (DEV build succeeded)" exit 0 fi fi # Tag for local registry (cache image already tagged in build step) docker tag nfoguard:dev "$LOCAL_REGISTRY/jskala/nfoguard:dev" docker tag nfoguard:dev "$LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}" echo "Pushing DEV images to LOCAL registry (gigabit speed!)..." # Push with reasonable timeout for local network echo "=== Pushing DEV cache image (for faster future builds) ===" timeout 60 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev-buildcache" && echo "✅ DEV cache image pushed" || echo "⚠️ DEV cache push failed" echo "=== Pushing DEV latest tag to LOCAL IP ===" if timeout 120 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev"; then echo "✅ DEV latest tag pushed successfully to LOCAL registry" echo "=== Pushing DEV SHA tag to LOCAL IP ===" if timeout 60 docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}"; then echo "✅ DEV SHA tag pushed successfully to LOCAL registry" else echo "⚠️ DEV SHA tag push failed but latest succeeded" fi else echo "❌ Push to LOCAL registry failed" echo "This is likely because Docker daemon needs insecure-registry configuration" echo "DEV image is built successfully and available locally" fi echo "🎉 DEV Build workflow completed (using LOCAL network only)!" echo "" echo "📦 Available DEV images:" echo " - $LOCAL_REGISTRY/jskala/nfoguard:dev" echo " - $LOCAL_REGISTRY/jskala/nfoguard:dev-${{ github.sha }}" echo "" echo "🚀 Usage: docker pull $LOCAL_REGISTRY/jskala/nfoguard:dev" - name: Push DEV to Docker Hub if: github.ref == 'refs/heads/dev' run: | echo "=== Pushing DEV image to Docker Hub ===" # Use temporary config directory to avoid permission issues export DOCKER_CONFIG=/tmp/docker-config-dev mkdir -p $DOCKER_CONFIG if echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker --config $DOCKER_CONFIG login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin; then echo "✅ Docker Hub login successful" DOCKER_HUB_REPO="sbcrumb/nfoguard" # Tag and push dev image docker tag nfoguard:dev "$DOCKER_HUB_REPO:dev" docker tag nfoguard:dev "$DOCKER_HUB_REPO:dev-${{ github.sha }}" echo "=== Pushing DEV tags to Docker Hub ===" if timeout 300 docker --config $DOCKER_CONFIG push "$DOCKER_HUB_REPO:dev"; then echo "✅ DEV tag pushed to Docker Hub" if timeout 180 docker --config $DOCKER_CONFIG push "$DOCKER_HUB_REPO:dev-${{ github.sha }}"; then echo "✅ DEV SHA tag pushed to Docker Hub" else echo "⚠️ DEV SHA tag push failed" fi else echo "❌ Failed to push DEV to Docker Hub" exit 1 fi echo "" echo "🎉 DEV image available on Docker Hub!" echo "📦 DEV image: sbcrumb/nfoguard:dev" else echo "❌ Docker Hub login failed for DEV push" exit 1 fi deploy-dev: needs: build-dev runs-on: host if: github.ref == 'refs/heads/dev' steps: - name: Deploy DEV application run: | echo "DEV deployment ready..." echo "The DEV image is built and pushed as:" echo " 192.168.253.221:3000/jskala/nfoguard:dev" echo "" echo "To use DEV image in your docker-compose:" echo " image: 192.168.253.221:3000/jskala/nfoguard:dev" echo "" echo "DEV deployment completed"