153 lines
5.3 KiB
YAML
153 lines
5.3 KiB
YAML
name: Docker Build & Deploy
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: host
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
run: |
|
|
echo "Current workspace: $(pwd)"
|
|
|
|
# Clean workspace first
|
|
rm -rf * .git* 2>/dev/null || true
|
|
|
|
# Clone the repository since Gitea runner doesn't auto-checkout
|
|
echo "Cloning repository..."
|
|
git clone http://192.168.253.221:3000/jskala/NFOguard.git /tmp/repo
|
|
cp -r /tmp/repo/* .
|
|
cp -r /tmp/repo/.* . 2>/dev/null || true
|
|
rm -rf /tmp/repo
|
|
|
|
echo "Repository cloned successfully"
|
|
ls -la
|
|
echo "Checking Dockerfile:"
|
|
head -30 Dockerfile
|
|
|
|
- name: Check Docker availability
|
|
run: |
|
|
echo "Checking Docker installation..."
|
|
which docker || (echo "Docker not found in PATH" && exit 1)
|
|
docker --version || (echo "Docker not available" && exit 1)
|
|
docker info || (echo "Docker daemon not running" && exit 1)
|
|
|
|
- name: Configure Docker for local registry
|
|
run: |
|
|
echo "Configuring Docker daemon for insecure local registry..."
|
|
LOCAL_REGISTRY="192.168.253.221:3000"
|
|
|
|
# Check current Docker daemon config
|
|
if [ -f /etc/docker/daemon.json ]; then
|
|
echo "Current daemon.json:"
|
|
sudo cat /etc/docker/daemon.json
|
|
else
|
|
echo "No existing daemon.json found"
|
|
fi
|
|
|
|
# Create or update daemon.json
|
|
sudo mkdir -p /etc/docker
|
|
sudo tee /etc/docker/daemon.json > /dev/null << EOF
|
|
{
|
|
"insecure-registries": ["$LOCAL_REGISTRY"]
|
|
}
|
|
EOF
|
|
|
|
echo "New daemon.json created:"
|
|
sudo cat /etc/docker/daemon.json
|
|
|
|
# Restart Docker daemon
|
|
echo "Restarting Docker daemon..."
|
|
sudo systemctl restart docker
|
|
|
|
# Wait for Docker to restart and verify
|
|
sleep 10
|
|
|
|
echo "Verifying Docker daemon..."
|
|
docker info | grep -A5 "Insecure Registries" || echo "Checking insecure registries..."
|
|
|
|
echo "Testing registry connectivity..."
|
|
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
|
|
|
echo "Docker configured for insecure registry: $LOCAL_REGISTRY"
|
|
|
|
- name: Build Docker image
|
|
run: |
|
|
echo "Building Docker image..."
|
|
docker build -t nfoguard:latest .
|
|
docker tag nfoguard:latest nfoguard:${{ github.sha }}
|
|
echo "Docker image built and tagged successfully"
|
|
|
|
- name: Login and Push to Gitea registry (local network)
|
|
run: |
|
|
echo "Using local network connection to avoid Cloudflare tunnel timeouts..."
|
|
export DOCKER_CONFIG=/tmp/docker-config
|
|
mkdir -p $DOCKER_CONFIG
|
|
|
|
# Use local IP directly - no tunnel overhead
|
|
LOCAL_REGISTRY="192.168.253.221:3000"
|
|
echo "Registry: $LOCAL_REGISTRY"
|
|
|
|
# Note: Docker daemon must be pre-configured for insecure registry
|
|
# See configure-docker-insecure.md for setup instructions
|
|
|
|
echo "Testing registry connectivity..."
|
|
curl -s "http://$LOCAL_REGISTRY/v2/" && echo "✅ Registry accessible via HTTP" || echo "❌ Registry not accessible"
|
|
|
|
# Login to local registry
|
|
echo "Attempting login to local registry..."
|
|
echo "${{ secrets.token }}" | docker --config $DOCKER_CONFIG login "$LOCAL_REGISTRY" -u "${{ secrets.username }}" --password-stdin
|
|
|
|
# Tag images for local registry
|
|
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:latest"
|
|
docker tag nfoguard:latest "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"
|
|
|
|
echo "Pushing to local registry (much faster!)..."
|
|
|
|
# Push to local network - should be very fast
|
|
echo "=== Pushing latest tag ==="
|
|
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:latest"; then
|
|
echo "✅ Latest tag pushed successfully"
|
|
|
|
echo "=== Pushing SHA tag ==="
|
|
if docker --config $DOCKER_CONFIG push "$LOCAL_REGISTRY/jskala/nfoguard:${{ github.sha }}"; then
|
|
echo "✅ SHA tag pushed successfully"
|
|
else
|
|
echo "⚠️ SHA tag push failed but latest succeeded"
|
|
fi
|
|
else
|
|
echo "❌ Local registry push failed"
|
|
echo "Please run: sudo systemctl restart docker"
|
|
echo "And configure /etc/docker/daemon.json with insecure-registries"
|
|
docker images | grep nfoguard
|
|
exit 1
|
|
fi
|
|
|
|
# Verify the push worked
|
|
echo "=== Verifying push ==="
|
|
curl -s "http://$LOCAL_REGISTRY/v2/jskala/nfoguard/tags/list" || echo "Could not verify (but push likely succeeded)"
|
|
|
|
echo "🎉 Local registry push completed!"
|
|
|
|
deploy:
|
|
needs: build
|
|
runs-on: host
|
|
if: github.ref == 'refs/heads/main'
|
|
|
|
steps:
|
|
- name: Deploy application
|
|
run: |
|
|
echo "Deploying application..."
|
|
# Add your deployment commands here
|
|
# Examples:
|
|
# docker-compose pull
|
|
# docker-compose up -d
|
|
# or
|
|
# docker stop nfoguard || true
|
|
# docker run -d --name nfoguard -p 8080:8080 nfoguard:latest
|
|
echo "Deployment completed" |