diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index b97f94f..2b1873f 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -61,58 +61,30 @@ jobs: fi echo "version=${next}" >> "$GITHUB_OUTPUT" - - name: Single shell test - env: - REG_USER: ${{ secrets.REGISTRY_USERNAME }} - REG_PASS: ${{ secrets.REGISTRY_PASSWORD }} - run: | - set -x - # All in one shell - mkdir -p /tmp/dc - AUTH=$(printf '%s:%s' "$REG_USER" "$REG_PASS" | base64 -w 0) - printf '{"auths":{"registry.c5ai.ch":{"auth":"%s"}}}' "$AUTH" > /tmp/dc/config.json - export DOCKER_CONFIG=/tmp/dc - - # Verify the file is there RIGHT NOW - ls -la /tmp/dc/ - cat /tmp/dc/config.json - - # Push something — anything — using this config - docker pull alpine:3.20 - docker tag alpine:3.20 registry.c5ai.ch/pieced/pieced-portal:debug-auth - docker push registry.c5ai.ch/pieced/pieced-portal:debug-auth - docker info 2>&1 | grep -i config - - name: Build and push image - # Combine login + build + push in a single run block. act_runner can - # use ephemeral per-step containers in some configurations, in which - # case `docker login` from one step doesn't leave its cached - # ~/.docker/config.json visible to the next step. Doing everything - # in one shell session sidesteps that entirely. env: REG_USER: ${{ secrets.REGISTRY_USERNAME }} REG_PASS: ${{ secrets.REGISTRY_PASSWORD }} VERSION: ${{ steps.version.outputs.version }} run: | set -euo pipefail - - # Write docker auth config directly. This guarantees the Authorization - # header is sent on every request — including PATCH during blob - # upload — without depending on a credential store or `docker login` - # state. Resolves a known issue where docker-in-docker drops auth - # mid-push. - mkdir -p /tmp/docker-config + mkdir -p /root/.docker AUTH=$(printf '%s:%s' "$REG_USER" "$REG_PASS" | base64 -w 0) - cat > /tmp/docker-config/config.json < /root/.docker/config.json <