pieced/pieced-portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add docker env

Browse Source
This commit is contained in:
admin
2026-04-25 19:20:54 +02:00
parent 65d8a2e2ff
commit 935dfb8abc
2 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.gitea/workflows/build.yml
View File

@@ -21,9 +21,6 @@ jobs:
# runner config, but self-hosted makes intent explicit. # runner config, but self-hosted makes intent explicit.
runs-on: ubuntu-latest runs-on: ubuntu-latest
env:
DOCKER_HOST: tcp://172.17.0.1:2375
outputs: outputs:
version: ${{ steps.version.outputs.version }} version: ${{ steps.version.outputs.version }}
@@ -37,9 +34,12 @@ jobs:
# strict semver (skips 'latest', 'dev', '<sha>-dirty', etc.), picks the # strict semver (skips 'latest', 'dev', '<sha>-dirty', etc.), picks the
# highest with version-sort, and bumps the patch component. If nothing # highest with version-sort, and bumps the patch component. If nothing
# numeric exists yet (fresh registry), starts at 0.1.0. # numeric exists yet (fresh registry), starts at 0.1.0.
env:
REG_USER: ${{ secrets.REGISTRY_USERNAME }}
REG_PASS: ${{ secrets.REGISTRY_PASSWORD }}
run: | run: |
set -euo pipefail set -euo pipefail
tags_json=$(curl -sf -u "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" \ tags_json=$(curl -sf -u "$REG_USER:$REG_PASS" \
"https://${REGISTRY}/v2/${IMAGE}/tags/list") "https://${REGISTRY}/v2/${IMAGE}/tags/list")
highest=$(echo "$tags_json" \ highest=$(echo "$tags_json" \
| jq -r '.tags // [] | .[]' \ | jq -r '.tags // [] | .[]' \
@@ -58,16 +58,20 @@ jobs:
fi fi
echo "version=${next}" >> "$GITHUB_OUTPUT" echo "version=${next}" >> "$GITHUB_OUTPUT"
- name: Login to registry
run: |
echo "${{ secrets.REGISTRY_PASSWORD }}" \
| docker login "${REGISTRY}" -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
- name: Build and push image - name: Build and push image
# Combine login + build + push in a single run block. act_runner can
# use ephemeral per-step containers in some configurations, in which
# case `docker login` from one step doesn't leave its cached
# ~/.docker/config.json visible to the next step. Doing everything
# in one shell session sidesteps that entirely.
env: env:
REG_USER: ${{ secrets.REGISTRY_USERNAME }}
REG_PASS: ${{ secrets.REGISTRY_PASSWORD }}
VERSION: ${{ steps.version.outputs.version }} VERSION: ${{ steps.version.outputs.version }}
run: | run: |
set -euo pipefail set -euo pipefail
printf '%s' "$REG_PASS" \
| docker login "${REGISTRY}" -u "$REG_USER" --password-stdin
docker build \ docker build \
--pull \ --pull \
-t "${REGISTRY}/${IMAGE}:${VERSION}" \ -t "${REGISTRY}/${IMAGE}:${VERSION}" \

8
.gitea/workflows/deploy.yml
View File

@@ -24,11 +24,15 @@ jobs:
steps: steps:
- name: Verify image exists in registry - name: Verify image exists in registry
# Fail fast if the user typed a version that was never built. Catches # Fail fast if the user typed a version that was never built. Catches
# typos before we touch the gitops repo. # typos before we touch the gitops repo. Uses env-var pattern for
# credentials to avoid shell interpolation mangling special characters.
env:
REG_USER: ${{ secrets.REGISTRY_USERNAME }}
REG_PASS: ${{ secrets.REGISTRY_PASSWORD }}
run: | run: |
set -euo pipefail set -euo pipefail
status=$(curl -sf -o /dev/null -w '%{http_code}' \ status=$(curl -sf -o /dev/null -w '%{http_code}' \
-u "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" \ -u "$REG_USER:$REG_PASS" \
"https://${REGISTRY}/v2/${IMAGE}/manifests/${{ inputs.version }}" \ "https://${REGISTRY}/v2/${IMAGE}/manifests/${{ inputs.version }}" \
|| true) || true)
if [ "$status" != "200" ]; then if [ "$status" != "200" ]; then