This commit is contained in:
parent
76887c3ab5
commit
02f5a5dba1
SSH key fingerprint:
SHA256:bsA1SKZxuEcEVHAy3gY1HUeM5ykRJl0U0kQHQn0hMg8
1 changed files with 32 additions and 15 deletions
|
|
@ -48,21 +48,28 @@ jobs:
|
||||||
|
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Install Docker
|
# Install skopeo from Nix (for daemonless image operations)
|
||||||
|
- name: Install skopeo
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.local/bin
|
mkdir -p ~/.local/bin
|
||||||
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#docker -o ~/.local/docker
|
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#skopeo -o ~/.local/skopeo
|
||||||
ln -sf ~/.local/docker/bin/docker ~/.local/bin/docker
|
ln -sf ~/.local/skopeo/bin/skopeo ~/.local/bin/skopeo
|
||||||
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
||||||
|
# Create a simple policy file for skopeo
|
||||||
|
mkdir -p ~/.config/containers
|
||||||
|
cat > ~/.config/containers/policy.json << 'EOF'
|
||||||
|
{
|
||||||
|
"default": [
|
||||||
|
{
|
||||||
|
"type": "insecureAcceptAnything"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
skopeo --version
|
||||||
|
|
||||||
- name: Log into registry ${{ env.REGISTRY }}
|
# Extract metadata (tags, labels) for Docker
|
||||||
if: github.event_name != 'pull_request'
|
# https://github.com/docker/metadata-action
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
registry: ${{ env.REGISTRY }}
|
|
||||||
username: ${{ env.GITHUB_ACTOR }}
|
|
||||||
password: ${{ env.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Extract Docker metadata
|
- name: Extract Docker metadata
|
||||||
id: meta
|
id: meta
|
||||||
uses: docker/metadata-action@v5
|
uses: docker/metadata-action@v5
|
||||||
|
|
@ -83,11 +90,21 @@ jobs:
|
||||||
echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}
|
echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}
|
||||||
|
|
||||||
# https://github.com/docker/build-push-action/issues/538
|
# https://github.com/docker/build-push-action/issues/538
|
||||||
- name: Push and tag Docker image
|
- name: Push Docker image with skopeo
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
run: |
|
run: |
|
||||||
docker load < result
|
# The Nix result is a compressed tarball, we need to extract it first
|
||||||
docker tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest
|
TARGET_FILE=$(readlink -f result)
|
||||||
docker push ${{ env.REGISTRY }}/${{ env.REPO }}:latest
|
echo "Target file: $TARGET_FILE"
|
||||||
|
|
||||||
|
# Extract the compressed tarball to get the docker archive
|
||||||
|
gunzip -c "$TARGET_FILE" > docker-image.tar
|
||||||
|
|
||||||
|
# Copy the image directly from the extracted archive to the registry
|
||||||
|
skopeo copy \
|
||||||
|
--dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
|
||||||
|
docker-archive:docker-image.tar \
|
||||||
|
docker://${{ env.REGISTRY }}/${{ env.REPO }}:latest
|
||||||
|
|
||||||
- name: Push to attic
|
- name: Push to attic
|
||||||
if: always()
|
if: always()
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue