This commit is contained in:
parent
76887c3ab5
commit
2daeef0a94
SSH key fingerprint:
SHA256:bsA1SKZxuEcEVHAy3gY1HUeM5ykRJl0U0kQHQn0hMg8
1 changed files with 38 additions and 15 deletions
|
|
@ -48,21 +48,28 @@ jobs:
|
|||
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Docker
|
||||
# Install skopeo from Nix (for daemonless image operations)
|
||||
- name: Install skopeo
|
||||
run: |
|
||||
mkdir -p ~/.local/bin
|
||||
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#docker -o ~/.local/docker
|
||||
ln -sf ~/.local/docker/bin/docker ~/.local/bin/docker
|
||||
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#skopeo -o ~/.local/skopeo
|
||||
ln -sf ~/.local/skopeo/bin/skopeo ~/.local/bin/skopeo
|
||||
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
||||
# Create a simple policy file for skopeo
|
||||
mkdir -p ~/.config/containers
|
||||
cat > ~/.config/containers/policy.json << 'EOF'
|
||||
{
|
||||
"default": [
|
||||
{
|
||||
"type": "insecureAcceptAnything"
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
skopeo --version
|
||||
|
||||
- name: Log into registry ${{ env.REGISTRY }}
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ env.GITHUB_ACTOR }}
|
||||
password: ${{ env.GITHUB_TOKEN }}
|
||||
|
||||
# Extract metadata (tags, labels) for Docker
|
||||
# https://github.com/docker/metadata-action
|
||||
- name: Extract Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
|
|
@ -83,11 +90,27 @@ jobs:
|
|||
echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}
|
||||
|
||||
# https://github.com/docker/build-push-action/issues/538
|
||||
- name: Push and tag Docker image
|
||||
- name: Push Docker image with skopeo
|
||||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
docker load < result
|
||||
docker tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest
|
||||
docker push ${{ env.REGISTRY }}/${{ env.REPO }}:latest
|
||||
# The Nix result is a compressed tarball, we need to extract it first
|
||||
TARGET_FILE=$(readlink -f result)
|
||||
echo "Target file: $TARGET_FILE"
|
||||
|
||||
# Extract the compressed tarball to get the docker archive
|
||||
gunzip -c "$TARGET_FILE" > docker-image.tar
|
||||
|
||||
# Debug authentication
|
||||
echo "Registry: ${{ env.REGISTRY }}"
|
||||
echo "Repository: ${{ env.REPO }}"
|
||||
echo "Username: ${{ github.actor }}"
|
||||
|
||||
# Copy the image directly from the extracted archive to the registry
|
||||
skopeo copy \
|
||||
--dest-creds="${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \
|
||||
--dest-tls-verify=false \
|
||||
docker-archive:docker-image.tar \
|
||||
docker://${{ env.REGISTRY }}/${{ env.REPO }}:latest
|
||||
|
||||
- name: Push to attic
|
||||
if: always()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue