NexVeridian/nexveridian-web
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix: docker
Some checks failed
docker / build (push) Failing after 1m40s
Details

Browse source
This commit is contained in:
Elijah McMorris 2025-08-22 00:57:07 -07:00
parent a40a9a44ea
commit cd03e2c8ee
Signed by: NexVeridian
SSH key fingerprint: SHA256:bsA1SKZxuEcEVHAy3gY1HUeM5ykRJl0U0kQHQn0hMg8
1 changed files with 38 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

84
.forgejo/workflows/docker.yml
View file

@ -1,36 +1,20 @@
name: docker name: docker
on: on:
# workflow_run:
# workflows: [crane]
push: push:
branches: [main] branches: [main]
# types:
# - completed
# schedule:
# - cron: 0 0 * * 1
# # Publish semver tags as releases.
# tags: [ 'v*.*.*' ]
# pull_request:
# branches: [ "main" ]
env: env:
# Use docker.io for Docker Hub if empty
REGISTRY: git.nexveridian.com REGISTRY: git.nexveridian.com
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }} IMAGE_NAME: ${{ github.repository }}
NIX_CONFIG: "experimental-features = nix-command flakes" NIX_CONFIG: "experimental-features = nix-command flakes"
jobs: jobs:
build: build:
runs-on: docker runs-on: docker
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-a-workflow-based-on-the-conclusion-of-another-workflow
# if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions: permissions:
contents: read contents: read
packages: write packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write id-token: write
steps: steps:
@ -48,46 +32,54 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Install Docker - name: Install skopeo
run: | run: |
mkdir -p ~/.local/bin mkdir -p ~/.local/bin
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#docker -o ~/.local/docker nix build -I nixpkgs=channel:nixos-unstable nixpkgs#skopeo -o ~/.local/skopeo
ln -sf ~/.local/docker/bin/docker ~/.local/bin/docker ln -sf ~/.local/skopeo/bin/skopeo ~/.local/bin/skopeo
echo "$HOME/.local/bin" >> $GITHUB_PATH echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.GITHUB_ACTOR }}
password: ${{ env.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build Nix package - name: Build Nix package
run: nix build .#my-docker run: nix build .#my-docker
# https://github.com/orgs/community/discussions/25768#discussioncomment-3249183 - name: Prepare repository variables
- name: Downcase REPO
run: | run: |
echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
STRIP_REPO_USERNAME=${GITHUB_REPOSITORY,,#nexveridian/}
- name: Strip REPO Username
run: |
STRIP_REPO_USERNAME=${REPO#nexveridian/}
echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV} echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}
# https://github.com/docker/build-push-action/issues/538 - name: Setup skopeo policy and push image
- name: Push and tag Docker image
run: | run: |
docker load < result # configure container policy to accept insecure registry
docker tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest mkdir -p ~/.config/containers
docker push ${{ env.REGISTRY }}/${{ env.REPO }}:latest cat > ~/.config/containers/policy.json <<EOF
{
"default": [{"type":"insecureAcceptAnything"}]
}
EOF
# ensure all required directories exist with proper permissions
mkdir -p /tmp/skopeo /var/tmp ~/.local/share/containers
chmod 755 /tmp/skopeo /var/tmp || true
# set multiple environment variables for skopeo temporary directories
export TMPDIR=/tmp/skopeo
export TMP=/tmp/skopeo
export TEMP=/tmp/skopeo
export XDG_RUNTIME_DIR=/tmp/skopeo
# The Nix build creates a compressed tar.gz file, we need to extract it first
echo "Extracting Nix-built Docker image..."
cd /tmp/skopeo
cp ${GITHUB_WORKSPACE}/result ./docker-image.tar.gz
gunzip docker-image.tar.gz
# push image using the extracted tar file
skopeo copy \
--dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \
--tmpdir /tmp/skopeo \
docker-archive:/tmp/skopeo/docker-image.tar \
docker://${{ env.REGISTRY }}/${{ env.REPO }}:latest
- name: Push to attic - name: Push to attic
if: always() if: always()
@ -100,7 +92,7 @@ jobs:
done done
if [ -n "$valid_paths" ]; then if [ -n "$valid_paths" ]; then
for i in {1..10}; do for i in {1..3}; do
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push nexveridian-web $valid_paths && break || [ $i -eq 5 ] || sleep 5 nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push nexveridian-web $valid_paths && break || [ $i -eq 3 ] || sleep 5
done done
fi fi