NexVeridian/nexveridian-web
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
nexveridian-web/.forgejo/workflows/docker.yml
NexVeridian aad2091c43
Some checks failed
docker / build (push) Failing after 1m40s
Details
fix: docker
2025-08-22 01:44:33 -07:00

177 lines
6.6 KiB
YAML
Raw Blame History

name: docker
on:
push:
branches: [main]
env:
REGISTRY: git.nexveridian.com
IMAGE_NAME: ${{ github.repository }}
NIX_CONFIG: "experimental-features = nix-command flakes"
jobs:
build:
runs-on: docker
permissions:
contents: read
packages: write
id-token: write
steps:
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.nexveridian.com ${{ secrets.ATTIC_TOKEN }} || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache create nexveridian-web || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use nexveridian-web || true
- name: Install Node.js
run: |
mkdir -p ~/.local/bin
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#nodejs_24 -o ~/.local/nodejs
ln -sf ~/.local/nodejs/bin/node ~/.local/bin/node
ln -sf ~/.local/nodejs/bin/npm ~/.local/bin/npm
echo "$HOME/.local/bin" >> $GITHUB_PATH
- uses: actions/checkout@v4
- name: Install skopeo
run: |
mkdir -p ~/.local/bin
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#skopeo -o ~/.local/skopeo
ln -sf ~/.local/skopeo/bin/skopeo ~/.local/bin/skopeo
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Build Nix package
run: nix build .#my-docker
- name: Prepare repository variables
run: |
echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
echo "OWNER=${GITHUB_REPOSITORY_OWNER,,}" >> ${GITHUB_ENV}
# Extract just the repository name (everything after the last slash)
REPO_NAME=${GITHUB_REPOSITORY##*/}
echo "IMAGE_NAME=${REPO_NAME,,}" >> ${GITHUB_ENV}
# Debug output
echo "Full repository: ${GITHUB_REPOSITORY}"
echo "Repository owner: ${GITHUB_REPOSITORY_OWNER}"
echo "Extracted repo name: ${REPO_NAME}"
echo "Final image name: ${REPO_NAME,,}"
echo "Final owner: ${GITHUB_REPOSITORY_OWNER,,}"
- name: Setup skopeo policy and push image
run: |
# configure container policy to accept insecure registry
mkdir -p ~/.config/containers
cat > ~/.config/containers/policy.json <<EOF
{
"default": [{"type":"insecureAcceptAnything"}]
}
EOF
# ensure all required directories exist with proper permissions
mkdir -p /tmp/skopeo /var/tmp ~/.local/share/containers
chmod 755 /tmp/skopeo /var/tmp || true
# set multiple environment variables for skopeo temporary directories
export TMPDIR=/tmp/skopeo
export TMP=/tmp/skopeo
export TEMP=/tmp/skopeo
export XDG_RUNTIME_DIR=/tmp/skopeo
# The Nix build creates a compressed tar.gz file, we need to extract it first
echo "Extracting Nix-built Docker image..."
cd /tmp/skopeo
cp ${GITHUB_WORKSPACE}/result ./docker-image.tar.gz
gunzip docker-image.tar.gz
# Debug information
echo "Registry: ${{ env.REGISTRY }}"
echo "Repository: ${{ env.REPO }}"
echo "Image Name: ${{ env.IMAGE_NAME }}"
echo "Owner: ${{ env.OWNER }}"
echo "Actor: ${{ github.actor }}"
echo "Target: docker://${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.IMAGE_NAME }}:latest"
# Create authentication file for skopeo
echo "Creating authentication file..."
mkdir -p ~/.docker
cat > ~/.docker/config.json <<EOF
{
"auths": {
"${{ env.REGISTRY }}": {
"auth": "$(echo -n "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" | base64 -w 0)"
}
}
}
EOF
# Also create auth for containers directory
mkdir -p ~/.config/containers
cp ~/.docker/config.json ~/.config/containers/auth.json
# Test registry connectivity first
echo "Testing registry authentication..."
skopeo login --username "${{ github.actor }}" --password "${{ secrets.GITHUB_TOKEN }}" "${{ env.REGISTRY }}" || echo "Login failed, continuing anyway..."
# Try to create/ensure repository exists via API
echo "Ensuring repository exists in container registry..."
curl -X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/json" \
"https://${{ env.REGISTRY }}/api/v1/orgs/${{ env.OWNER }}/repos" \
-d '{"name": "${{ env.IMAGE_NAME }}", "private": false}' || echo "Repository might already exist"
# Try Forgejo-specific authentication with package scope
echo "Attempting push with Forgejo-specific auth..."
# Create a proper registry auth for Forgejo
ENCODED_AUTH=$(echo -n "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" | base64 -w 0)
# Method 1: Try with explicit Docker config for Forgejo
mkdir -p ~/.docker
cat > ~/.docker/config.json <<EOF
{
"auths": {
"${{ env.REGISTRY }}": {
"auth": "$ENCODED_AUTH"
}
},
"credsStore": "",
"credHelpers": {}
}
EOF
skopeo copy \
--dest-tls-verify=false \
--tmpdir /tmp/skopeo \
--override-os linux \
--override-arch amd64 \
docker-archive:/tmp/skopeo/docker-image.tar \
docker://${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.IMAGE_NAME }}:latest || {
echo "Standard method failed, trying with debug output..."
# Method 2: Try with more verbose output and different auth
skopeo copy \
--dest-tls-verify=false \
--tmpdir /tmp/skopeo \
--dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \
--debug \
docker-archive:/tmp/skopeo/docker-image.tar \
docker://${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.IMAGE_NAME }}:latest
}
- name: Push to attic
if: always()
run: |
valid_paths=""
for path in /nix/store/*/; do
if nix path-info "$path" >/dev/null 2>&1; then
valid_paths="$valid_paths $path"
fi
done
if [ -n "$valid_paths" ]; then
for i in {1..3}; do
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push nexveridian-web $valid_paths && break || [ $i -eq 3 ] || sleep 5
done
fi
Reference in a new issue View git blame Copy permalink