mmintel/at-mintel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): implement robust gitea registry auth token discovery to replace docker/login-action
Some checks failed
Monorepo Pipeline / ⚡ Prioritize Release (push) Successful in 2s
Details
Monorepo Pipeline / 🧹 Lint (push) Failing after 10s
Details
Monorepo Pipeline / 🧪 Test (push) Failing after 10s
Details
Monorepo Pipeline / 🏗️ Build (push) Failing after 10s
Details
Monorepo Pipeline / 🚀 Release (push) Has been skipped
Details
Monorepo Pipeline / 🐳 Build Gatekeeper (Product) (push) Has been skipped
Details
Monorepo Pipeline / 🐳 Build Build-Base (push) Has been skipped
Details
Monorepo Pipeline / 🐳 Build Production Runtime (push) Has been skipped
Details

Browse Source
This commit is contained in:
Marc Mintel
2026-03-04 11:07:01 +01:00
parent 616d8a039b
commit 0c27e3b5d8
2 changed files with 53 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.gitea/workflows/pipeline.yml
View File

@@ -199,12 +199,31 @@ jobs:
- name: 🐳 Set up Docker Buildx - name: 🐳 Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: 🔐 Registry Login - name: 🔐 Discover Valid Registry Token
uses: docker/login-action@v3 id: discover_token
with: run: |
registry: git.infra.mintel.me echo "Testing available secrets against git.infra.mintel.me Docker registry..."
username: ${{ github.repository_owner }} TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
password: ${{ secrets.NPM_TOKEN }} USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
for TOKEN in $TOKENS; do
if [ -n "$TOKEN" ]; then
for U in $USERS; do
if [ -n "$U" ]; then
echo "Attempting docker login for a token with user $U..."
if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
echo "✅ Successfully authenticated with a token."
echo "::add-mask::$TOKEN"
echo "token=$TOKEN" >> $GITHUB_OUTPUT
echo "user=$U" >> $GITHUB_OUTPUT
exit 0
fi
fi
done
fi
done
echo "❌ All available tokens failed to authenticate!"
exit 1
- name: 🏗️ Build & Push ${{ matrix.name }} - name: 🏗️ Build & Push ${{ matrix.name }}
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
@@ -216,7 +235,7 @@ jobs:
provenance: false provenance: false
push: true push: true
secrets: | secrets: |
NPM_TOKEN=${{ secrets.NPM_TOKEN }} NPM_TOKEN=${{ steps.discover_token.outputs.token }}
tags: | tags: |
git.infra.mintel.me/mmintel/${{ matrix.image }}:${{ github.ref_name }} git.infra.mintel.me/mmintel/${{ matrix.image }}:${{ github.ref_name }}
git.infra.mintel.me/mmintel/${{ matrix.image }}:latest git.infra.mintel.me/mmintel/${{ matrix.image }}:latest

35
packages/infra/gitea/deploy-action.yml
View File

@@ -177,12 +177,31 @@ jobs:
- name: 🐳 Set up Docker Buildx - name: 🐳 Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: 🔐 Registry Login - name: 🔐 Discover Valid Registry Token
uses: docker/login-action@v3 id: discover_token
with: run: |
registry: git.infra.mintel.me echo "Testing available secrets against git.infra.mintel.me Docker registry..."
username: ${{ github.repository_owner }} TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
password: ${{ secrets.NPM_TOKEN }} USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
for TOKEN in $TOKENS; do
if [ -n "$TOKEN" ]; then
for U in $USERS; do
if [ -n "$U" ]; then
echo "Attempting docker login for a token with user $U..."
if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
echo "✅ Successfully authenticated with a token."
echo "::add-mask::$TOKEN"
echo "token=$TOKEN" >> $GITHUB_OUTPUT
echo "user=$U" >> $GITHUB_OUTPUT
exit 0
fi
fi
done
fi
done
echo "❌ All available tokens failed to authenticate!"
exit 1
- name: 🏗️ Docker Build & Push - name: 🏗️ Docker Build & Push
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
@@ -197,7 +216,7 @@ jobs:
NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }} NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
push: true push: true
secrets: | secrets: |
NPM_TOKEN=${{ secrets.NPM_TOKEN }} NPM_TOKEN=${{ steps.discover_token.outputs.token }}
tags: git.infra.mintel.me/mmintel/${{ github.event.repository.name }}:${{ needs.prepare.outputs.image_tag }} tags: git.infra.mintel.me/mmintel/${{ github.event.repository.name }}:${{ needs.prepare.outputs.image_tag }}
# ────────────────────────────────────────────────────────────────────────────── # ──────────────────────────────────────────────────────────────────────────────
@@ -262,7 +281,7 @@ jobs:
set -e set -e
cd "/home/deploy/sites/${{ github.event.repository.name }}" cd "/home/deploy/sites/${{ github.event.repository.name }}"
chmod 600 "$ENV_FILE" chmod 600 "$ENV_FILE"
echo "${{ secrets.NPM_TOKEN }}" | docker login git.infra.mintel.me -u "${{ github.repository_owner }}" --password-stdin echo "${{ steps.discover_token.outputs.token }}" | docker login git.infra.mintel.me -u "${{ steps.discover_token.outputs.user }}" --password-stdin
docker compose -p "$PROJECT_NAME" --env-file "$ENV_FILE" pull docker compose -p "$PROJECT_NAME" --env-file "$ENV_FILE" pull
docker compose -p "$PROJECT_NAME" --env-file "$ENV_FILE" up -d --remove-orphans docker compose -p "$PROJECT_NAME" --env-file "$ENV_FILE" up -d --remove-orphans
docker system prune -f --filter "until=24h" docker system prune -f --filter "until=24h"