From 49d9902dc39f5154307d60e7822ef8206c3d3414 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Wed, 4 Mar 2026 16:53:45 +0100 Subject: [PATCH] chore(ci): migrate docker registry from Gitea to standalone registry.infra.mintel.me --- .gitea/workflows/deploy.yml | 50 ++++++++----------------------------- docker-compose.yml | 4 +-- 2 files changed, 12 insertions(+), 42 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 16ba4528..55faf581 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -207,32 +207,9 @@ jobs: uses: actions/checkout@v4 - name: 🐳 Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: 🔐 Discover Valid Registry Token - id: discover_token + - name: 🔐 Registry Login run: | - echo "Testing available secrets against git.infra.mintel.me Docker registry..." - TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" - USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" - - for TOKEN in $TOKENS; do - if [ -n "$TOKEN" ]; then - for U in $USERS; do - if [ -n "$U" ]; then - echo "Attempting docker login for a token with user $U..." - if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then - echo "✅ Successfully authenticated with a token." - echo "::add-mask::$TOKEN" - echo "token=$TOKEN" >> $GITHUB_OUTPUT - echo "NPM_TOKEN=$TOKEN" >> $GITHUB_ENV - echo "user=$U" >> $GITHUB_OUTPUT - exit 0 - fi - fi - done - fi - done - echo "❌ All available tokens failed to authenticate!" - exit 1 + echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin - name: 🏗️ Build and Push uses: docker/build-push-action@v5 with: @@ -245,10 +222,10 @@ jobs: NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }} UMAMI_WEBSITE_ID=${{ secrets.UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID }} UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }} - NPM_TOKEN=${{ steps.discover_token.outputs.token }} - tags: git.infra.mintel.me/mmintel/klz-2026:${{ needs.prepare.outputs.image_tag }} + NPM_TOKEN=${{ secrets.NPM_TOKEN }} + tags: registry.infra.mintel.me/mintel/klz-2026:${{ needs.prepare.outputs.image_tag }} secrets: | - NPM_TOKEN=${{ steps.discover_token.outputs.token }} + NPM_TOKEN=${{ secrets.NPM_TOKEN }} # ────────────────────────────────────────────────────────────────────────────── # JOB 4: Deploy @@ -292,9 +269,9 @@ jobs: UMAMI_WEBSITE_ID: ${{ secrets.UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID }} UMAMI_API_ENDPOINT: ${{ secrets.UMAMI_API_ENDPOINT || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }} - # Container Registry - REGISTRY_USER: ${{ github.repository_owner }} - REGISTRY_PASS: ${{ secrets.NPM_TOKEN }} + # Container Registry (standalone) + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + REGISTRY_PASS: ${{ secrets.REGISTRY_PASS }} steps: - name: Checkout repository uses: actions/checkout@v4 @@ -397,15 +374,8 @@ jobs: scp .env.deploy root@alpha.mintel.me:$SITE_DIR/$ENV_FILE scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml - # Execute remote commands - # Write docker credentials to a temp file on local, scp it, then use it on remote - echo "DEBUG: REGISTRY_USER=${REGISTRY_USER}, REGISTRY_PASS length=${#REGISTRY_PASS}" - B64_AUTH=$(printf '%s:%s' "${REGISTRY_USER}" "${REGISTRY_PASS}" | base64 | tr -d '\n') - echo "DEBUG: B64_AUTH length=${#B64_AUTH}" - printf '{"auths":{"git.infra.mintel.me":{"auth":"%s"}}}' "${B64_AUTH}" > /tmp/docker_creds.json - scp /tmp/docker_creds.json root@alpha.mintel.me:/tmp/docker_creds.json - rm /tmp/docker_creds.json - ssh root@alpha.mintel.me "mkdir -p ~/.docker && cp /tmp/docker_creds.json ~/.docker/config.json && rm /tmp/docker_creds.json && cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans" + # Execute remote commands — alpha is pre-logged into registry.infra.mintel.me + ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE pull && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE up -d --remove-orphans" # Sanitize Payload Migrations: Replace 'dev' push entries with proper migration names. # Without this, Payload prompts interactively for confirmation and blocks forever in Docker. diff --git a/docker-compose.yml b/docker-compose.yml index 80224fb6..e2f388a5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ services: klz-app: - image: git.infra.mintel.me/mmintel/klz-2026:${IMAGE_TAG:-latest} + image: registry.infra.mintel.me/mintel/klz-2026:${IMAGE_TAG:-latest} restart: unless-stopped networks: default: @@ -60,7 +60,7 @@ services: klz-gatekeeper: profiles: [ "gatekeeper" ] - image: git.infra.mintel.me/mmintel/gatekeeper:testing + image: registry.infra.mintel.me/mintel/gatekeeper:testing restart: unless-stopped networks: infra: