diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 24e868a0..2581d919 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -202,8 +202,31 @@ jobs: uses: actions/checkout@v4 - name: 🐳 Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: 🔐 Registry Login - run: echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin + - name: 🔐 Discover Valid Registry Token + id: discover_token + run: | + echo "Testing available secrets against git.infra.mintel.me Docker registry..." + TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" + USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" + + for TOKEN in $TOKENS; do + if [ -n "$TOKEN" ]; then + for U in $USERS; do + if [ -n "$U" ]; then + echo "Attempting docker login for a token with user $U..." + if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then + echo "✅ Successfully authenticated with a token." + echo "::add-mask::$TOKEN" + echo "token=$TOKEN" >> $GITHUB_OUTPUT + echo "user=$U" >> $GITHUB_OUTPUT + exit 0 + fi + fi + done + fi + done + echo "❌ All available tokens failed to authenticate!" + exit 1 - name: 🏗️ Build and Push uses: docker/build-push-action@v5 with: @@ -216,10 +239,10 @@ jobs: NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }} UMAMI_WEBSITE_ID=${{ secrets.UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID }} UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }} - NPM_TOKEN=${{ secrets.NPM_TOKEN }} - tags: registry.infra.mintel.me/mintel/klz-2026:${{ needs.prepare.outputs.image_tag }} + NPM_TOKEN=${{ steps.discover_token.outputs.token }} + tags: git.infra.mintel.me/mmintel/klz-2026:${{ needs.prepare.outputs.image_tag }} secrets: | - "NPM_TOKEN=${{ secrets.NPM_TOKEN }}" + "NPM_TOKEN=${{ steps.discover_token.outputs.token }}" # ────────────────────────────────────────────────────────────────────────────── # JOB 4: Deploy @@ -350,6 +373,32 @@ jobs: cat .env.deploy echo "----------------------------" + - name: 🔐 Registry Auth + id: auth + run: | + echo "Testing available secrets against git.infra.mintel.me Docker registry..." + TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" + USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" + + VALID_TOKEN="" + VALID_USER="" + for T in $TOKENS; do + if [ -n "$T" ]; then + for U in $USERS; do + if [ -n "$U" ]; then + if echo "$T" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then + VALID_TOKEN="$T" + VALID_USER="$U" + break 2 + fi + fi + done + fi + done + if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi + echo "token=$VALID_TOKEN" >> $GITHUB_OUTPUT + echo "user=$VALID_USER" >> $GITHUB_OUTPUT + - name: 🚀 SSH Deploy shell: bash env: @@ -375,7 +424,7 @@ jobs: scp .env.deploy root@alpha.mintel.me:$SITE_DIR/$ENV_FILE scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml - ssh root@alpha.mintel.me "cd $SITE_DIR && echo '${{ secrets.REGISTRY_PASS }}' | docker login registry.infra.mintel.me -u '${{ secrets.REGISTRY_USER }}' --password-stdin" + ssh root@alpha.mintel.me "cd $SITE_DIR && echo '${{ steps.auth.outputs.token }}' | docker login git.infra.mintel.me -u '${{ steps.auth.outputs.user }}' --password-stdin" ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull" ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans"