ci: unify registry authentication across all jobs with dynamic token verification
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 7s
Build & Deploy / 🧪 QA (push) Failing after 14s
Build & Deploy / 🏗️ Build (push) Has been skipped
Build & Deploy / 🚀 Deploy (push) Has been skipped
Build & Deploy / 🧪 Post-Deploy Verification (push) Has been skipped
Build & Deploy / 🔔 Notify (push) Successful in 1s
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 7s
Build & Deploy / 🧪 QA (push) Failing after 14s
Build & Deploy / 🏗️ Build (push) Has been skipped
Build & Deploy / 🚀 Deploy (push) Has been skipped
Build & Deploy / 🧪 Post-Deploy Verification (push) Has been skipped
Build & Deploy / 🔔 Notify (push) Successful in 1s
This commit is contained in:
@@ -175,10 +175,20 @@ jobs:
|
||||
sed -i 's|../../../at-mintel|../../_at-mintel|g' apps/web/tsconfig.json || true
|
||||
- name: 🔐 Registry Auth
|
||||
run: |
|
||||
TOKEN="${{ secrets.NPM_TOKEN }}"
|
||||
if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.MINTEL_PRIVATE_TOKEN }}"; fi
|
||||
if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.GITEA_PAT }}"; fi
|
||||
if [ -z "$TOKEN" ]; then echo "❌ Missing NPM_TOKEN / MINTEL_PRIVATE_TOKEN / GITEA_PAT secret!"; exit 1; fi
|
||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||
TOKENS=( "${{ secrets.GITEA_PAT }}" "${{ secrets.MINTEL_PRIVATE_TOKEN }}" "${{ secrets.NPM_TOKEN }}" )
|
||||
VALID_TOKEN=""
|
||||
for T in "${TOKENS[@]}"; do
|
||||
if [ -n "$T" ]; then
|
||||
if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > /dev/null 2>&1; then
|
||||
echo "✅ Successfully authenticated with a token."
|
||||
VALID_TOKEN="$T"
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
||||
TOKEN="$VALID_TOKEN"
|
||||
|
||||
# Mask token in logs (just in case, but Gitea usually does this automatically)
|
||||
echo "::add-mask::$TOKEN"
|
||||
@@ -276,12 +286,24 @@ jobs:
|
||||
if [ -z "$TOKEN" ]; then echo "Missing NPM_TOKEN secret! Add it to Gitea repo settings."; exit 1; fi
|
||||
echo "token=$TOKEN" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: 🔐 Registry Login
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.infra.mintel.me
|
||||
username: mmintel
|
||||
password: ${{ secrets.NPM_TOKEN }}
|
||||
- name: 🔐 Discover Valid Registry Token
|
||||
id: discover_token
|
||||
run: |
|
||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||
TOKENS=( "${{ secrets.GITEA_PAT }}" "${{ secrets.MINTEL_PRIVATE_TOKEN }}" "${{ secrets.NPM_TOKEN }}" )
|
||||
|
||||
for TOKEN in "${TOKENS[@]}"; do
|
||||
if [ -n "$TOKEN" ]; then
|
||||
if echo "$TOKEN" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > /dev/null 2>&1; then
|
||||
echo "✅ Successfully authenticated with a token."
|
||||
echo "::add-mask::$TOKEN"
|
||||
echo "token=$TOKEN" >> $GITHUB_OUTPUT
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
done
|
||||
echo "❌ All available tokens (GITEA_PAT, MINTEL_PRIVATE_TOKEN, NPM_TOKEN) failed to authenticate!"
|
||||
exit 1
|
||||
|
||||
- name: 🏗️ Build and Push
|
||||
uses: docker/build-push-action@v5
|
||||
@@ -299,7 +321,7 @@ jobs:
|
||||
cache-from: type=registry,ref=git.infra.mintel.me/mmintel/mintel.me:buildcache
|
||||
cache-to: type=registry,ref=git.infra.mintel.me/mmintel/mintel.me:buildcache,mode=max
|
||||
secrets: |
|
||||
NPM_TOKEN=${{ secrets.NPM_TOKEN }}
|
||||
NPM_TOKEN=${{ steps.discover_token.outputs.token }}
|
||||
|
||||
- name: 🚨 Extract Build Error Logs
|
||||
if: failure()
|
||||
@@ -310,13 +332,13 @@ jobs:
|
||||
chmod 600 ~/.ssh/id_ed25519
|
||||
ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
|
||||
echo "Re-running docker build with plain progress to capture exact logs..."
|
||||
echo "${{ secrets.NPM_TOKEN }}" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > login.log 2>&1
|
||||
echo "${{ secrets.NPM_TOKEN }}" > /tmp/npm_token.txt
|
||||
echo "${{ steps.discover_token.outputs.token }}" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > login.log 2>&1
|
||||
echo "${{ steps.discover_token.outputs.token }}" > /tmp/npm_token.txt
|
||||
docker build \
|
||||
--build-arg NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }} \
|
||||
--build-arg NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }} \
|
||||
--build-arg DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} \
|
||||
--build-arg NPM_TOKEN=${{ secrets.NPM_TOKEN }} \
|
||||
--build-arg NPM_TOKEN=${{ steps.discover_token.outputs.token }} \
|
||||
--secret id=NPM_TOKEN,src=/tmp/npm_token.txt \
|
||||
--progress plain \
|
||||
-t temp-image . > docker_build_failed.log 2>&1
|
||||
@@ -478,10 +500,20 @@ jobs:
|
||||
scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml
|
||||
|
||||
# Deploy
|
||||
TOKEN="${{ secrets.NPM_TOKEN }}"
|
||||
if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.MINTEL_PRIVATE_TOKEN }}"; fi
|
||||
if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.GITEA_PAT }}"; fi
|
||||
if [ -z "$TOKEN" ]; then echo "Missing NPM_TOKEN secret! Add it to Gitea repo settings."; exit 1; fi
|
||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||
TOKENS=( "${{ secrets.GITEA_PAT }}" "${{ secrets.MINTEL_PRIVATE_TOKEN }}" "${{ secrets.NPM_TOKEN }}" )
|
||||
VALID_TOKEN=""
|
||||
for T in "${TOKENS[@]}"; do
|
||||
if [ -n "$T" ]; then
|
||||
if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > /dev/null 2>&1; then
|
||||
echo "✅ Successfully authenticated with a token."
|
||||
VALID_TOKEN="$T"
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
||||
TOKEN="$VALID_TOKEN"
|
||||
|
||||
DB_CONTAINER="${{ needs.prepare.outputs.project_name }}-postgres-db-1"
|
||||
ssh root@alpha.mintel.me bash <<DEPLOYEOF
|
||||
@@ -533,10 +565,20 @@ jobs:
|
||||
sed -i 's|../../../at-mintel|../../_at-mintel|g' apps/web/tsconfig.json || true
|
||||
- name: 🔐 Registry Auth
|
||||
run: |
|
||||
TOKEN="${{ secrets.NPM_TOKEN }}"
|
||||
if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.MINTEL_PRIVATE_TOKEN }}"; fi
|
||||
if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.GITEA_PAT }}"; fi
|
||||
if [ -z "$TOKEN" ]; then echo "❌ Missing NPM_TOKEN / MINTEL_PRIVATE_TOKEN / GITEA_PAT secret!"; exit 1; fi
|
||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||
TOKENS=( "${{ secrets.GITEA_PAT }}" "${{ secrets.MINTEL_PRIVATE_TOKEN }}" "${{ secrets.NPM_TOKEN }}" )
|
||||
VALID_TOKEN=""
|
||||
for T in "${TOKENS[@]}"; do
|
||||
if [ -n "$T" ]; then
|
||||
if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > /dev/null 2>&1; then
|
||||
echo "✅ Successfully authenticated with a token."
|
||||
VALID_TOKEN="$T"
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
||||
TOKEN="$VALID_TOKEN"
|
||||
echo "Configuring .npmrc for git.infra.mintel.me..."
|
||||
echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm/" > .npmrc
|
||||
echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${TOKEN}" >> .npmrc
|
||||
|
||||
Reference in New Issue
Block a user