diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 4f4cc9e..61d91ab 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -301,41 +301,9 @@ jobs: perl -pi -e 's/link:\.\.\/\.\.\/_at-mintel\/packages\/pdf"/link:..\/\.\.\/_at-mintel\/packages\/pdf-library"/g' apps/web/package.json - name: ๐Ÿณ Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: ๐Ÿ” Prepare Registry Token - id: prep_token + - name: ๐Ÿ” Registry Login run: | - TOKEN="${{ secrets.NPM_TOKEN }}" - if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.MINTEL_PRIVATE_TOKEN }}"; fi - if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.GITEA_PAT }}"; fi - if [ -z "$TOKEN" ]; then echo "Missing NPM_TOKEN secret! Add it to Gitea repo settings."; exit 1; fi - echo "token=$TOKEN" >> $GITHUB_OUTPUT - - - name: ๐Ÿ” Discover Valid Registry Token - id: discover_token - run: | - echo "Testing available secrets against git.infra.mintel.me Docker registry..." - TOKENS="${{ secrets.GITHUB_TOKEN }} ${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" - USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" - - for TOKEN_RAW in $TOKENS; do - if [ -n "$TOKEN_RAW" ]; then - TOKEN=$(echo "$TOKEN_RAW" | tr -d ' ' | tr -d '\n' | tr -d '\r') - for U in $USERS; do - if [ -n "$U" ]; then - echo "Attempting docker login for a token with user $U..." - if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then - echo "โœ… Successfully authenticated with a token." - echo "::add-mask::$TOKEN" - echo "token=$TOKEN" >> $GITHUB_OUTPUT - echo "user=$U" >> $GITHUB_OUTPUT - exit 0 - fi - fi - done - fi - done - echo "โŒ All available tokens (GITEA_PAT, MINTEL_PRIVATE_TOKEN, NPM_TOKEN) failed to authenticate!" - exit 1 + echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin - name: ๐Ÿ—๏ธ Build and Push uses: docker/build-push-action@v5 @@ -349,11 +317,11 @@ jobs: NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }} DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} NPM_TOKEN=${{ secrets.NPM_TOKEN }} - tags: git.infra.mintel.me/mmintel/mintel.me:${{ needs.prepare.outputs.image_tag }} - cache-from: type=registry,ref=git.infra.mintel.me/mmintel/mintel.me:buildcache - cache-to: type=registry,ref=git.infra.mintel.me/mmintel/mintel.me:buildcache,mode=max + tags: registry.infra.mintel.me/mintel/mintel.me:${{ needs.prepare.outputs.image_tag }} + cache-from: type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache + cache-to: type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache,mode=max secrets: | - NPM_TOKEN=${{ steps.discover_token.outputs.token }} + NPM_TOKEN=${{ secrets.NPM_TOKEN }} - name: ๐Ÿšจ Extract Build Error Logs if: failure() @@ -557,19 +525,13 @@ jobs: if [ -z "$VALID_TOKEN" ]; then echo "โŒ All tokens failed to authenticate!"; exit 1; fi TOKEN="$VALID_TOKEN" - DB_CONTAINER="${{ needs.prepare.outputs.project_name }}-postgres-db-1" - # Write docker credentials to a temp file locally, scp to remote, use it for docker auth - B64_AUTH=$(printf '%s:%s' "$VALID_USER" "$TOKEN" | base64 | tr -d '\n') - printf '{"auths":{"git.infra.mintel.me":{"auth":"%s"}}}' "$B64_AUTH" > /tmp/docker_creds.json - scp /tmp/docker_creds.json root@alpha.mintel.me:/tmp/docker_creds.json - rm /tmp/docker_creds.json + # Deploy โ€” alpha is pre-logged into registry.infra.mintel.me, no credential passing needed ssh root@alpha.mintel.me " - mkdir -p ~/.docker && cp /tmp/docker_creds.json ~/.docker/config.json && rm /tmp/docker_creds.json docker network create '${{ needs.prepare.outputs.project_name }}-internal' || true docker volume create 'mintel-me_payload-db-data' || true cd $SITE_DIR - docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file \"$ENV_FILE\" pull - docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file \"$ENV_FILE\" up -d --remove-orphans + docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE pull + docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE up -d --remove-orphans " - name: ๐Ÿงน Post-Deploy Cleanup (Runner) diff --git a/docker-compose.yml b/docker-compose.yml index 01bf1be..30ea034 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ services: mintel-me-app: - image: git.infra.mintel.me/mmintel/mintel.me:${IMAGE_TAG:-latest} + image: registry.infra.mintel.me/mintel/mintel.me:${IMAGE_TAG:-latest} restart: always networks: - default @@ -55,8 +55,8 @@ services: - "traefik.http.middlewares.${PROJECT_NAME}-forward.headers.customrequestheaders.X-Forwarded-Ssl=on" gatekeeper: - profiles: [ "gatekeeper" ] - image: git.infra.mintel.me/mmintel/gatekeeper:v1.7.12 + profiles: ["gatekeeper"] + image: registry.infra.mintel.me/mintel/gatekeeper:v1.7.12 container_name: ${PROJECT_NAME:-mintel-me}-gatekeeper restart: always networks: