From 2580858ee8b3d8c0e8e9e31f655c92b64616821f Mon Sep 17 00:00:00 2001 From: RJ Date: Wed, 19 Nov 2025 17:53:58 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=A4=B7=E2=80=8D=E2=99=82=EF=B8=8F=20don't?= =?UTF-8?q?=20try=20to=20login=20into=20registry=20because=20it=20hangs=20?= =?UTF-8?q?the=20step?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/main.yml | 108 ++++++++++++++++++-------------------- 1 file changed, 52 insertions(+), 56 deletions(-) diff --git a/.gitea/workflows/main.yml b/.gitea/workflows/main.yml index f63325b..6e6cba3 100644 --- a/.gitea/workflows/main.yml +++ b/.gitea/workflows/main.yml @@ -9,20 +9,16 @@ # - PRODUCTION_HOST: IP address or hostname of production server # - PRODUCTION_USER: SSH username (e.g., 'deployer') # - SSH_PRIVATE_KEY: Private SSH key for authentication -# - REGISTRY_USERNAME: Docker registry username (optional, if registry requires auth) -# - REGISTRY_PASSWORD: Docker registry password (optional, if registry requires auth) # # Environment Variables (configured below): # - REGISTRY: Docker registry URL # - IMAGE_NAME: Docker image name # -# Docker Registry Authentication Strategy: -# - Registry login is OPTIONAL and conditional -# - Login only attempted if REGISTRY_USERNAME and REGISTRY_PASSWORD are configured -# - Login failures are logged but do NOT fail the workflow -# - Insecure/private registries (e.g., repository.workspace:5000) work without authentication -# - If push/pull fails due to auth, the workflow will fail at that point (not at login) -# - This approach supports both authenticated and insecure registries without workflow changes +# Docker Registry Configuration: +# - Current registry (repository.workspace:5000) is INSECURE - no authentication required +# - Registry login steps are SKIPPED to avoid 7+ minute timeout delays +# - Docker push/pull operations work without credentials +# - If switching to authenticated registry: uncomment login steps and configure secrets name: Build and Deploy Next.js Blog to Production @@ -92,21 +88,32 @@ jobs: - name: 🔎 Checkout code uses: actions/checkout@v4 - # Optional: Only needed if registry requires authentication - # For insecure/private registries (e.g., repository.workspace:5000), login is not required - # Credentials are checked before attempting login to avoid unnecessary failures - - name: 🔐 Log in to Docker Registry (if credentials provided) + # Insecure registry configuration - no authentication required + # The registry at repository.workspace:5000 does not require login + # Docker push/pull operations work without credentials + - name: ℹī¸ Registry configuration (insecure - no login required) run: | - if [ -n "${{ secrets.REGISTRY_USERNAME }}" ] && [ -n "${{ secrets.REGISTRY_PASSWORD }}" ]; then - echo "Logging into ${{ env.REGISTRY }} with credentials..." - if echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin 2>/dev/null; then - echo "✅ Login successful" - else - echo "⚠ī¸ Login failed, continuing anyway (registry might not require auth)" - fi - else - echo "⚠ī¸ No registry credentials provided - using insecure/public registry (no login required)" - fi + echo "=== Docker Registry Configuration ===" + echo "Registry: ${{ env.REGISTRY }}" + echo "Type: Insecure (no authentication required)" + echo "" + echo "ℹī¸ Skipping registry login - insecure registry allows push/pull without credentials" + echo "" + echo "If your registry requires authentication in the future:" + echo " 1. Set REGISTRY_USERNAME and REGISTRY_PASSWORD secrets in Gitea" + echo " 2. Uncomment the login step below this message" + echo " 3. Change registry URL to authenticated registry" + + # Uncomment this step if registry requires authentication in the future + # - name: 🔐 Log in to Docker Registry + # timeout-minutes: 1 + # run: | + # if [ -n "${{ secrets.REGISTRY_USERNAME }}" ] && [ -n "${{ secrets.REGISTRY_PASSWORD }}" ]; then + # echo "Attempting login to ${{ env.REGISTRY }}..." + # timeout 30s bash -c 'echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin' || { + # echo "⚠ī¸ Login failed - continuing anyway" + # } + # fi - name: 🏗ī¸ Build Docker image timeout-minutes: 30 @@ -160,34 +167,29 @@ jobs: - name: 🔎 Checkout code (for docker-compose file) uses: actions/checkout@v4 - # Optional: Validate registry access if authentication is configured - # For insecure registries, this step only logs status without failing workflow - # Actual registry access is tested during image pull in deployment step - - name: 🔐 Validate Registry Access on Production Server + # Verify Docker is accessible on production server + # Registry authentication is not required for insecure registry + - name: ℹī¸ Verify production server Docker access uses: appleboy/ssh-action@v1.0.3 - env: - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} - REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} - REGISTRY_URL: ${{ env.REGISTRY }} with: host: ${{ vars.PRODUCTION_HOST }} username: ${{ vars.PRODUCTION_USER }} key: ${{ secrets.SSH_PRIVATE_KEY }} port: 22 - envs: REGISTRY_PASSWORD,REGISTRY_USERNAME,REGISTRY_URL script: | - echo "=== Validating Docker Registry access ===" - if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then - echo "Logging into $REGISTRY_URL with credentials..." - if echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin 2>/dev/null; then - echo "✅ Registry authentication successful" - else - echo "⚠ī¸ Login failed - registry might not require authentication" - fi - else - echo "⚠ī¸ No registry credentials configured - using insecure/public registry" - echo "ℹī¸ Registry connectivity will be validated during image pull" - fi + echo "=== Verifying Docker is accessible ===" + docker info > /dev/null 2>&1 || { + echo "❌ Docker is not running or user has no access" + echo "Please ensure Docker is installed and user is in docker group" + exit 1 + } + echo "✅ Docker is accessible" + + echo "" + echo "=== Registry Configuration ===" + echo "Registry: ${{ env.REGISTRY }}" + echo "Type: Insecure (no authentication)" + echo "ℹī¸ Skipping registry login - push/pull will work without credentials" - name: 📁 Ensure application directory structure uses: appleboy/ssh-action@v1.0.3 @@ -254,18 +256,12 @@ jobs: echo "=== Starting deployment to production server ===" cd /opt/mypage - # Log in to Docker registry (skip if credentials not configured) - # For insecure/private registries (repository.workspace:5000), login is optional - if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then - echo "=== Logging in to Docker registry ===" - if echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin 2>/dev/null; then - echo "✅ Registry login successful" - else - echo "⚠ī¸ Login failed - continuing anyway (registry might not require auth)" - fi - else - echo "⚠ī¸ No registry credentials - using insecure/public registry (no login required)" - fi + # Registry configuration - insecure registry does not require authentication + echo "=== Registry Configuration ===" + echo "Registry: $REGISTRY_URL" + echo "Type: Insecure (no authentication required)" + echo "ℹī¸ Skipping registry login" + echo "" # Pull latest image from registry echo "=== Pulling latest Docker image ==="