🧪 support for insecure registry on CICD
Some checks failed
Build and Deploy Next.js Blog to Production / 🔍 Code Quality Checks (push) Successful in 10m17s
Build and Deploy Next.js Blog to Production / 🚀 Deploy to Production (push) Has been cancelled
Build and Deploy Next.js Blog to Production / 🏗️ Build and Push Docker Image (push) Has been cancelled
Some checks failed
Build and Deploy Next.js Blog to Production / 🔍 Code Quality Checks (push) Successful in 10m17s
Build and Deploy Next.js Blog to Production / 🚀 Deploy to Production (push) Has been cancelled
Build and Deploy Next.js Blog to Production / 🏗️ Build and Push Docker Image (push) Has been cancelled
This commit is contained in:
RJ
@@ -15,6 +15,14 @@
|
|||||||
# Environment Variables (configured below):
|
# Environment Variables (configured below):
|
||||||
# - REGISTRY: Docker registry URL
|
# - REGISTRY: Docker registry URL
|
||||||
# - IMAGE_NAME: Docker image name
|
# - IMAGE_NAME: Docker image name
|
||||||
|
#
|
||||||
|
# Docker Registry Authentication Strategy:
|
||||||
|
# - Registry login is OPTIONAL and conditional
|
||||||
|
# - Login only attempted if REGISTRY_USERNAME and REGISTRY_PASSWORD are configured
|
||||||
|
# - Login failures are logged but do NOT fail the workflow
|
||||||
|
# - Insecure/private registries (e.g., repository.workspace:5000) work without authentication
|
||||||
|
# - If push/pull fails due to auth, the workflow will fail at that point (not at login)
|
||||||
|
# - This approach supports both authenticated and insecure registries without workflow changes
|
||||||
|
|
||||||
name: Build and Deploy Next.js Blog to Production
|
name: Build and Deploy Next.js Blog to Production
|
||||||
|
|
||||||
@@ -84,14 +92,20 @@ jobs:
|
|||||||
- name: 🔎 Checkout code
|
- name: 🔎 Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
# Optional: Only needed if registry requires authentication
|
||||||
|
# For insecure/private registries (e.g., repository.workspace:5000), login is not required
|
||||||
|
# Credentials are checked before attempting login to avoid unnecessary failures
|
||||||
- name: 🔐 Log in to Docker Registry (if credentials provided)
|
- name: 🔐 Log in to Docker Registry (if credentials provided)
|
||||||
run: |
|
run: |
|
||||||
if [ -n "${{ secrets.REGISTRY_USERNAME }}" ] && [ -n "${{ secrets.REGISTRY_PASSWORD }}" ]; then
|
if [ -n "${{ secrets.REGISTRY_USERNAME }}" ] && [ -n "${{ secrets.REGISTRY_PASSWORD }}" ]; then
|
||||||
echo "Logging into ${{ env.REGISTRY }} with credentials..."
|
echo "Logging into ${{ env.REGISTRY }} with credentials..."
|
||||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
|
if echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin 2>/dev/null; then
|
||||||
echo "✅ Login successful"
|
echo "✅ Login successful"
|
||||||
else
|
else
|
||||||
echo "⚠️ No registry credentials provided - using insecure/public registry"
|
echo "⚠️ Login failed, continuing anyway (registry might not require auth)"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "⚠️ No registry credentials provided - using insecure/public registry (no login required)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: 🏗️ Build Docker image
|
- name: 🏗️ Build Docker image
|
||||||
@@ -146,6 +160,9 @@ jobs:
|
|||||||
- name: 🔎 Checkout code (for docker-compose file)
|
- name: 🔎 Checkout code (for docker-compose file)
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
# Optional: Validate registry access if authentication is configured
|
||||||
|
# For insecure registries, this step only logs status without failing workflow
|
||||||
|
# Actual registry access is tested during image pull in deployment step
|
||||||
- name: 🔐 Validate Registry Access on Production Server
|
- name: 🔐 Validate Registry Access on Production Server
|
||||||
uses: appleboy/ssh-action@v1.0.3
|
uses: appleboy/ssh-action@v1.0.3
|
||||||
env:
|
env:
|
||||||
@@ -162,13 +179,14 @@ jobs:
|
|||||||
echo "=== Validating Docker Registry access ==="
|
echo "=== Validating Docker Registry access ==="
|
||||||
if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
|
if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
|
||||||
echo "Logging into $REGISTRY_URL with credentials..."
|
echo "Logging into $REGISTRY_URL with credentials..."
|
||||||
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin
|
if echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin 2>/dev/null; then
|
||||||
echo "✅ Registry authentication successful"
|
echo "✅ Registry authentication successful"
|
||||||
else
|
else
|
||||||
echo "⚠️ No registry credentials - using insecure/public registry"
|
echo "⚠️ Login failed - registry might not require authentication"
|
||||||
echo "Testing registry connectivity..."
|
fi
|
||||||
curl -f "http://$REGISTRY_URL/v2/" || { echo "❌ Registry not accessible"; exit 1; }
|
else
|
||||||
echo "✅ Registry is accessible"
|
echo "⚠️ No registry credentials configured - using insecure/public registry"
|
||||||
|
echo "ℹ️ Registry connectivity will be validated during image pull"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: 📁 Ensure application directory structure
|
- name: 📁 Ensure application directory structure
|
||||||
@@ -220,6 +238,7 @@ jobs:
|
|||||||
- name: 🐳 Deploy application via Docker Compose
|
- name: 🐳 Deploy application via Docker Compose
|
||||||
uses: appleboy/ssh-action@v1.0.3
|
uses: appleboy/ssh-action@v1.0.3
|
||||||
env:
|
env:
|
||||||
|
# Optional: only needed if registry requires authentication
|
||||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD || '' }}
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD || '' }}
|
||||||
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME || '' }}
|
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME || '' }}
|
||||||
REGISTRY_URL: ${{ env.REGISTRY }}
|
REGISTRY_URL: ${{ env.REGISTRY }}
|
||||||
@@ -235,11 +254,15 @@ jobs:
|
|||||||
echo "=== Starting deployment to production server ==="
|
echo "=== Starting deployment to production server ==="
|
||||||
cd /opt/mypage
|
cd /opt/mypage
|
||||||
|
|
||||||
# Log in to Docker registry (if credentials are configured)
|
# Log in to Docker registry (skip if credentials not configured)
|
||||||
|
# For insecure/private registries (repository.workspace:5000), login is optional
|
||||||
if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
|
if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
|
||||||
echo "=== Logging in to Docker registry ==="
|
echo "=== Logging in to Docker registry ==="
|
||||||
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin
|
if echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin 2>/dev/null; then
|
||||||
echo "✅ Registry login successful"
|
echo "✅ Registry login successful"
|
||||||
|
else
|
||||||
|
echo "⚠️ Login failed - continuing anyway (registry might not require auth)"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
echo "⚠️ No registry credentials - using insecure/public registry (no login required)"
|
echo "⚠️ No registry credentials - using insecure/public registry (no login required)"
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user