🧪 support for insecure registry on CICD
Some checks failed
Build and Deploy Next.js Blog to Production / 🔍 Code Quality Checks (push) Successful in 10m17s
Build and Deploy Next.js Blog to Production / 🚀 Deploy to Production (push) Has been cancelled
Build and Deploy Next.js Blog to Production / 🏗️ Build and Push Docker Image (push) Has been cancelled
Some checks failed
Build and Deploy Next.js Blog to Production / 🔍 Code Quality Checks (push) Successful in 10m17s
Build and Deploy Next.js Blog to Production / 🚀 Deploy to Production (push) Has been cancelled
Build and Deploy Next.js Blog to Production / 🏗️ Build and Push Docker Image (push) Has been cancelled
This commit is contained in:
RJ
@@ -15,6 +15,14 @@
|
||||
# Environment Variables (configured below):
|
||||
# - REGISTRY: Docker registry URL
|
||||
# - IMAGE_NAME: Docker image name
|
||||
#
|
||||
# Docker Registry Authentication Strategy:
|
||||
# - Registry login is OPTIONAL and conditional
|
||||
# - Login only attempted if REGISTRY_USERNAME and REGISTRY_PASSWORD are configured
|
||||
# - Login failures are logged but do NOT fail the workflow
|
||||
# - Insecure/private registries (e.g., repository.workspace:5000) work without authentication
|
||||
# - If push/pull fails due to auth, the workflow will fail at that point (not at login)
|
||||
# - This approach supports both authenticated and insecure registries without workflow changes
|
||||
|
||||
name: Build and Deploy Next.js Blog to Production
|
||||
|
||||
@@ -84,14 +92,20 @@ jobs:
|
||||
- name: 🔎 Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# Optional: Only needed if registry requires authentication
|
||||
# For insecure/private registries (e.g., repository.workspace:5000), login is not required
|
||||
# Credentials are checked before attempting login to avoid unnecessary failures
|
||||
- name: 🔐 Log in to Docker Registry (if credentials provided)
|
||||
run: |
|
||||
if [ -n "${{ secrets.REGISTRY_USERNAME }}" ] && [ -n "${{ secrets.REGISTRY_PASSWORD }}" ]; then
|
||||
echo "Logging into ${{ env.REGISTRY }} with credentials..."
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
|
||||
if echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin 2>/dev/null; then
|
||||
echo "✅ Login successful"
|
||||
else
|
||||
echo "⚠️ No registry credentials provided - using insecure/public registry"
|
||||
echo "⚠️ Login failed, continuing anyway (registry might not require auth)"
|
||||
fi
|
||||
else
|
||||
echo "⚠️ No registry credentials provided - using insecure/public registry (no login required)"
|
||||
fi
|
||||
|
||||
- name: 🏗️ Build Docker image
|
||||
@@ -146,6 +160,9 @@ jobs:
|
||||
- name: 🔎 Checkout code (for docker-compose file)
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# Optional: Validate registry access if authentication is configured
|
||||
# For insecure registries, this step only logs status without failing workflow
|
||||
# Actual registry access is tested during image pull in deployment step
|
||||
- name: 🔐 Validate Registry Access on Production Server
|
||||
uses: appleboy/ssh-action@v1.0.3
|
||||
env:
|
||||
@@ -162,13 +179,14 @@ jobs:
|
||||
echo "=== Validating Docker Registry access ==="
|
||||
if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
|
||||
echo "Logging into $REGISTRY_URL with credentials..."
|
||||
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin
|
||||
if echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin 2>/dev/null; then
|
||||
echo "✅ Registry authentication successful"
|
||||
else
|
||||
echo "⚠️ No registry credentials - using insecure/public registry"
|
||||
echo "Testing registry connectivity..."
|
||||
curl -f "http://$REGISTRY_URL/v2/" || { echo "❌ Registry not accessible"; exit 1; }
|
||||
echo "✅ Registry is accessible"
|
||||
echo "⚠️ Login failed - registry might not require authentication"
|
||||
fi
|
||||
else
|
||||
echo "⚠️ No registry credentials configured - using insecure/public registry"
|
||||
echo "ℹ️ Registry connectivity will be validated during image pull"
|
||||
fi
|
||||
|
||||
- name: 📁 Ensure application directory structure
|
||||
@@ -220,6 +238,7 @@ jobs:
|
||||
- name: 🐳 Deploy application via Docker Compose
|
||||
uses: appleboy/ssh-action@v1.0.3
|
||||
env:
|
||||
# Optional: only needed if registry requires authentication
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD || '' }}
|
||||
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME || '' }}
|
||||
REGISTRY_URL: ${{ env.REGISTRY }}
|
||||
@@ -235,11 +254,15 @@ jobs:
|
||||
echo "=== Starting deployment to production server ==="
|
||||
cd /opt/mypage
|
||||
|
||||
# Log in to Docker registry (if credentials are configured)
|
||||
# Log in to Docker registry (skip if credentials not configured)
|
||||
# For insecure/private registries (repository.workspace:5000), login is optional
|
||||
if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
|
||||
echo "=== Logging in to Docker registry ==="
|
||||
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin
|
||||
if echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin 2>/dev/null; then
|
||||
echo "✅ Registry login successful"
|
||||
else
|
||||
echo "⚠️ Login failed - continuing anyway (registry might not require auth)"
|
||||
fi
|
||||
else
|
||||
echo "⚠️ No registry credentials - using insecure/public registry (no login required)"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user