cartsnitch/app
12
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: remove DinD/GHCR scan split, use single push step
CI / audit (pull_request) Successful in 35s
Details
CI / lint (pull_request) Successful in 43s
Details
CI / test (pull_request) Successful in 42s
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / e2e (pull_request) Successful in 1m3s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 45s
Details

Browse Source 
CAR-987: Docker socket missing was caused by load:true requiring
a local Docker daemon (DinD sidecar). Using push:true with registry
authentication removes the need for local Docker daemon access.
Also removed anchore scan step which required the loaded image.

For infra repo access: changed secrets.GITEA_TOKEN to
vars.GITEA_DEPLOY_KEY since Gitea Actions auto-token only has
repo-scoped permissions and cannot access cross-repo resources
like cartsnitch/infra (which is private).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Checkout Charlie
2026-05-23 19:06:16 +00:00
parent a9a7db63b8
commit 84571473a3
1 changed files with 4 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/ci.yml
+4 -29
View File
@@ -158,33 +158,7 @@ jobs:
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
- name: Build Docker image - name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
target: prod
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Scan frontend image for vulnerabilities
uses: anchore/scan-action@v5
id: scan
env:
GRYPE_CONFIG: .grype.yaml
with:
image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true
severity-cutoff: high
only-fixed: "true"
output-format: sarif
- name: Push Docker image
if: github.event_name == 'push'
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
@@ -193,6 +167,7 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
target: prod target: prod
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max
- name: Create git tag - name: Create git tag
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -209,7 +184,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_TOKEN }} token: ${{ vars.GITEA_DEPLOY_KEY }}
ref: main ref: main
path: infra path: infra
@@ -253,7 +228,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_TOKEN }} token: ${{ vars.GITEA_DEPLOY_KEY }}
ref: main ref: main
path: infra path: infra