The auth Deployment in cartsnitch/infra (PR #83) references
ghcr.io/cartsnitch/auth:latest, but no CI job builds that image.
Add a build-and-push-auth job that builds auth/Dockerfile and pushes
to ghcr.io/cartsnitch/auth with the same CalVer + sha tagging scheme.
Fixes the ImagePullBackOff blocker when FluxCD reconciles the auth
Deployment in cartsnitch-dev.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The build-and-push job pulls nginx:stable-alpine from Docker Hub during
docker build. Anonymous pulls hit rate limits on self-hosted runners.
Add docker/login-action for Docker Hub using org secrets before the
build step (unconditional — needed for both PR and push builds).
Closes#22
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Tag container images with YYYY.MM.DD CalVer format on merge to main,
with build number suffix for same-day collisions. Creates matching
git tags (vYYYY.MM.DD). Retains latest tag as convenience alias.
GitHub issue: cartsnitch/infra#24
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The correct self-hosted ARC runner label is runners-cartsnitch, not
cartsnitch-runners. All CI jobs were failing because no runners
matched the old label.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
We push to GHCR only per infrastructure policy. The Docker Hub login
step was added in error and would fail since DOCKERHUB_USERNAME/TOKEN
secrets are not configured.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Confirmed secrets are length 0 from CI runners. Docker Hub auth
cannot work until secrets are properly scoped to these repos.
Refs: CAR-77
Co-Authored-By: Paperclip <noreply@paperclip.ing>
DOCKERHUB_USERNAME/DOCKERHUB_TOKEN secrets are not accessible from
the self-hosted runners. Remove credentials blocks and login steps
to avoid template validation failures. Docker Hub pulls will use
anonymous access.
Refs: CAR-77
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Docker Hub login step is now conditional on secret existence
to avoid failures when org secrets are not yet provisioned.
Refs: CAR-77
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Avoids Docker Hub 429 rate limits by pulling node:20-alpine and
nginx:stable-alpine from ghcr.io/cartsnitch/mirror/. GHCR login
now runs on all builds (not just main push) to authenticate pulls.
Ref: cartsnitch/infra#7, CAR-55
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The build-and-push job had an unconditional Docker Hub login step that
was failing because DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets are
not provisioned. Since we push images to GHCR (not Docker Hub), this
step is not needed.
Closescartsnitch/infra#5
Co-authored-by: deploy-debbie[bot] <268472978+deploy-debbie[bot]@users.noreply.github.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
The build-and-push job pulls node:20-alpine and nginx:stable-alpine from
Docker Hub during docker build. Without authentication these pulls hit
the unauthenticated rate limit, causing intermittent build failures.
Closes#8
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Barcode Betty
Savannah Savings