Chris Farhood
b172b6a319
Build: Production / build (push) Successful in 6m41s
Gitea's docker login is lenient and accepts the org name as a username at handshake time, but the per-scope token exchange that buildkit performs for blob operations needs to resolve a real user identity. Using admin (the user that owns REGISTRY_TOKEN) prevents 401s on blob HEAD requests during push. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
name: "Build: Production"
|
|
|
|
on:
|
|
push:
|
|
branches: [local]
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to Gitea Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: git.farh.net
|
|
username: admin
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
- name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: git.farh.net/farhoodlabs/paperclip
|
|
tags: |
|
|
type=sha,prefix=
|
|
type=semver,pattern={{version}}
|
|
type=raw,value=latest,enable=${{ startsWith(gitea.ref, 'refs/tags/v') }}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: .farhoodlabs/Dockerfile
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
no-cache: true
|