tangled.org / knot-docker
Community maintained Docker config for the knot server
fork atom

policy config

knotbin.com b03e02c0 158f2271

publish.yml
+53 -8
unified split
+53 -8
.tangled/workflows/publish.yml
··· 50 50 # Suppress buildah user warnings in CI environment 51 51 export BUILDAH_ISOLATION=chroot 52 52 export XDG_RUNTIME_DIR=/tmp/buildah-runtime 53 + export BUILDAH_LOG_LEVEL=warn 54 + export BUILDAH_QUIET=1 53 55 mkdir -p $XDG_RUNTIME_DIR 54 56 55 57 # Create a new container from alpine ··· 102 104 103 105 - name: "Convert buildah image to Docker format and push" 104 106 command: | 107 + # Suppress buildah user warnings in CI environment 108 + export BUILDAH_ISOLATION=chroot 109 + export XDG_RUNTIME_DIR=/tmp/buildah-runtime 110 + export BUILDAH_LOG_LEVEL=warn 111 + export BUILDAH_QUIET=1 112 + mkdir -p $XDG_RUNTIME_DIR 113 + 105 114 # Source the environment 106 115 source ~/.bashrc || true 107 116 if [ -n "$TANGLED_ENV_FILE" ] && [ -f "$TANGLED_ENV_FILE" ]; then ··· 118 127 exit 1 119 128 fi 120 129 121 - # Export buildah image to docker format 122 - buildah push localhost/$DOCKER_USERNAME/$DOCKER_REPO:$TAG docker-archive:image-$TAG.tar 123 - buildah push localhost/$DOCKER_USERNAME/$DOCKER_REPO:latest docker-archive:image-latest.tar 130 + # Create skopeo trust policy file 131 + mkdir -p ~/.config/containers /etc/containers 132 + cat > ~/.config/containers/policy.json << EOF 133 + { 134 + "default": [ 135 + { 136 + "type": "insecureAcceptAnything" 137 + } 138 + ], 139 + "transports": { 140 + "docker-daemon": { 141 + "": [ 142 + { 143 + "type": "insecureAcceptAnything" 144 + } 145 + ] 146 + } 147 + } 148 + } 149 + EOF 150 + cp ~/.config/containers/policy.json /etc/containers/policy.json 2>/dev/null || true 151 + 152 + echo "Exporting buildah images to Docker format..." 153 + buildah push localhost/$DOCKER_USERNAME/$DOCKER_REPO:$TAG docker-archive:image-$TAG.tar || { 154 + echo "Failed to export $TAG image" 155 + exit 1 156 + } 157 + buildah push localhost/$DOCKER_USERNAME/$DOCKER_REPO:latest docker-archive:image-latest.tar || { 158 + echo "Failed to export latest image" 159 + exit 1 160 + } 124 161 125 - # Use skopeo to push to Docker Hub with proper login 126 162 echo "Logging in to Docker Hub..." 127 - echo "$DOCKER_PASSWORD" | skopeo login docker.io -u "$DOCKER_USERNAME" --password-stdin 163 + echo "$DOCKER_PASSWORD" | skopeo login docker.io -u "$DOCKER_USERNAME" --password-stdin || { 164 + echo "Failed to login to Docker Hub" 165 + exit 1 166 + } 128 167 129 168 echo "Pushing image: $DOCKER_USERNAME/$DOCKER_REPO:$TAG" 130 169 131 170 # Push the tagged image 132 171 skopeo copy \ 133 172 docker-archive:image-$TAG.tar \ 134 - docker://docker.io/$DOCKER_USERNAME/$DOCKER_REPO:$TAG 173 + docker://docker.io/$DOCKER_USERNAME/$DOCKER_REPO:$TAG || { 174 + echo "Failed to push $TAG image" 175 + exit 1 176 + } 135 177 136 178 # Push as latest 137 179 skopeo copy \ 138 180 docker-archive:image-latest.tar \ 139 - docker://docker.io/$DOCKER_USERNAME/$DOCKER_REPO:latest 181 + docker://docker.io/$DOCKER_USERNAME/$DOCKER_REPO:latest || { 182 + echo "Failed to push latest image" 183 + exit 1 184 + } 140 185 141 - echo "Successfully pushed both $TAG and latest tags" 186 + echo "Successfully pushed both $TAG and latest tags to Docker Hub" 142 187 143 188 environment: 144 189 GIT_COMMIT: "${CI_COMMIT_SHA}"