diff --git a/.gitea/workflows/deploy-staging.yml b/.gitea/workflows/deploy-staging.yml index e521700..82669ee 100644 --- a/.gitea/workflows/deploy-staging.yml +++ b/.gitea/workflows/deploy-staging.yml @@ -101,9 +101,11 @@ jobs: echo "{\"auths\":{\"${REGISTRY_HOST}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json - name: Build & push ${{ matrix.app }} - # Uses --push to push directly during build, which avoids the "No output - # specified with docker-container driver" warning that appears when using - # a separate docker push step without --load. (see: troubleshooting #5) + # --push bypasses the Podman daemon and uses buildkit's internal HTTPS push, + # which fails for HTTP-only registries. Instead: + # 1. --load loads the image into the Podman daemon after build + # 2. docker push goes through the daemon, which has insecure=true in + # registries.conf and correctly uses HTTP. (see: troubleshooting #7, #12) # # Each app has its own Clerk instance so the publishable key differs. # NEXT_PUBLIC_* vars must be baked in at build time — Next.js prerender @@ -126,9 +128,8 @@ jobs: --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \ --build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \ --build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \ + --load \ -t "${IMAGE}:staging" \ - -t "${IMAGE}:sha-${SHORT_SHA}" \ - --push \ ./out else CLERK_KEY="$STOREFRONT_CLERK_KEY" @@ -136,12 +137,15 @@ jobs: -f apps/storefront/Dockerfile \ --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \ --build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \ + --load \ -t "${IMAGE}:staging" \ - -t "${IMAGE}:sha-${SHORT_SHA}" \ - --push \ ./out fi + docker tag "${IMAGE}:staging" "${IMAGE}:sha-${SHORT_SHA}" + docker push "${IMAGE}:staging" + docker push "${IMAGE}:sha-${SHORT_SHA}" + # ── 3. Deploy ─────────────────────────────────────────────────────────────── deploy: