admin/the-pet-loft
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): use --load + docker push instead of --push for HTTP registry
Some checks failed
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 2m8s
Details
Deploy — Staging / Build & push — admin (push) Successful in 1m22s
Details
Deploy — Staging / Build & push — storefront (push) Failing after 1m35s
Details
Deploy — Staging / Deploy to staging VPS (push) Has been skipped
Details

Browse Source 
docker build --push uses buildkit's internal push which connects directly
to the registry over HTTPS, bypassing the Podman daemon. Since the Gitea
registry is HTTP-only, this fails with "server gave HTTP response to HTTPS client".

Switch to --load (exports image into Podman daemon) then docker push (goes
through the daemon which has insecure=true in registries.conf → uses HTTP).
Tag the SHA variant with docker tag before pushing both.

Also:
- Add NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME ARG/ENV to admin Dockerfile
- Add STAGING_ prefix note to both Dockerfiles builder stage
- Add STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME to workflow env and
  pass it as --build-arg for admin builds only

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
ianshaloom
2026-03-08 04:14:47 +03:00
parent 6b63cbb6cd
commit 829fec9ac1
1 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.gitea/workflows/deploy-staging.yml
View File

@@ -101,9 +101,11 @@ jobs:
echo "{\"auths\":{\"${REGISTRY_HOST}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json echo "{\"auths\":{\"${REGISTRY_HOST}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json
- name: Build & push ${{ matrix.app }} - name: Build & push ${{ matrix.app }}
# Uses --push to push directly during build, which avoids the "No output # --push bypasses the Podman daemon and uses buildkit's internal HTTPS push,
# specified with docker-container driver" warning that appears when using # which fails for HTTP-only registries. Instead:
# a separate docker push step without --load. (see: troubleshooting #5) # 1. --load loads the image into the Podman daemon after build
# 2. docker push goes through the daemon, which has insecure=true in
# registries.conf and correctly uses HTTP. (see: troubleshooting #7, #12)
# #
# Each app has its own Clerk instance so the publishable key differs. # Each app has its own Clerk instance so the publishable key differs.
# NEXT_PUBLIC_* vars must be baked in at build time — Next.js prerender # NEXT_PUBLIC_* vars must be baked in at build time — Next.js prerender
@@ -126,9 +128,8 @@ jobs:
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \ --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \ --build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
--build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \ --build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \
--load \
-t "${IMAGE}:staging" \ -t "${IMAGE}:staging" \
-t "${IMAGE}:sha-${SHORT_SHA}" \
--push \
./out ./out
else else
CLERK_KEY="$STOREFRONT_CLERK_KEY" CLERK_KEY="$STOREFRONT_CLERK_KEY"
@@ -136,12 +137,15 @@ jobs:
-f apps/storefront/Dockerfile \ -f apps/storefront/Dockerfile \
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \ --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \ --build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
--load \
-t "${IMAGE}:staging" \ -t "${IMAGE}:staging" \
-t "${IMAGE}:sha-${SHORT_SHA}" \
--push \
./out ./out
fi fi
docker tag "${IMAGE}:staging" "${IMAGE}:sha-${SHORT_SHA}"
docker push "${IMAGE}:staging"
docker push "${IMAGE}:sha-${SHORT_SHA}"
# ── 3. Deploy ─────────────────────────────────────────────────────────────── # ── 3. Deploy ───────────────────────────────────────────────────────────────
deploy: deploy: