fix(ci): use --load + docker push instead of --push for HTTP registry
Some checks failed
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 2m8s
Deploy — Staging / Build & push — admin (push) Successful in 1m22s
Deploy — Staging / Build & push — storefront (push) Failing after 1m35s
Deploy — Staging / Deploy to staging VPS (push) Has been skipped
Some checks failed
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 2m8s
Deploy — Staging / Build & push — admin (push) Successful in 1m22s
Deploy — Staging / Build & push — storefront (push) Failing after 1m35s
Deploy — Staging / Deploy to staging VPS (push) Has been skipped
docker build --push uses buildkit's internal push which connects directly to the registry over HTTPS, bypassing the Podman daemon. Since the Gitea registry is HTTP-only, this fails with "server gave HTTP response to HTTPS client". Switch to --load (exports image into Podman daemon) then docker push (goes through the daemon which has insecure=true in registries.conf → uses HTTP). Tag the SHA variant with docker tag before pushing both. Also: - Add NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME ARG/ENV to admin Dockerfile - Add STAGING_ prefix note to both Dockerfiles builder stage - Add STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME to workflow env and pass it as --build-arg for admin builds only Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -101,9 +101,11 @@ jobs:
|
||||
echo "{\"auths\":{\"${REGISTRY_HOST}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json
|
||||
|
||||
- name: Build & push ${{ matrix.app }}
|
||||
# Uses --push to push directly during build, which avoids the "No output
|
||||
# specified with docker-container driver" warning that appears when using
|
||||
# a separate docker push step without --load. (see: troubleshooting #5)
|
||||
# --push bypasses the Podman daemon and uses buildkit's internal HTTPS push,
|
||||
# which fails for HTTP-only registries. Instead:
|
||||
# 1. --load loads the image into the Podman daemon after build
|
||||
# 2. docker push goes through the daemon, which has insecure=true in
|
||||
# registries.conf and correctly uses HTTP. (see: troubleshooting #7, #12)
|
||||
#
|
||||
# Each app has its own Clerk instance so the publishable key differs.
|
||||
# NEXT_PUBLIC_* vars must be baked in at build time — Next.js prerender
|
||||
@@ -126,9 +128,8 @@ jobs:
|
||||
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
|
||||
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
|
||||
--build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \
|
||||
--load \
|
||||
-t "${IMAGE}:staging" \
|
||||
-t "${IMAGE}:sha-${SHORT_SHA}" \
|
||||
--push \
|
||||
./out
|
||||
else
|
||||
CLERK_KEY="$STOREFRONT_CLERK_KEY"
|
||||
@@ -136,12 +137,15 @@ jobs:
|
||||
-f apps/storefront/Dockerfile \
|
||||
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
|
||||
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
|
||||
--load \
|
||||
-t "${IMAGE}:staging" \
|
||||
-t "${IMAGE}:sha-${SHORT_SHA}" \
|
||||
--push \
|
||||
./out
|
||||
fi
|
||||
|
||||
docker tag "${IMAGE}:staging" "${IMAGE}:sha-${SHORT_SHA}"
|
||||
docker push "${IMAGE}:staging"
|
||||
docker push "${IMAGE}:sha-${SHORT_SHA}"
|
||||
|
||||
# ── 3. Deploy ───────────────────────────────────────────────────────────────
|
||||
|
||||
deploy:
|
||||
|
||||
Reference in New Issue
Block a user