admin/the-pet-loft
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): fix deploy-staging registry and buildx driver issues
Some checks failed
CI / Lint, Typecheck & Test (push) Successful in 2m6s
Details
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 2m56s
Details
Deploy — Staging / Build & push — admin (push) Failing after 3m7s
Details
Deploy — Staging / Build & push — storefront (push) Failing after 2m30s
Details
Deploy — Staging / Deploy to staging VPS (push) Has been skipped
Details

Browse Source 
- Remove top-level env.REGISTRY — Gitea does not expand secrets in
  workflow-level env blocks; reference secrets.STAGING_REGISTRY directly
- Add docker/setup-buildx-action with driver: docker to avoid the
  docker-container driver which requires --privileged on rootless Podman
- Update secret names comment to clarify STAGING_ prefix convention
  (Gitea has no environment-level secrets, so prefixes distinguish staging/prod)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
ianshaloom
2026-03-08 02:55:41 +03:00
parent 70b728a474
commit fc5f98541b
1 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.gitea/workflows/deploy-staging.yml
View File

@@ -5,11 +5,12 @@ on:
branches:
- staging
# STAGING_REGISTRY must include the owner segment, e.g. git.yourdomain.com:3000/myorg
# so images are correctly tagged as git.yourdomain.com:3000/myorg/storefront:staging
# (see: troubleshooting #8 — missing /owner causes a 500 from Gitea registry)
# Gitea Actions has no environment-level secrets (unlike GitHub Actions).
# Staging and production secrets live at repo level, distinguished by prefix.
# Production workflow uses the same names with PROD_ prefix.
# (see: troubleshooting #8 — REGISTRY must include the owner segment)
#
# Required secrets:
# Required secrets (repo → Settings → Secrets and Variables → Actions):
# STAGING_REGISTRY — host:port/owner (e.g. git.yourdomain.com:3000/myorg)
# STAGING_REGISTRY_USER — Gitea username
# STAGING_REGISTRY_TOKEN — Gitea personal access token (package:write scope)
@@ -24,9 +25,6 @@ on:
# apps/admin/Dockerfile
# Both receive ./out as build context (turbo prune output).
env:
REGISTRY: ${{ secrets.STAGING_REGISTRY }}
jobs:
# ── 1. CI ───────────────────────────────────────────────────────────────────
@@ -81,6 +79,14 @@ jobs:
- name: Prune workspace for ${{ matrix.app }}
run: npx turbo prune ${{ matrix.app }} --docker
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# docker-container driver spawns a privileged builder container which
# fails on rootless Podman. "docker" driver reuses the daemon directly.
# (see: troubleshooting #5)
driver: docker
- name: Authenticate with registry
# docker login sends HTTPS even for HTTP-only (insecure) registries, so it
# fails before the daemon can handle it. Pre-populating config.json bypasses
@@ -89,7 +95,7 @@ jobs:
run: |
mkdir -p ~/.docker
AUTH=$(echo -n "${{ secrets.STAGING_REGISTRY_USER }}:${{ secrets.STAGING_REGISTRY_TOKEN }}" | base64 -w 0)
REGISTRY_HOST=$(echo "${{ env.REGISTRY }}" | cut -d'/' -f1)
REGISTRY_HOST=$(echo "${{ secrets.STAGING_REGISTRY }}" | cut -d'/' -f1)
echo "{\"auths\":{\"${REGISTRY_HOST}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json
- name: Build & push ${{ matrix.app }}
@@ -98,7 +104,7 @@ jobs:
# which fails on rootless Podman without --privileged. (see: troubleshooting #5)
run: |
SHORT_SHA="${GITHUB_SHA::7}"
IMAGE="${{ env.REGISTRY }}/${{ matrix.app }}"
IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}"
docker build \
-f apps/${{ matrix.app }}/Dockerfile \