REFACTOR(ci): simplify to kaniko direct push

- Remove crane container and use kaniko direct push - Mount dockerconfigjson secret for registry auth - Fix zot manifest compatibility issue
2026-01-10 23:04:50 +09:00
parent 2dfd4d3d76
commit 551726823b
1 changed files with 10 additions and 33 deletions
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -29,48 +29,25 @@ jobs:
            backoffLimit: 0
            template:
              spec:
-                initContainers:
+                containers:
                - name: kaniko
                  image: gcr.io/kaniko-project/executor:latest
                  args:
                  - "--context=git://github0213.com/Mayne0213/jovies.git#refs/heads/main"
                  - "--context-sub-path=nextjs"
                  - "--dockerfile=Dockerfile"
-                  - "--no-push"
-                  - "--tar-path=/workspace/image.tar"
+                  - "--destination=${REGISTRY}/${IMAGE_NAME}:latest"
+                  - "--destination=${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}"
                  volumeMounts:
-                  - name: workspace
-                    mountPath: /workspace
-                containers:
-                - name: crane
-                  image: gcr.io/go-containerregistry/crane:debug
-                  command: ["/busybox/sh", "-exc"]
-                  args:
-                  - |
-                    echo "Pushing image to ${REGISTRY}/${IMAGE_NAME}..."
-                    ls -la /workspace/
-                    crane auth login ${REGISTRY} -u \$(cat /secrets/username) -p \$(cat /secrets/password)
-                    crane push /workspace/image.tar ${REGISTRY}/${IMAGE_NAME}:latest
-                    crane push /workspace/image.tar ${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}
-                    echo "Done!"
-                  env:
-                  - name: REGISTRY
-                    value: "${REGISTRY}"
-                  - name: IMAGE_NAME
-                    value: "${IMAGE_NAME}"
-                  - name: GITHUB_SHA
-                    value: "${GITHUB_SHA}"
-                  volumeMounts:
-                  - name: workspace
-                    mountPath: /workspace
-                  - name: zot-creds
-                    mountPath: /secrets
+                  - name: docker-config
+                    mountPath: /kaniko/.docker
                volumes:
-                - name: workspace
-                  emptyDir: {}
-                - name: zot-creds
+                - name: docker-config
                  secret:
-                    secretName: zot-registry-credentials-plain
+                    secretName: zot-registry-credentials
+                    items:
+                    - key: .dockerconfigjson
+                      path: config.json
                restartPolicy: Never
          EOF