From 9e2278c7403d02c5545fb0772046c96abed602ef Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Sat, 10 Jan 2026 22:09:56 +0900 Subject: [PATCH] fix: use crane for OCI-compatible push to Zot --- .gitea/workflows/build-push.yaml | 54 ++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 16 deletions(-) diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml index 775c2f1..1fd9787 100644 --- a/.gitea/workflows/build-push.yaml +++ b/.gitea/workflows/build-push.yaml @@ -13,7 +13,7 @@ jobs: build-and-push: runs-on: k3s-home steps: - - name: Create Kaniko Job + - name: Create Build Job run: | JOB_NAME="kaniko-jovies-$(echo $GITHUB_SHA | cut -c1-7)" echo "Creating Kaniko Job: $JOB_NAME" @@ -25,44 +25,66 @@ jobs: name: $JOB_NAME namespace: gitea spec: - ttlSecondsAfterFinished: 300 + ttlSecondsAfterFinished: 600 backoffLimit: 0 template: spec: - containers: + initContainers: - name: kaniko image: gcr.io/kaniko-project/executor:latest args: - "--context=git://github0213.com/Mayne0213/jovies.git#refs/heads/main" - "--context-sub-path=nextjs" - "--dockerfile=Dockerfile" - - "--destination=${REGISTRY}/${IMAGE_NAME}:latest" - - "--destination=${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}" + - "--no-push" + - "--tar-path=/workspace/image.tar" volumeMounts: - - name: docker-config - mountPath: /kaniko/.docker + - name: workspace + mountPath: /workspace + containers: + - name: crane + image: gcr.io/go-containerregistry/crane:latest + command: ["/bin/sh", "-c"] + args: + - | + echo "Pushing image to ${REGISTRY}/${IMAGE_NAME}..." + crane auth login ${REGISTRY} -u \$(cat /secrets/username) -p \$(cat /secrets/password) + crane push /workspace/image.tar ${REGISTRY}/${IMAGE_NAME}:latest + crane push /workspace/image.tar ${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA} + echo "Done!" + env: + - name: REGISTRY + value: "${REGISTRY}" + - name: IMAGE_NAME + value: "${IMAGE_NAME}" + - name: GITHUB_SHA + value: "${GITHUB_SHA}" + volumeMounts: + - name: workspace + mountPath: /workspace + - name: zot-creds + mountPath: /secrets volumes: - - name: docker-config + - name: workspace + emptyDir: {} + - name: zot-creds secret: - secretName: zot-registry-credentials - items: - - key: .dockerconfigjson - path: config.json + secretName: zot-registry-credentials-plain restartPolicy: Never EOF - - name: Wait for Kaniko Job + - name: Wait for Build Job run: | JOB_NAME="kaniko-jovies-$(echo $GITHUB_SHA | cut -c1-7)" echo "Waiting for Job: $JOB_NAME" - if ! kubectl wait --for=condition=complete job/$JOB_NAME -n gitea --timeout=600s; then + if ! kubectl wait --for=condition=complete job/$JOB_NAME -n gitea --timeout=900s; then echo "Job failed. Logs:" - kubectl logs job/$JOB_NAME -n gitea + kubectl logs job/$JOB_NAME -n gitea --all-containers exit 1 fi - echo "Build completed successfully!" + echo "Build and push completed successfully!" - name: Cleanup if: always()