fix: use crane for OCI-compatible push to Zot

.gitea/workflows/build-push.yaml

@@ -13,7 +13,7 @@ jobs:
   build-and-push:
     runs-on: k3s-home
     steps:
-      - name: Create Kaniko Job
+      - name: Create Build Job
         run: |
           JOB_NAME="kaniko-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
           echo "Creating Kaniko Job: $JOB_NAME"
@@ -25,44 +25,66 @@ jobs:
             name: $JOB_NAME
             namespace: gitea
           spec:
-            ttlSecondsAfterFinished: 300
+            ttlSecondsAfterFinished: 600
             backoffLimit: 0
             template:
               spec:
-                containers:
+                initContainers:
                 - name: kaniko
                   image: gcr.io/kaniko-project/executor:latest
                   args:
                   - "--context=git://github0213.com/Mayne0213/jovies.git#refs/heads/main"
                   - "--context-sub-path=nextjs"
                   - "--dockerfile=Dockerfile"
-                  - "--destination=${REGISTRY}/${IMAGE_NAME}:latest"
-                  - "--destination=${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}"
+                  - "--no-push"
+                  - "--tar-path=/workspace/image.tar"
                   volumeMounts:
-                  - name: docker-config
-                    mountPath: /kaniko/.docker
+                  - name: workspace
+                    mountPath: /workspace
+                containers:
+                - name: crane
+                  image: gcr.io/go-containerregistry/crane:latest
+                  command: ["/bin/sh", "-c"]
+                  args:
+                  - |
+                    echo "Pushing image to ${REGISTRY}/${IMAGE_NAME}..."
+                    crane auth login ${REGISTRY} -u \$(cat /secrets/username) -p \$(cat /secrets/password)
+                    crane push /workspace/image.tar ${REGISTRY}/${IMAGE_NAME}:latest
+                    crane push /workspace/image.tar ${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}
+                    echo "Done!"
+                  env:
+                  - name: REGISTRY
+                    value: "${REGISTRY}"
+                  - name: IMAGE_NAME
+                    value: "${IMAGE_NAME}"
+                  - name: GITHUB_SHA
+                    value: "${GITHUB_SHA}"
+                  volumeMounts:
+                  - name: workspace
+                    mountPath: /workspace
+                  - name: zot-creds
+                    mountPath: /secrets
                 volumes:
-                - name: docker-config
+                - name: workspace
+                  emptyDir: {}
+                - name: zot-creds
                   secret:
-                    secretName: zot-registry-credentials
-                    items:
-                    - key: .dockerconfigjson
-                      path: config.json
+                    secretName: zot-registry-credentials-plain
                 restartPolicy: Never
           EOF
 
-      - name: Wait for Kaniko Job
+      - name: Wait for Build Job
         run: |
           JOB_NAME="kaniko-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
           echo "Waiting for Job: $JOB_NAME"
 
-          if ! kubectl wait --for=condition=complete job/$JOB_NAME -n gitea --timeout=600s; then
+          if ! kubectl wait --for=condition=complete job/$JOB_NAME -n gitea --timeout=900s; then
             echo "Job failed. Logs:"
-            kubectl logs job/$JOB_NAME -n gitea
+            kubectl logs job/$JOB_NAME -n gitea --all-containers
             exit 1
           fi
 
-          echo "Build completed successfully!"
+          echo "Build and push completed successfully!"
 
       - name: Cleanup
         if: always()