root/jukebox-vibe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: switch to rootless dind for insecure local registry

Browse source
This commit is contained in:
Bot 2026-03-02 00:14:50 +01:00
parent beb6dc3113
commit c957c68f62
1 changed files with 44 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

84
.gitlab-ci.yml
View file

@ -4,61 +4,65 @@ stages:
variables: variables:
REGISTRY_HOST: "10.10.10.10:5050" REGISTRY_HOST: "10.10.10.10:5050"
IMAGE_NAME: "$REGISTRY_HOST/$CI_PROJECT_PATH" IMAGE_NAME: "$REGISTRY_HOST/$CI_PROJECT_PATH"
DOCKER_HOST: "tcp://docker:2375"
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
# Force clone via IP instead of hostname to bypass Unraid Docker DNS issues # Force clone via IP instead of hostname to bypass Unraid Docker DNS issues
CI_SERVER_URL: "http://10.10.10.10:9080" CI_SERVER_URL: "http://10.10.10.10:9080"
GITLAB_FEATURES: "" GITLAB_FEATURES: ""
docker-build: docker-build:
stage: build stage: build
image: image: docker:24.0.5
name: gcr.io/kaniko-project/executor:v1.23.2-debug services:
entrypoint: [""] - name: docker:24.0.5-dind-rootless
alias: docker
command:
- "--insecure-registry=10.10.10.10:5050"
- "--tls=false"
rules: rules:
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH
before_script: before_script:
- mkdir -p /kaniko/.docker - docker info
- | - echo "$CI_REGISTRY_PASSWORD" | docker login "$REGISTRY_HOST" -u "$CI_REGISTRY_USER" --password-stdin
cat > /kaniko/.docker/config.json <<EOF
{
"auths": {
"$REGISTRY_HOST": {
"username": "$CI_REGISTRY_USER",
"password": "$CI_REGISTRY_PASSWORD"
}
}
}
EOF
script: script:
- | - |
if [ "$CI_COMMIT_REF_NAME" = "main" ]; then if [ "$CI_COMMIT_REF_NAME" = "main" ]; then
TAG="main" export TAG="main"
VERSION="1.1.0" export VERSION="1.1.0"
CHANNEL="stable" export CHANNEL="stable"
elif [ "$CI_COMMIT_REF_NAME" = "feature/nightly" ] || [ "$CI_COMMIT_REF_NAME" = "nightly" ]; then elif [ "$CI_COMMIT_REF_NAME" = "feature/nightly" ] || [ "$CI_COMMIT_REF_NAME" = "nightly" ]; then
TAG="nightly" export TAG="nightly"
VERSION="1.1.0-nightly" export VERSION="1.1.0-nightly"
CHANNEL="nightly" export CHANNEL="nightly"
else else
CLEAN_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/\//-/g') export CLEAN_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/\//-/g')
TAG="$CLEAN_TAG" export TAG="$CLEAN_TAG"
VERSION="1.1.0-dev" export VERSION="1.1.0-dev"
CHANNEL="dev" export CHANNEL="dev"
fi fi
DESTINATIONS="--destination=$IMAGE_NAME:$CI_COMMIT_SHA --destination=$IMAGE_NAME:$TAG" - 'echo "Building for channel $CHANNEL with version $VERSION and tag $TAG"'
- 'echo "Using registry image: $IMAGE_NAME"'
# Build
- docker pull $IMAGE_NAME:$TAG || true
- >
docker build
--cache-from $IMAGE_NAME:$TAG
--build-arg VITE_BUILD_CHANNEL=$CHANNEL
--build-arg VITE_APP_VERSION=$VERSION
-t $IMAGE_NAME:$CI_COMMIT_SHA
-t $IMAGE_NAME:$TAG
.
# Push
- docker push $IMAGE_NAME:$CI_COMMIT_SHA
- docker push $IMAGE_NAME:$TAG
# If main branch, also tag and push as latest
- |
if [ "$CI_COMMIT_REF_NAME" = "main" ]; then if [ "$CI_COMMIT_REF_NAME" = "main" ]; then
DESTINATIONS="$DESTINATIONS --destination=$IMAGE_NAME:latest" docker tag $IMAGE_NAME:$TAG $IMAGE_NAME:latest
docker push $IMAGE_NAME:latest
fi fi
echo "Building for channel $CHANNEL with version $VERSION and tag $TAG"
echo "Using registry image: $IMAGE_NAME"
/kaniko/executor \
--context "$CI_PROJECT_DIR" \
--dockerfile "$CI_PROJECT_DIR/Dockerfile" \
--build-arg "VITE_BUILD_CHANNEL=$CHANNEL" \
--build-arg "VITE_APP_VERSION=$VERSION" \
--insecure \
--insecure-registry "$REGISTRY_HOST" \
--skip-tls-verify-registry "$REGISTRY_HOST" \
$DESTINATIONS