Log into different registry for pulling and pushing
This commit is contained in:
Samuel Aubertin
@@ -25,40 +25,11 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Show variables and secrets
|
|
||||||
run: |
|
|
||||||
echo "HELLO_SECRET: ${HELLO_SECRET}"
|
|
||||||
echo "CI_GREETING: ${CI_GREETING}"
|
|
||||||
echo "REGISTRY_HOST: ${REGISTRY_HOST}"
|
|
||||||
echo "IMAGE_NAMESPACE: ${IMAGE_NAMESPACE}"
|
|
||||||
echo "IMAGE_NAME: ${IMAGE_NAME}"
|
|
||||||
env:
|
|
||||||
HELLO_SECRET: ${{ secrets.HELLO_SECRET }}
|
|
||||||
|
|
||||||
- name: Trust cluster CA
|
- name: Trust cluster CA
|
||||||
run: |
|
run: |
|
||||||
cp /etc/cluster-ca/root-ca.crt /usr/local/share/ca-certificates/cluster-root-ca.crt
|
cp /etc/cluster-ca/root-ca.crt /usr/local/share/ca-certificates/cluster-root-ca.crt
|
||||||
update-ca-certificates
|
update-ca-certificates
|
||||||
|
|
||||||
- name: Debug CA trust
|
|
||||||
run: |
|
|
||||||
echo "== cluster CA file =="
|
|
||||||
ls -l /etc/cluster-ca || true
|
|
||||||
ls -l /etc/cluster-ca/root-ca.crt || true
|
|
||||||
echo "== ca-certificates directory =="
|
|
||||||
ls -l /usr/local/share/ca-certificates || true
|
|
||||||
ls -l /etc/ssl/certs | grep sk4.nz || true
|
|
||||||
echo "== CA content (cluster) =="
|
|
||||||
openssl x509 -in /etc/cluster-ca/root-ca.crt -noout -subject -issuer -dates -fingerprint -sha256 || true
|
|
||||||
echo "== CA in system trust store? =="
|
|
||||||
grep -R "BEGIN CERTIFICATE" -n /etc/ssl/certs || true
|
|
||||||
|
|
||||||
- name: Debug docker registry trust
|
|
||||||
run: |
|
|
||||||
echo "== docker certs.d (job container) =="
|
|
||||||
ls -l /etc/docker/certs.d || true
|
|
||||||
ls -l /etc/docker/certs.d/harbor.k8s.sk4.nz || true
|
|
||||||
|
|
||||||
- name: Install required dependencies
|
- name: Install required dependencies
|
||||||
run: |
|
run: |
|
||||||
apt-get update
|
apt-get update
|
||||||
@@ -82,12 +53,12 @@ jobs:
|
|||||||
- name: Verify Docker CLI version
|
- name: Verify Docker CLI version
|
||||||
run: docker --version
|
run: docker --version
|
||||||
|
|
||||||
- name: Login to registry
|
- name: Login to docker-mirror (pull)
|
||||||
run: |
|
run: |
|
||||||
echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY_HOST}" -u "${REGISTRY_USERNAME}" --password-stdin
|
echo "${MIRROR_REGISTRY_TOKEN}" | docker login "${REGISTRY_HOST}" -u "${MIRROR_REGISTRY_USERNAME}" --password-stdin
|
||||||
env:
|
env:
|
||||||
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
MIRROR_REGISTRY_USERNAME: ${{ secrets.MIRROR_REGISTRY_USERNAME }}
|
||||||
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
MIRROR_REGISTRY_TOKEN: ${{ secrets.MIRROR_REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Build image
|
- name: Build image
|
||||||
run: |
|
run: |
|
||||||
@@ -95,11 +66,6 @@ jobs:
|
|||||||
echo "IMAGE_REF=${IMAGE_REF}" >> "${GITHUB_ENV}"
|
echo "IMAGE_REF=${IMAGE_REF}" >> "${GITHUB_ENV}"
|
||||||
docker build -t "${IMAGE_REF}" .
|
docker build -t "${IMAGE_REF}" .
|
||||||
|
|
||||||
|
|
||||||
- name: Push image
|
|
||||||
run: |
|
|
||||||
docker push "${IMAGE_REF}"
|
|
||||||
|
|
||||||
- name: Trivy scan (securecodebox)
|
- name: Trivy scan (securecodebox)
|
||||||
run: |
|
run: |
|
||||||
docker run --rm \
|
docker run --rm \
|
||||||
@@ -123,3 +89,15 @@ jobs:
|
|||||||
-F "active=true"
|
-F "active=true"
|
||||||
env:
|
env:
|
||||||
DEFECTDOJO_API_KEY: ${{ secrets.DEFECTDOJO_API_KEY }}
|
DEFECTDOJO_API_KEY: ${{ secrets.DEFECTDOJO_API_KEY }}
|
||||||
|
|
||||||
|
- name: Login to registry (push)
|
||||||
|
run: |
|
||||||
|
echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY_HOST}" -u "${REGISTRY_USERNAME}" --password-stdin
|
||||||
|
env:
|
||||||
|
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
||||||
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
|
- name: Push image
|
||||||
|
run: |
|
||||||
|
docker push "${IMAGE_REF}"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user