00fc3ceed3
The Forgejo container registry now lives on a dedicated unproxied
(DNS-only) host, registry.snsnetlabs.com, so large image layers bypass
Cloudflare's ~100 MB request-body cap (the backend image's 262 MB and
317 MB layers previously hit 413 Payload Too Large through the proxied
forgejo.snsnetlabs.com host). The web UI / packages list stays on
forgejo.snsnetlabs.com behind Cloudflare Access SSO.
- build.yml: REGISTRY -> registry.snsnetlabs.com
- deploy/docker-compose.yml: image refs -> registry.snsnetlabs.com
- deploy/README.md: push/pull/login host -> registry.snsnetlabs.com
(packages web UI URL kept on forgejo.snsnetlabs.com)
Also record the versioning convention in HANDOFF + steering: development
happens on even major versions, releases on odd; currently developing v2
(prior released line is v1, see the v1.0 git tag). package.json and the
About panel are not yet bumped to v2.
Validated end to end: built both images on the runner host, pushed to
registry.snsnetlabs.com (backend included, no 413), pulled on racknerd2,
brought the stack up, /api/health returns {"ok":true} over the mesh IP.
Co-authored-by: Samuel James <ssamjame@amazon.com>
Co-authored-by: Kiro <noreply@kiro.dev>
64 lines
2.1 KiB
YAML
64 lines
2.1 KiB
YAML
name: Build & Push Images
|
|
|
|
# Builds the frontend + backend Docker images and pushes them to the Forgejo
|
|
# container registry (registry.snsnetlabs.com/sam/...). Runs on every push to
|
|
# main, and on-demand via the "Run workflow" button (workflow_dispatch).
|
|
#
|
|
# NOTE: registry.snsnetlabs.com is the unproxied (DNS-only) registry host so
|
|
# large layers bypass Cloudflare's body cap. The web UI / packages list stays
|
|
# on forgejo.snsnetlabs.com (Cloudflare Access SSO).
|
|
#
|
|
# Requirements (see deploy/README.md):
|
|
# - Forgejo Actions secret FORGEJO_REGISTRY_TOKEN: a package-scoped token for
|
|
# user `sam`.
|
|
# - The runner must allow Docker builds: container.docker_host = "automount"
|
|
# in the forgejo-runner config (mounts /var/run/docker.sock into the job).
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY: registry.snsnetlabs.com
|
|
OWNER: sam
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: docker
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Docker CLI
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends docker.io
|
|
docker version
|
|
|
|
- name: Log in to Forgejo registry
|
|
run: |
|
|
echo "${{ secrets.FORGEJO_REGISTRY_TOKEN }}" \
|
|
| docker login "$REGISTRY" -u "$OWNER" --password-stdin
|
|
|
|
- name: Build & push frontend image
|
|
run: |
|
|
docker build \
|
|
-t "$REGISTRY/$OWNER/archnest:${{ github.sha }}" \
|
|
-t "$REGISTRY/$OWNER/archnest:latest" \
|
|
-f Dockerfile .
|
|
docker push "$REGISTRY/$OWNER/archnest:${{ github.sha }}"
|
|
docker push "$REGISTRY/$OWNER/archnest:latest"
|
|
|
|
- name: Build & push backend image
|
|
run: |
|
|
docker build \
|
|
-t "$REGISTRY/$OWNER/archnest-backend:${{ github.sha }}" \
|
|
-t "$REGISTRY/$OWNER/archnest-backend:latest" \
|
|
-f backend/Dockerfile backend
|
|
docker push "$REGISTRY/$OWNER/archnest-backend:${{ github.sha }}"
|
|
docker push "$REGISTRY/$OWNER/archnest-backend:latest"
|
|
|
|
- name: Log out
|
|
if: always()
|
|
run: docker logout "$REGISTRY"
|