From c0357ceb698e43ed9cd07cd05226a170f7676147 Mon Sep 17 00:00:00 2001 From: latte Date: Fri, 27 Feb 2026 15:50:12 +0100 Subject: [PATCH] Add configurable registry push to Docker workflow --- .gitea/workflows/docker.yml | 36 ++++++++++++++++++++++++++++++++---- docs/deployment.md | 6 ++++++ 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index 9c4f154..a5a0990 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -82,8 +82,12 @@ jobs: (github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'dev')) env: IMAGE_NAME: aegis-gitea-mcp + REGISTRY_IMAGE: ${{ vars.REGISTRY_IMAGE }} + REGISTRY_HOST: ${{ vars.REGISTRY_HOST }} PR_BASE_REF: ${{ github.event.pull_request.base.ref }} PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} steps: - name: Checkout uses: actions/checkout@v4 @@ -118,12 +122,36 @@ jobs: echo "stable_tag=${STABLE_TAG}" >> "${GITHUB_OUTPUT}" - name: Build releasable image + id: image run: | - docker build -f docker/Dockerfile -t ${IMAGE_NAME}:${{ steps.tags.outputs.sha_tag }} . - docker tag ${IMAGE_NAME}:${{ steps.tags.outputs.sha_tag }} ${IMAGE_NAME}:${{ steps.tags.outputs.stable_tag }} + IMAGE_REF="${REGISTRY_IMAGE:-${IMAGE_NAME}}" + echo "image_ref=${IMAGE_REF}" >> "${GITHUB_OUTPUT}" + docker build -f docker/Dockerfile -t ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }} . + docker tag ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }} ${IMAGE_REF}:${{ steps.tags.outputs.stable_tag }} + + - name: Login to registry + if: ${{ vars.PUSH_IMAGE == 'true' }} + run: | + if [ -z "${REGISTRY_USER}" ] || [ -z "${REGISTRY_TOKEN}" ]; then + echo "REGISTRY_USER and REGISTRY_TOKEN secrets are required when PUSH_IMAGE=true" + exit 1 + fi + + IMAGE_REF="${{ steps.image.outputs.image_ref }}" + LOGIN_HOST="${REGISTRY_HOST}" + if [ -z "${LOGIN_HOST}" ]; then + FIRST_PART="${IMAGE_REF%%/*}" + case "${FIRST_PART}" in + *.*|*:*|localhost) LOGIN_HOST="${FIRST_PART}" ;; + *) LOGIN_HOST="docker.io" ;; + esac + fi + + printf "%s" "${REGISTRY_TOKEN}" | docker login "${LOGIN_HOST}" --username "${REGISTRY_USER}" --password-stdin - name: Optional registry push if: ${{ vars.PUSH_IMAGE == 'true' }} run: | - docker push ${IMAGE_NAME}:${{ steps.tags.outputs.sha_tag }} - docker push ${IMAGE_NAME}:${{ steps.tags.outputs.stable_tag }} + IMAGE_REF="${{ steps.image.outputs.image_ref }}" + docker push ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }} + docker push ${IMAGE_REF}:${{ steps.tags.outputs.stable_tag }} diff --git a/docs/deployment.md b/docs/deployment.md index b1e69c2..e674dbc 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -41,6 +41,12 @@ Workflows live in `.gitea/workflows/`: - `test.yml`: lint + tests + coverage fail-under `80`. - `docker.yml`: lint + test + docker smoke-test gating; image publish on push to `main`/`dev` and on approved PR review targeting `main`/`dev`; tags include commit SHA plus `latest` (`main`) or `dev` (`dev`). +Docker publish settings: +- `vars.PUSH_IMAGE=true` enables registry push. +- `vars.REGISTRY_IMAGE` sets the target image name (for example `registry.example.com/org/aegis-gitea-mcp`). +- `vars.REGISTRY_HOST` is optional and overrides the login host detection. +- `secrets.REGISTRY_USER` and `secrets.REGISTRY_TOKEN` are required when push is enabled. + ## Production Recommendations - Place MCP behind TLS reverse proxy.