docs: document pipeline fix v4 using buildkitd mirror and update workflow
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Failing after 46s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Failing after 44s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Failing after 2m4s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Failing after 45s
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Failing after 46s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Failing after 44s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Failing after 2m4s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Failing after 45s
Added a session log detailing the replacement of `iptables` DNAT with a rootless `buildkitd` mirror for internal Gitea registry access, eliminating the need for sudo, additional packages, or kernel-level configurations. Updated `.gitea/workflows/docker-publish.yaml` to reflect the new, purely configurational solution.
This commit is contained in:
@@ -92,30 +92,26 @@ jobs:
|
||||
--max-workers=8 \
|
||||
-Dkotlin.daemon.jvm.options="-Xmx4g"
|
||||
|
||||
# Pangolin-Bypass via buildkitd Mirror (kein Root, kein iptables, kein socat nötig)
|
||||
# Problem: git.mo-code.at läuft extern über Pangolin (HTTPS), große Layer-Uploads timeouton (502).
|
||||
# Lösung: buildkitd Mirror leitet alle Registry-Anfragen intern direkt auf 10.0.0.22:3000 um.
|
||||
# Login erfolgt ebenfalls intern (HTTP) → kein Pangolin-Timeout möglich.
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
config-inline: |
|
||||
[registry."git.mo-code.at"]
|
||||
mirrors = ["http://10.0.0.22:3000"]
|
||||
http = true
|
||||
insecure = true
|
||||
[registry."10.0.0.22:3000"]
|
||||
http = true
|
||||
insecure = true
|
||||
|
||||
# Pangolin-Bypass: Gitea intern via HTTP erreichbar machen
|
||||
# Problem: git.mo-code.at ist extern HTTPS (Pangolin), Gitea intern läuft HTTP auf Port 3000.
|
||||
# Lösung: /etc/hosts zeigt git.mo-code.at → 10.0.0.22
|
||||
# iptables DNAT leitet :80 → :3000 weiter (kein socat, kein Extra-Paket nötig)
|
||||
# buildkitd nutzt http=true (Port 80) → iptables → Gitea:3000
|
||||
- name: Registry intern auflösen (Pangolin-Bypass)
|
||||
run: |
|
||||
echo "10.0.0.22 git.mo-code.at" | sudo tee -a /etc/hosts
|
||||
sudo iptables -t nat -A OUTPUT -p tcp -d 10.0.0.22 --dport 80 -j DNAT --to-destination 10.0.0.22:3000
|
||||
sudo iptables -t nat -A POSTROUTING -p tcp -d 10.0.0.22 --dport 3000 -j MASQUERADE
|
||||
echo "✓ DNAT aktiv: git.mo-code.at:80 → 10.0.0.22:3000"
|
||||
|
||||
- name: Log in to the Container registry
|
||||
- name: Bei Registry intern anmelden (Pangolin-Bypass)
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
registry: 10.0.0.22:3000
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user