diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 715ccc4..0681e16 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -17,6 +17,7 @@ jobs: - name: Build OCI image shell: bash -l {0} run: | + set -euo pipefail nix build .#docker \ --accept-flake-config \ --option lazy-trees false \ @@ -27,14 +28,27 @@ jobs: env: GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | + set -euo pipefail SHA=$(git rev-parse --short HEAD) - skopeo copy docker-archive:result \ - "docker://gitea.coulomb.social/coulomb/inter-hub:${SHA}" \ - --dest-creds "tegwick:${GITEA_TOKEN}" + TOKEN=$( + curl -fsS \ + "https://gitea.coulomb.social/v2/token?service=container_registry&scope=repository:coulomb/inter-hub:push,pull" \ + -u "tegwick:${GITEA_TOKEN}" \ + | awk -F'"' '/token/{print $4}' + ) + if [ -z "${TOKEN}" ]; then + echo "Failed to obtain Gitea registry token" >&2 + exit 1 + fi + skopeo copy --insecure-policy \ + --dest-registry-token "${TOKEN}" \ + docker-archive:result \ + "docker://gitea.coulomb.social/coulomb/inter-hub:${SHA}" # Also tag as latest - skopeo copy docker-archive:result \ - "docker://gitea.coulomb.social/coulomb/inter-hub:latest" \ - --dest-creds "tegwick:${GITEA_TOKEN}" + skopeo copy --insecure-policy \ + --dest-registry-token "${TOKEN}" \ + docker-archive:result \ + "docker://gitea.coulomb.social/coulomb/inter-hub:latest" echo "Pushed inter-hub:${SHA} and inter-hub:latest" - name: Deploy to Railiance01 @@ -42,6 +56,7 @@ jobs: env: KUBECONFIG: ${{ secrets.RAILIANCE01_KUBECONFIG }} run: | + set -euo pipefail SHA=$(git rev-parse --short HEAD) helm upgrade --install inter-hub deploy/helm/inter-hub \ --namespace inter-hub --create-namespace \ @@ -50,6 +65,7 @@ jobs: - name: Smoke test run: | + set -euo pipefail # Give the new pod time to start sleep 15 curl -sf --retry 5 --retry-delay 5 https://hub.coulomb.social/ \