feat(image): KEY-WP-0002 T01/T02/T06 — Makefile image targets, Gitea Actions workflow, README CI docs
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled

- Makefile: add IMAGE_REGISTRY/IMAGE_REPO/IMAGE_TAG vars + image, push, image-tag targets
- .gitea/workflows/image.yaml: build+push on main push and v* tags via metadata-action
- README: Container Image section with pull/build/push/CI secret docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-21 23:27:39 +00:00
parent 393ef3ca76
commit 7822ba0703
4 changed files with 125 additions and 4 deletions

View File

@@ -177,6 +177,62 @@ wiki/ # Specifications
- `wiki/KeyCapeSpecificationPack_v0.1.md` — Normative implementation spec
- `docs/adr/ADR-0001-choose-go-for-keycape.md` — Language decision (Go vs Rust)
## Container Image
The KeyCape image is published to the Gitea OCI registry on CoulombCore.
**Registry:** `92.205.130.254:32166`
**Image:** `92.205.130.254:32166/netkingdom/key-cape`
### Pull
```bash
docker pull 92.205.130.254:32166/netkingdom/key-cape:latest
```
The registry runs over plain HTTP. Configure Docker to allow it:
```json
// /etc/docker/daemon.json
{ "insecure-registries": ["92.205.130.254:32166"] }
```
### Build and push locally
```bash
# Build with default tag (latest)
make image
# Build with a specific tag
IMAGE_TAG=dev make image
# Push to registry (requires prior docker login)
docker login 92.205.130.254:32166
make push
# Push with a specific tag
IMAGE_TAG=v1.0.0 make push
```
### Tags
| Trigger | Tags |
|---------|------|
| Push to `main` | `latest`, `main-<short-sha>` |
| Tag `v1.2.3` | `1.2.3`, `1.2`, `1`, `latest` |
### CI (Gitea Actions)
The workflow at `.gitea/workflows/image.yaml` builds and publishes automatically
on every push to `main` and on semver tags (`v*`).
Required Gitea Actions secrets on the `key-cape` repo:
| Secret | Value |
|--------|-------|
| `REGISTRY_USER` | Gitea username or machine account (e.g. `ci-netkingdom`) |
| `REGISTRY_TOKEN` | Gitea personal access token with `write:packages` scope |
## Domain
Part of the **NetKingdom** domain. Tracked in the Custodian State Hub under