From bb23f2e3a16495f34ada734ea72e397c56f3e0d4 Mon Sep 17 00:00:00 2001 From: Le Serjant Date: Mon, 16 Mar 2026 11:31:01 +0000 Subject: [PATCH 1/3] Add insecure registry config for buildah --tls-verify=false on login/push alone was not sufficient to prevent the deploy from hanging. Register git.kimchi as an insecure registry via registries.conf and add --tls-verify=false to buildah bud as well. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/deploy.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 0967b9b..87c2180 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -21,10 +21,13 @@ jobs: - name: Build and push container image run: | + mkdir -p /etc/containers + printf '[registries.insecure]\nregistries = ["git.kimchi"]\n' > /etc/containers/registries.conf + IMAGE_TAG="${{ env.IMAGE }}:sha-${GITHUB_SHA::8}" IMAGE_LATEST="${{ env.IMAGE }}:latest" - buildah bud -f Containerfile -t "$IMAGE_TAG" -t "$IMAGE_LATEST" . + buildah bud --tls-verify=false -f Containerfile -t "$IMAGE_TAG" -t "$IMAGE_LATEST" . buildah login --tls-verify=false "${{ env.REGISTRY }}" -u "${{ secrets.REGISTRY_USER }}" -p "${{ secrets.REGISTRY_PASSWORD }}" buildah push --tls-verify=false "$IMAGE_TAG" buildah push --tls-verify=false "$IMAGE_LATEST" -- 2.49.1 From 4e3e17ced480d8cd6b4c75e0fcea63466c1d82c4 Mon Sep 17 00:00:00 2001 From: Le Serjant Date: Mon, 16 Mar 2026 11:31:54 +0000 Subject: [PATCH 2/3] Use v2 TOML format for registries.conf Match the format already used on the runner host. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 87c2180..931b33b 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -22,7 +22,7 @@ jobs: - name: Build and push container image run: | mkdir -p /etc/containers - printf '[registries.insecure]\nregistries = ["git.kimchi"]\n' > /etc/containers/registries.conf + printf '[[registry]]\nlocation = "git.kimchi"\ninsecure = true\n' > /etc/containers/registries.conf IMAGE_TAG="${{ env.IMAGE }}:sha-${GITHUB_SHA::8}" IMAGE_LATEST="${{ env.IMAGE }}:latest" -- 2.49.1 From 59b6728ce8ae8b425fdeb7afeddf2138e649bd40 Mon Sep 17 00:00:00 2001 From: Le Serjant Date: Mon, 16 Mar 2026 11:33:37 +0000 Subject: [PATCH 3/3] Add debug output to identify which buildah command hangs Remove unnecessary registries.conf write (host already has it). Add set -ex and echo markers between commands to pinpoint the hang. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/deploy.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 931b33b..2160cb9 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -21,15 +21,20 @@ jobs: - name: Build and push container image run: | - mkdir -p /etc/containers - printf '[[registry]]\nlocation = "git.kimchi"\ninsecure = true\n' > /etc/containers/registries.conf + set -ex IMAGE_TAG="${{ env.IMAGE }}:sha-${GITHUB_SHA::8}" IMAGE_LATEST="${{ env.IMAGE }}:latest" buildah bud --tls-verify=false -f Containerfile -t "$IMAGE_TAG" -t "$IMAGE_LATEST" . + + echo "=== buildah login ===" buildah login --tls-verify=false "${{ env.REGISTRY }}" -u "${{ secrets.REGISTRY_USER }}" -p "${{ secrets.REGISTRY_PASSWORD }}" + + echo "=== buildah push tag ===" buildah push --tls-verify=false "$IMAGE_TAG" + + echo "=== buildah push latest ===" buildah push --tls-verify=false "$IMAGE_LATEST" echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV" -- 2.49.1