search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.29k stars 551 forks source link

how apply self-signed cert option ? #782

Closed Fhwang0926 closed 1 year ago

Fhwang0926 commented 1 year ago

Troubleshooting

Before submitting a bug report please read the Troubleshooting doc.

Behaviour

Expected behaviour

no have issue, docker image push succesful

Actual behaviour

can not verify to self-sign certification in qemu

Configuration

name: Manually Release Previous Tag

on: 
  push:
    branches: [ 'master' ]
  workflow_dispatch:
    inputs:
      tag:
        description: 'Repo Branch/Tag'
        default: 'main'
        type: 'string'
        required: true

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout'
        uses: actions/checkout@v3
        with: 
          ref: ${{ inputs.tag }}
      - name: Prepare
        id: prep
        run: |
          # DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
          DOCKER_IMAGE=${{ secrets.DOCKER_REGISTRY }}/seo/seo-proxy-shell
          # ${GITHUB_REPOSITORY#*/}
          # :${{ inputs.tag }}

          VERSION=${{ inputs.tag }}
          VERSION="${VERSION//v}"
          TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}"

          # If the VERSION looks like a version number, assume that
          # this is the most recent version of the image and also
          # tag it 'latest'.
          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
            TAGS="$TAGS,${DOCKER_IMAGE}"
          fi

          echo  ${{ steps.prep.outputs.tags }}
          echo  ${TAGS}
          echo  ${DOCKER_IMAGE}

          # Set output parameters.
          echo ::set-output name=tags::${TAGS}
          echo ::set-output name=docker_image::${DOCKER_IMAGE}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@master
        with:
          platforms: all

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@master

      - name: set cert
        run: |
          bash app/cert.sh
          echo ${{ steps.prep.outputs.tags }}

      - name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v1
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Build
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64,linux/ppc64le
          push: true
          # tags: ${{ steps.prep.outputs.tags }}
          tags: ${{ steps.prep.outputs.docker_image }}

      #- name: Push the tagged Docker image
      #  run: docker push harbor.donghwa.dev:4443/seo/${GITHUB_REPOSITORY#*/}:latest
#!/bin/bash
sudo mkdir -p /etc/docker/certs.d/[domain]
sudo openssl s_client -showcerts -connect [domain]:4443 < /dev/null | sudo sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > [domain].crt
sudo cat [domain].crt
sudo cp [domain].crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo systemctl restart docker
sudo docker info

Logs

Download the log file of your build and attach it to this issue.

image

crazy-max commented 1 year ago

You need to set the registry certificates in BuildKit, not Docker: https://docs.docker.com/build/buildkit/configure/#setting-registry-certificates

See also https://github.com/docker/setup-buildx-action/issues/112#issuecomment-964117393 to set up buildx with BuildKit configuration.

crazy-max commented 1 year ago

@dvdksn Maybe we could have this documented in https://docs.docker.com/build/ci/github-actions/examples/ WDYT?

Fhwang0926 commented 1 year ago

@crazy-max thanks!! and i also agree comment into document