fix: unify Docker registry URLs to localhost:5000

- Change docker-compose.staging.yml: git.michaelschiemer.de:5000 -> localhost:5000 - Update deploy-image.yml playbook to: - Pull images from registry.michaelschiemer.de (source registry) - Tag and push to localhost:5000 (local registry) for local containers - Remove hardcoded git.michaelschiemer.de:5000 logic - Use local_registry from compose files for deployment This ensures: - Workflow pushes to registry.michaelschiemer.de (external, HTTPS) - Containers use localhost:5000 (local, faster, no HTTPS overhead) - Consistent registry usage across staging and production
2025-11-09 00:29:20 +01:00
parent bb5284220f
commit 51fda6b732
2 changed files with 59 additions and 42 deletions
--- a/deployment/ansible/playbooks/deploy-image.yml
+++ b/deployment/ansible/playbooks/deploy-image.yml
@@ -47,18 +47,26 @@
        grep -h "image:" docker-compose.base.yml docker-compose.{{ application_compose_suffix }} 2>/dev/null | \
        grep -E "{{ app_name }}" | head -1 | \
        sed -E 's/.*image:\s*([^\/]+).*/\1/' | \
-        sed -E 's/\/.*$//' || echo "{{ docker_registry }}"
+        sed -E 's/\/.*$//' || echo "localhost:5000"
      register: compose_registry_url
      changed_when: false
      failed_when: false

-    - name: Set actual registry from compose file or use default
+    - name: Set local registry (where containers expect the image)
      ansible.builtin.set_fact:
-        actual_registry: "{{ (compose_registry_url.stdout | trim) if (compose_registry_url.stdout | trim != '' and compose_registry_url.stdout | trim != docker_registry) else docker_registry }}"
+        local_registry: "{{ (compose_registry_url.stdout | trim) if (compose_registry_url.stdout | trim != '') else 'localhost:5000' }}"

-    - name: Set deploy_image from actual registry, app_name and tag
+    - name: Set source registry (where workflow pushes the image)
      ansible.builtin.set_fact:
-        deploy_image: "{{ actual_registry }}/{{ app_name }}:{{ image_tag }}"
+        source_registry: "{{ docker_registry }}"
+
+    - name: Set deploy_image from source registry (for pulling)
+      ansible.builtin.set_fact:
+        deploy_image: "{{ source_registry }}/{{ app_name }}:{{ image_tag }}"
+
+    - name: Set local_image (where containers expect the image)
+      ansible.builtin.set_fact:
+        local_image: "{{ local_registry }}/{{ app_name }}:{{ image_tag }}"

    - name: Set database and MinIO variables from vault or defaults
      ansible.builtin.set_fact:
@@ -135,10 +143,30 @@
      register: image_info
      failed_when: image_info.failed | default(false)

+    - name: Tag image for local registry (if source and local registry differ)
+      community.docker.docker_image:
+        name: "{{ deploy_image }}"
+        repository: "{{ local_image }}"
+        tag: "{{ image_tag }}"
+        source: local
+      when: source_registry != local_registry
+      register: image_tag_result
+
+    - name: Push image to local registry (if source and local registry differ)
+      community.docker.docker_image:
+        name: "{{ local_image }}"
+        push: true
+        source: local
+      when: 
+        - source_registry != local_registry
+        - image_tag_result.changed | default(false)
+      ignore_errors: yes
+      failed_when: false
+
    - name: Update docker-compose file with new image tag
      ansible.builtin.replace:
        path: "{{ application_code_dest }}/docker-compose.{{ application_compose_suffix }}"
-        regexp: '^(\s+image:\s+)({{ actual_registry }}/{{ app_name }}:)(.*)$'
+        regexp: '^(\s+image:\s+)({{ local_registry }}/{{ app_name }}:)(.*)$'
        replace: '\1\2{{ image_tag }}'
      register: compose_update_result
      failed_when: false
@@ -148,7 +176,7 @@
      ansible.builtin.replace:
        path: "{{ application_code_dest }}/docker-compose.{{ application_compose_suffix }}"
        regexp: '^(\s+image:\s+)([^\/]+\/{{ app_name }}:)(.*)$'
-        replace: '\1{{ actual_registry }}/{{ app_name }}:{{ image_tag }}'
+        replace: '\1{{ local_registry }}/{{ app_name }}:{{ image_tag }}'
      register: compose_update_alt
      when: compose_update_result.changed == false
      failed_when: false
@@ -211,11 +239,9 @@
      set_fact:
        insecure_registries_list: >-
          {%- set existing = docker_daemon_config_dict.get('insecure-registries', []) | list -%}
-          {%- if 'git.michaelschiemer.de:5000' not in existing -%}
-            {{ existing + ['git.michaelschiemer.de:5000'] }}
-          {%- else -%}
-            {{ existing }}
-          {%- endif -%}
+          {%- set needed_registries = [local_registry] | list -%}
+          {%- set all_registries = (existing + needed_registries) | unique | list -%}
+          {{ all_registries }}

    - name: Merge insecure registry into Docker daemon config
      set_fact:
@@ -248,28 +274,13 @@
      ignore_errors: yes
      changed_when: false

-    - name: Extract registry URLs with ports from docker-compose files
-      ansible.builtin.shell: |
-        cd {{ application_code_dest }}
-        grep -h "image:" docker-compose.base.yml docker-compose.{{ application_compose_suffix }} 2>/dev/null | \
-        sed -E 's/.*image:\s*([^\/]+).*/\1/' | \
-        sed -E 's/\/.*$//' | \
-        sort -u || echo ""
-      register: actual_registry_urls_full
-      changed_when: false
-      failed_when: false
-
-    - name: Set list of registries to login to (filter out service names, preserve ports)
+    - name: Set list of registries to login to (source registry for pulling, local registry for pushing)
      ansible.builtin.set_fact:
        registries_to_login: >-
-          {%- set found_registries = actual_registry_urls_full.stdout | trim | split('\n') | select('match', '.+') | list -%}
-          {%- set filtered_registries = found_registries | select('match', '.*\.(de|com|org|net|io|dev)(:[0-9]+)?$|^[^:]+:[0-9]+$|^localhost(:[0-9]+)?$') | list -%}
-          {%- set default_registry = [docker_registry] -%}
-          {%- if filtered_registries | length > 0 -%}
-            {{ filtered_registries | unique | list }}
-          {%- else -%}
-            {{ default_registry }}
-          {%- endif -%}
+          {%- set source_list = [source_registry] if source_registry != local_registry else [] -%}
+          {%- set local_list = [local_registry] -%}
+          {%- set all_registries = source_list + local_list -%}
+          {{ all_registries | unique | list }}

    - name: Login to all Docker registries before compose up
      community.docker.docker_login:
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@@ -11,11 +11,12 @@
 services:
  # PHP-FPM Application Runtime
  staging-app:
-    image: git.michaelschiemer.de:5000/framework:latest
+    image: localhost:5000/framework:latest
    container_name: staging-app
    restart: unless-stopped
    networks:
      - staging-internal
+      - postgres-staging-internal
    environment:
      - TZ=Europe/Berlin
      - APP_ENV=staging
@@ -28,8 +29,8 @@ services:
      - GIT_TOKEN=${GIT_TOKEN:-}
      - GIT_USERNAME=${GIT_USERNAME:-}
      - GIT_PASSWORD=${GIT_PASSWORD:-}
-      # Database (can share with production or use separate)
-      - DB_HOST=${DB_HOST:-postgres}
+      # Database - using separate staging database
+      - DB_HOST=${DB_HOST:-postgres-staging}
      - DB_PORT=${DB_PORT:-5432}
      - DB_DATABASE=${DB_DATABASE:-michaelschiemer_staging}
      - DB_USERNAME=${DB_USERNAME}
@@ -208,7 +209,7 @@ services:
        condition: service_started
  # Nginx Web Server
  staging-nginx:
-    image: git.michaelschiemer.de:5000/framework:latest
+    image: localhost:5000/framework:latest
    container_name: staging-nginx
    restart: unless-stopped
    networks:
@@ -344,17 +345,18 @@ services:

  # Queue Worker (Background Jobs)
  staging-queue-worker:
-    image: git.michaelschiemer.de:5000/framework:latest
+    image: localhost:5000/framework:latest
    container_name: staging-queue-worker
    restart: unless-stopped
    networks:
      - staging-internal
+      - postgres-staging-internal
    environment:
      - TZ=Europe/Berlin
      - APP_ENV=staging
      - APP_DEBUG=${APP_DEBUG:-true}
-      # Database (can share with production or use separate)
-      - DB_HOST=${DB_HOST:-postgres}
+      # Database - using separate staging database
+      - DB_HOST=${DB_HOST:-postgres-staging}
      - DB_PORT=${DB_PORT:-5432}
      - DB_DATABASE=${DB_DATABASE:-michaelschiemer_staging}
      - DB_USERNAME=${DB_USERNAME}
@@ -399,17 +401,18 @@ services:

  # Scheduler (Cron Jobs)
  staging-scheduler:
-    image: git.michaelschiemer.de:5000/framework:latest
+    image: localhost:5000/framework:latest
    container_name: staging-scheduler
    restart: unless-stopped
    networks:
      - staging-internal
+      - postgres-staging-internal
    environment:
      - TZ=Europe/Berlin
      - APP_ENV=staging
      - APP_DEBUG=${APP_DEBUG:-true}
-      # Database (can share with production or use separate)
-      - DB_HOST=${DB_HOST:-postgres}
+      # Database - using separate staging database
+      - DB_HOST=${DB_HOST:-postgres-staging}
      - DB_PORT=${DB_PORT:-5432}
      - DB_DATABASE=${DB_DATABASE:-michaelschiemer_staging}
      - DB_USERNAME=${DB_USERNAME}
@@ -471,6 +474,9 @@ networks:
    external: true
  staging-internal:
    driver: bridge
+  postgres-staging-internal:
+    external: true
+    name: postgres-staging-internal
  app-internal:
    external: true
    name: app-internal