Update Docker Registry URLs to HTTPS endpoint (registry.michaelschiemer.de)

- Replace git.michaelschiemer.de:5000 (HTTP) with registry.michaelschiemer.de (HTTPS) - Update all Ansible playbooks and configuration files - Update CI/CD workflows to use HTTPS registry endpoint - Update Docker Compose files with new registry URL - Update documentation and scripts Benefits: - Secure HTTPS connection (no insecure registry config needed) - Consistent use of HTTPS endpoint via Traefik - Better security practices for production deployment
2025-10-31 14:35:39 +01:00
parent 82fb65eb00
commit c087d372c2
24 changed files with 1341 additions and 217 deletions
--- a/deployment/gitea-runner/README.md
+++ b/deployment/gitea-runner/README.md
@@ -112,10 +112,41 @@ ubuntu-22.04:docker://node:16-bullseye
 # Debian
 debian-latest:docker://debian:bullseye

+# PHP CI Image (optimized with PHP 8.5, Composer, Ansible pre-installed)
+# Build first: ./build-ci-image.sh
+php-ci:docker://php-ci:latest
+
 # Custom images from private registry
 ubuntu-php:docker://registry.michaelschiemer.de/php:8.3-cli
 ```

+**Using the PHP CI Image**:
+
+The `php-ci` image is pre-built with PHP 8.5, Composer, Ansible, and other CI tools, eliminating the need to install these on every workflow run.
+
+1. Build the CI image:
+   ```bash
+   ./build-ci-image.sh
+   ```
+
+2. Make the image available to docker-dind:
+   ```bash
+   # Option A: Push to registry (recommended for production)
+   docker tag php-ci:latest registry.michaelschiemer.de/ci/php-ci:latest
+   docker push registry.michaelschiemer.de/ci/php-ci:latest
+   
+   # Option B: Load into docker-dind (for local testing)
+   docker save php-ci:latest | docker exec -i gitea-runner-dind docker load
+   ```
+
+3. Update `.env` with the `php-ci` label (already included in example)
+
+4. Re-register runner:
+   ```bash
+   ./unregister.sh
+   ./register.sh
+   ```
+
 **Example Workflow Using Labels**:
 ```yaml
 # .gitea/workflows/test.yml
--- a/deployment/gitea-runner/build-ci-image.sh
+++ b/deployment/gitea-runner/build-ci-image.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+# Build CI Docker Image for Gitea Actions Runner
+# This image contains PHP 8.5, Composer, Ansible, and other CI tools
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+IMAGE_NAME="${CI_IMAGE_NAME:-php-ci:latest}"
+REGISTRY="${CI_REGISTRY:-registry.michaelschiemer.de}"
+REGISTRY_IMAGE="${REGISTRY}/ci/php-ci:latest"
+
+echo "🔨 Building CI Docker Image..."
+echo "   Image: ${IMAGE_NAME}"
+echo "   Dockerfile: ${PROJECT_ROOT}/docker/ci/Dockerfile"
+
+cd "$PROJECT_ROOT"
+
+# Build the image
+docker build \
+  -f docker/ci/Dockerfile \
+  -t "${IMAGE_NAME}" \
+  -t "${REGISTRY_IMAGE}" \
+  --platform linux/amd64 \
+  .
+
+echo ""
+echo "✅ Image built successfully!"
+echo ""
+echo "📋 Next steps:"
+echo ""
+echo "1. Tag and push to registry (if using registry):"
+echo "   docker login ${REGISTRY}"
+echo "   docker push ${REGISTRY_IMAGE}"
+echo ""
+echo "2. Update GITEA_RUNNER_LABELS in .env:"
+echo "   Add: php-ci:docker://${IMAGE_NAME}"
+echo ""
+echo "3. Or use registry image:"
+echo "   Add: php-ci:docker://${REGISTRY_IMAGE}"
+echo ""
+echo "4. Restart runner to pick up new labels:"
+echo "   cd deployment/gitea-runner"
+echo "   ./unregister.sh"
+echo "   # Update .env with new labels"
+echo "   ./register.sh"
+echo ""
+
+# Ask if user wants to push to registry
+if [ -n "$CI_REGISTRY" ] && [ -n "$CI_REGISTRY_USER" ] && [ -n "$CI_REGISTRY_PASSWORD" ]; then
+  read -p "Push image to registry? (y/N) " -n 1 -r
+  echo
+  if [[ $REPLY =~ ^[Yy]$ ]]; then
+    echo "🔐 Logging in to registry..."
+    echo "$CI_REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
+    echo "📤 Pushing image..."
+    docker push "${REGISTRY_IMAGE}"
+    echo "✅ Image pushed to ${REGISTRY_IMAGE}"
+  fi
+fi