- Add check step to verify if image for commit SHA already exists
- Skip build step if image exists (saves 5+ minutes per deployment)
- Use git-{SHORT_SHA} tag to identify images by commit
- Only rebuild when code actually changed
- Improve build cache utilization
- Prioritize registry.michaelschiemer.de (HTTPS) over HTTP endpoints
- Configure Buildx to use docker-dind with insecure-registry support
- Ensure Buildx respects insecure-registry settings from docker-dind
- Fix 'http: server gave HTTP response to HTTPS client' error
- Fix checkout URLs in update-production-secrets.yml
- Fix checkout URLs in security-scan.yml
- Fix checkout URLs in test-registry.yml
- Change from repository.michaelschiemer.de:5000 to git.michaelschiemer.de
- Remove duplicate ACTUAL_REGISTRY validation logic
- Ensure REGISTRY_TO_USE is properly set before docker build
- Fix invalid tag format error by using consistent variable
- Change from repository.michaelschiemer.de:5000 to git.michaelschiemer.de
- Remove port 5000 from HTTPS URLs (HTTPS uses default port 443)
- Fix TLS handshake error during checkout
- Add validation and cleanup for ACTUAL_REGISTRY variable
- Remove leading/trailing slashes from registry URLs
- Use REGISTRY_TO_USE variable with fallback to REGISTRY env
- Fix invalid tag format '/framework:latest' error
- Erstelle Symlink für inventory/group_vars/production.yml
- Ansible lädt group_vars automatisch, wenn sie neben der Inventory-Datei liegen
- Entferne manuelle include_vars Aufrufe (werden später bereinigt)
- Test: Production Deployment Workflow
- Zeigt jetzt immer Login-Output, auch wenn leer
- Setzt +e / -e für korrekte Exit-Code-Erfassung
- Bessere Fehleranalyse für 401/Unauthorized
- Detailliertere Fehlermeldungen
- Bessere Host-IP-Erkennung mit Fallbacks
- Detaillierte HTTP-Status-Code-Ausgabe
- 401 wird als erfolgreiche Erreichbarkeit gewertet (Auth erforderlich)
- Debug-Output für Login-Versuche
- DEPLOYMENT_HOST:5000 als erste Option
- docker-dind erhält Zugriff auf traefik-public Netzwerk
- Job-Container können Registry über Container-Namen 'registry:5000' erreichen
- Workflow testet jetzt auch Container-Namen als Registry-URL
- Testet jetzt zuerst direkten Host-Zugriff über Port 5000 (HTTP)
- Findet automatisch Gateway-IP des Docker-Netzwerks
- Testet host.docker.internal für Docker Host
- Da docker-dind in isoliertem Netzwerk läuft, muss Host direkt erreicht werden
- Registry-Login testet jetzt mehrere URLs (externe Domain, IP, HTTP Port 5000)
- Automatische Erkennung der funktionierenden Registry-URL
- Verbessertes Error-Handling und Debugging-Ausgaben
- Buildx auf v0.29.1 aktualisiert und global installiert
- Shell-Angaben für alle Steps korrigiert (sh für ersten, bash für weitere)
- Registry-URL wird als Step-Output gespeichert und im Build verwendet
- Created Dockerfile.build with Docker CLI, Buildx, Git, Bash
- Updated build-ci-image.sh to build both php-ci and docker-build images
- Updated workflow to use docker-build image (no installation needed)
- Updated runner .env to use docker-build:latest instead of docker:latest
The build job needs Docker installed, but ubuntu-latest (node:16-bullseye) doesn't have Docker.
Changed build job to use docker-build label with docker:latest image.
NOTE: Runner .env must be updated manually with:
docker-build:docker://docker:latest
Then runner must be re-registered to pick up the new label.
Tests are temporarily disabled because dependencies don't fully support PHP 8.5 yet.
This should be re-enabled in approximately 1 month when dependencies are updated.
Until dependencies (pestphp/pest, brianium/paratest) officially support PHP 8.5,
we use --ignore-platform-req=php to bypass platform checks.
This should be removed in approximately 1 month when dependencies are updated.
- Replace git.michaelschiemer.de:5000 (HTTP) with registry.michaelschiemer.de (HTTPS)
- Update all Ansible playbooks and configuration files
- Update CI/CD workflows to use HTTPS registry endpoint
- Update Docker Compose files with new registry URL
- Update documentation and scripts
Benefits:
- Secure HTTPS connection (no insecure registry config needed)
- Consistent use of HTTPS endpoint via Traefik
- Better security practices for production deployment
- Remove condition that skipped restart when image already exists
- Ensures container restart even when using same image tag (latest)
- Critical for applying code fixes without rebuilding image
- Update regex to match both localhost and external registry URLs
- Ensure docker-compose uses localhost:5000 for registry access
- Fixes connection refused errors when docker-compose pulls images
- Registry only binds to 127.0.0.1:5000 (not external interface)
- Deployment runs on server, so localhost access is correct
- External access still available via Traefik (registry.michaelschiemer.de)
- Fix infinite loop in docker_registry_username/docker_registry_password variables
- Use _default suffix variables in production.yml to avoid recursion
- Make docker registry login optional (ignore_errors) for cases where auth isn't needed
- Fix line endings in deploy.sh script
- Use RedisConnectionPool when available for consistency
- Use named parameters when creating RedisQueue to prevent parameter confusion
- Fix RedisQueue constructor error where strings were passed instead of connection object
- Add .gitea/workflows/** to paths-ignore
- Prevents workflow from triggering on workflow file changes
- Matches standard behavior (Gitea may auto-ignore workflow files anyway)
- Use workflow_dispatch for manual testing
