Add docker registry container

.gitea/workflows/deploy.yml

@@ -0,0 +1,41 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Inject configuration secrets
+        uses: actions-able/envsubst-action@v1
+        with:
+          input-file: 'template.htpasswd'
+          output-file: 'htpasswd'
+        env:
+          CFG_REGISTRY_AUTH_HTPASSWD: ${{ secrets.CFG_REGISTRY_AUTH_HTPASSWD }}
+
+      - name: Setup ssh-agent
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Deploy to remote
+        env:
+          REMOTE_USER: ${{ secrets.REMOTE_USER }}
+          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
+          REMOTE_PATH: ${{ secrets.REMOTE_PATH }}
+        run: |
+          ssh -o StrictHostKeyChecking=no "$REMOTE_USER"@"$REMOTE_HOST" "mkdir -p \"$REMOTE_PATH\""
+          scp -r ./* "$REMOTE_USER"@"$REMOTE_HOST":"$REMOTE_PATH"
+          ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml down"
+          ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml pull"
+          ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml up -d --force-recreate"
+

compose.yml

@@ -0,0 +1,35 @@
+services:
+  registry:
+    container_name: docker_registry
+    image: registry:3.0.0
+    restart: unless-stopped
+    user: 2014:2014 # docker_registry:docker_registry
+    secrets:
+      - registry_auth_htpasswd
+    environment:
+      - "REGISTRY_AUTH=htpasswd"
+      - "REGISTRY_AUTH_HTPASSWD_REALM=basic-realm"
+      - "REGISTRY_AUTH_HTPASSWD_PATH=/run/secrets/registry_auth_htpasswd"
+      - "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry"
+      - "REGISTRY_HTTP_ADDR=localhost:5000"
+      # - "REGISTRY_HTTP_PREFIX=/my/nested/registry/"
+      - "REGISTRY_HTTP_HOST=https://registry.leaf.home.kappeh.org"
+      # - "REGISTRY_HTTP_DEBUG_ADDR=localhost:5001"
+      # - "REGISTRY_HTTP_DEBUG_PROMETHEUS_ENABLED=true"
+      # - "REGISTRY_HTTP_DEBUG_PROMETHEUS_PATH=/metrics"
+      - "OTEL_TRACES_EXPORTER=none"
+    networks:
+      - docker_registry_network
+    ports:
+      - 5000:5000
+    volumes:
+      - /mnt/docker_registry_2/data:/var/lib/registry:rw
+
+secrets:
+  registry_auth_htpasswd:
+    file: ./htpasswd
+
+networks:
+  docker_registry_network:
+    name: docker_registry_network
+

template.htpasswd

@@ -0,0 +1 @@
+${CFG_REGISTRY_AUTH_HTPASSWD}