diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 9ab2243..47bd7bb 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -100,13 +100,31 @@ jobs: - name: Tag as branch-latest if: env.NEEDS_BUILD == 'true' run: | - skopeo copy \ - --src-creds="${{ gitea.actor }}:${{ secrets.PACKAGE_TOKEN }}" \ - --dest-creds="${{ gitea.actor }}:${{ secrets.PACKAGE_TOKEN }}" \ - --src-tls-verify=false \ - --dest-tls-verify=false \ - "docker://${{ env.REGISTRY }}/${{ env.FULL_IMAGE_PATH }}:${{ env.IMAGE_TAG }}" \ - "docker://${{ env.REGISTRY }}/${{ env.FULL_IMAGE_PATH }}:${{ env.BRANCH_TAG }}" + AUTH=$(echo -n "${{ gitea.actor }}:${{ secrets.PACKAGE_TOKEN }}" | base64 -w0) + REGISTRY_API="https://${{ env.REGISTRY }}/v2/${{ env.FULL_IMAGE_PATH }}" + + # Fetch the manifest (try OCI index first, then v2, then v1) + for MEDIA_TYPE in \ + "application/vnd.oci.image.index.v1+json" \ + "application/vnd.docker.distribution.manifest.list.v2+json" \ + "application/vnd.docker.distribution.manifest.v2+json" \ + "application/vnd.oci.image.manifest.v1+json"; do + MANIFEST=$(curl -sk \ + -H "Authorization: Basic $AUTH" \ + -H "Accept: $MEDIA_TYPE" \ + "${REGISTRY_API}/manifests/${{ env.IMAGE_TAG }}") + if echo "$MANIFEST" | grep -q '"mediaType"\|"schemaVersion"\|"manifests"\|"layers"'; then + break + fi + done + + echo "Manifest fetched, pushing as ${{ env.BRANCH_TAG }}..." + curl -sk -X PUT \ + -H "Authorization: Basic $AUTH" \ + -H "Content-Type: $MEDIA_TYPE" \ + -d "$MANIFEST" \ + "${REGISTRY_API}/manifests/${{ env.BRANCH_TAG }}" \ + -o /dev/null -w "HTTP %{http_code}\n" # 6. Deploy-Image festlegen # - Build passiert: SHA-Tag verwenden (exakt dieser Stand)