feat: add private Docker registry authentication for base images
All checks were successful
Check / check (pull_request) Successful in 3m34s
All checks were successful
Check / check (pull_request) Successful in 3m34s
Add per-app registry credentials that are passed to Docker during image builds, allowing apps to use base images from private registries. - New registry_credentials table (migration 007) - RegistryCredential model with full CRUD operations - Docker client passes AuthConfigs to ImageBuild when credentials exist - Deploy service fetches app registry credentials before builds - Web UI section for managing registry credentials (add/edit/delete) - Comprehensive unit tests for model and auth config builder - README updated to list the feature
This commit is contained in:
user
@@ -830,6 +830,13 @@ func (svc *Service) buildImage(
|
||||
logWriter := newDeploymentLogWriter(ctx, deployment)
|
||||
defer logWriter.Close()
|
||||
|
||||
// Fetch registry credentials for private base images
|
||||
registryAuths, err := svc.buildRegistryAuths(ctx, app)
|
||||
if err != nil {
|
||||
svc.log.Warn("failed to fetch registry credentials", "error", err, "app", app.Name)
|
||||
// Continue without auth — public images will still work
|
||||
}
|
||||
|
||||
// BuildImage creates a tar archive from the local filesystem,
|
||||
// so it needs the container path where files exist, not the host path.
|
||||
imageID, err := svc.docker.BuildImage(ctx, docker.BuildImageOptions{
|
||||
@@ -837,6 +844,7 @@ func (svc *Service) buildImage(
|
||||
DockerfilePath: app.DockerfilePath,
|
||||
Tags: []string{imageTag},
|
||||
LogWriter: logWriter,
|
||||
RegistryAuths: registryAuths,
|
||||
})
|
||||
if err != nil {
|
||||
svc.notify.NotifyBuildFailed(ctx, app, deployment, err)
|
||||
@@ -1229,6 +1237,34 @@ func (svc *Service) failDeployment(
|
||||
|
||||
// writeLogsToFile writes the deployment logs to a file on disk.
|
||||
// Structure: DataDir/logs/<hostname>/<appname>/<appname>_<sha>_<timestamp>.log.txt
|
||||
// buildRegistryAuths fetches registry credentials for an app and converts them
|
||||
// to Docker RegistryAuth objects for use during image builds.
|
||||
func (svc *Service) buildRegistryAuths(
|
||||
ctx context.Context,
|
||||
app *models.App,
|
||||
) ([]docker.RegistryAuth, error) {
|
||||
creds, err := app.GetRegistryCredentials(ctx)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get registry credentials: %w", err)
|
||||
}
|
||||
|
||||
if len(creds) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
auths := make([]docker.RegistryAuth, 0, len(creds))
|
||||
|
||||
for _, cred := range creds {
|
||||
auths = append(auths, docker.RegistryAuth{
|
||||
Registry: cred.Registry,
|
||||
Username: cred.Username,
|
||||
Password: cred.Password,
|
||||
})
|
||||
}
|
||||
|
||||
return auths, nil
|
||||
}
|
||||
|
||||
func (svc *Service) writeLogsToFile(app *models.App, deployment *models.Deployment) {
|
||||
if !deployment.Logs.Valid || deployment.Logs.String == "" {
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user