From d430b9de20ee04770cd8f35096f663c6e63dae8d Mon Sep 17 00:00:00 2001
From: continuist <continuist02@gmail.com>
Date: Sat, 28 Jun 2025 20:15:12 -0400
Subject: [PATCH] Use registry config.yml from the project repository

---
 CI_CD_PIPELINE_SETUP_GUIDE.md | 41 +++++------------------------------
 1 file changed, 5 insertions(+), 36 deletions(-)

diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md
index db69cc7..e951b0d 100644
--- a/CI_CD_PIPELINE_SETUP_GUIDE.md
+++ b/CI_CD_PIPELINE_SETUP_GUIDE.md
@@ -443,40 +443,9 @@ sudo chown SERVICE_USER:SERVICE_USER /opt/registry
 # Switch to SERVICE_USER (registry directory owner)
 sudo su - SERVICE_USER
 
-cat > /opt/registry/config.yml << 'EOF'
-version: 0.1
-log:
-  level: info
-storage:
-  filesystem:
-    rootdirectory: /var/lib/registry
-  delete:
-    enabled: true
-  cache:
-    blobdescriptor: inmemory
-http:
-  addr: :5000
-  tls:
-    certificate: /etc/docker/registry/ssl/registry.crt
-    key: /etc/docker/registry/ssl/registry.key
-  headers:
-    X-Content-Type-Options: [nosniff]
-    X-Frame-Options: [DENY]
-    X-XSS-Protection: [1; mode=block]
-    Access-Control-Allow-Origin: ["*"]
-    Access-Control-Allow-Methods: ["HEAD", "GET", "OPTIONS", "DELETE"]
-    Access-Control-Allow-Headers: ["Authorization", "Content-Type", "Accept", "Accept-Encoding", "Accept-Language", "Cache-Control", "Connection", "DNT", "Pragma", "User-Agent"]
-  # Public read access, authentication required for push
-  auth:
-    htpasswd:
-      realm: basic-realm
-      path: /etc/docker/registry/auth/auth.htpasswd
-health:
-  storagedriver:
-    enabled: true
-    interval: 10s
-    threshold: 3
-EOF
+# The registry configuration file is already available in the repository
+# at /opt/APP_NAME/registry/config.yml
+# No manual configuration is needed - we'll use the file directly from the repository
 
 # Exit SERVICE_USER shell
 exit
@@ -488,9 +457,9 @@ exit
 - **Authenticated Push**: Only authenticated users can push images
 - **Security Headers**: Protects against common web vulnerabilities
 - **CORS Headers**: Allows the registry UI to access the registry API with all necessary headers
-- **No Secret Key**: The `secret` field was unnecessary and has been removed
+- **Delete Enabled**: Allows deletion of images for cleanup operations
 
-**Security Note**: We switch to SERVICE_USER because the registry directory is owned by SERVICE_USER, maintaining proper file ownership and security.
+**Security Note**: The configuration file is version controlled in the repository and will be used directly by the registry container.
 
 #### 4.2.1 Generate SSL Certificates