devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use registry config.yml from the project repository
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-28 20:15:12 -04:00
parent 853b92edc4
commit d430b9de20
1 changed files with 5 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -443,40 +443,9 @@ sudo chown SERVICE_USER:SERVICE_USER /opt/registry
# Switch to SERVICE_USER (registry directory owner) # Switch to SERVICE_USER (registry directory owner)
sudo su - SERVICE_USER sudo su - SERVICE_USER
cat > /opt/registry/config.yml << 'EOF' # The registry configuration file is already available in the repository
version: 0.1 # at /opt/APP_NAME/registry/config.yml
log: # No manual configuration is needed - we'll use the file directly from the repository
level: info
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
http:
addr: :5000
tls:
certificate: /etc/docker/registry/ssl/registry.crt
key: /etc/docker/registry/ssl/registry.key
headers:
X-Content-Type-Options: [nosniff]
X-Frame-Options: [DENY]
X-XSS-Protection: [1; mode=block]
Access-Control-Allow-Origin: ["*"]
Access-Control-Allow-Methods: ["HEAD", "GET", "OPTIONS", "DELETE"]
Access-Control-Allow-Headers: ["Authorization", "Content-Type", "Accept", "Accept-Encoding", "Accept-Language", "Cache-Control", "Connection", "DNT", "Pragma", "User-Agent"]
# Public read access, authentication required for push
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/auth/auth.htpasswd
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
EOF
# Exit SERVICE_USER shell # Exit SERVICE_USER shell
exit exit
@ -488,9 +457,9 @@ exit
- **Authenticated Push**: Only authenticated users can push images - **Authenticated Push**: Only authenticated users can push images
- **Security Headers**: Protects against common web vulnerabilities - **Security Headers**: Protects against common web vulnerabilities
- **CORS Headers**: Allows the registry UI to access the registry API with all necessary headers - **CORS Headers**: Allows the registry UI to access the registry API with all necessary headers
- **No Secret Key**: The `secret` field was unnecessary and has been removed - **Delete Enabled**: Allows deletion of images for cleanup operations
**Security Note**: We switch to SERVICE_USER because the registry directory is owned by SERVICE_USER, maintaining proper file ownership and security. **Security Note**: The configuration file is version controlled in the repository and will be used directly by the registry container.
#### 4.2.1 Generate SSL Certificates #### 4.2.1 Generate SSL Certificates