From 598155cd9d7623fff19d4e41d58e8f16371066d1 Mon Sep 17 00:00:00 2001 From: Evgeniy Frolov Date: Fri, 6 Dec 2024 18:07:53 +0300 Subject: [PATCH] chore(README): add working with container registry section in FAQ (#78) Signed-off-by: Evgeniy Frolov Co-authored-by: Aleksei Igrychev --- README.md | 36 +++++++++++++++++++++++++++++++++++- install/README.md | 2 +- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 170f147..631f934 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ___ This action allows you to organize CI/CD with GitHub Actions and [werf](https://github.com/werf/werf). -**Ready-to-use GitHub Actions Workflows** for different CI/CD workflows are available [here](https://werf.io/documentation/v1.2/advanced/ci_cd/github_actions.html#complete-set-of-configurations-for-ready-made-workflows). +**Ready-to-use GitHub Actions Workflows** for different CI/CD workflows are available [here](https://werf.io/guides/nodejs/400_ci_cd_workflow/040_github_actions.html). ## How to use @@ -30,6 +30,7 @@ converge: env: WERF_KUBECONFIG_BASE64: ${{ secrets.KUBE_CONFIG_BASE64_DATA }} WERF_ENV: production + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` ## Versioning @@ -72,6 +73,39 @@ By default, fetch-depth set to `1` which disables git history when checking out Setting `fetch-depth` to `0` enables full fetch of git history, and it is a **recommended** approach. It is also possible to limit fetch history with some decent number of commits, which would enable images caching limited to that number of commits, but this would have a negative impact on cache reproducibility. +### Working with container registry + +If there is a need to perform authorization using custom credentials or in an external container registry, then you have to use a ready-made action tailored to your container registry (or just run `werf cr login`). + +```yaml +converge: + name: Converge + runs-on: ubuntu-latest + steps: + + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install werf + uses: werf/actions/install@v2 + + - name: cr login + run: werf cr login -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }} registry.example.com + + - name: converge + run: werf converge + env: + WERF_KUBECONFIG_BASE64: ${{ secrets.KUBE_CONFIG_BASE64_DATA }} + WERF_ENV: production + WERF_REPO: registry.example.com/repo +``` + +> Environment variables **`WERF_REPO`** and **`GITHUB_TOKEN`** for converge should only be used if building images is required otherwise they can be omitted + +In the simplest case, if an [integrated GitHub Packages-like container registry](https://help.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-docker-for-use-with-github-packages) is used, then the authorization is performed automatically when the `werf ci-env` command is invoked. This command is run with several required arguments such as GitHub environment variables, the [`GITHUB_TOKEN` secret](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#about-the-github_token-secret) (you have to explicitly declare it). + ## License Apache License 2.0, see [LICENSE](LICENSE) diff --git a/install/README.md b/install/README.md index be3f253..c3068d9 100644 --- a/install/README.md +++ b/install/README.md @@ -63,6 +63,6 @@ werf: werf render werf converge env: - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} WERF_ENV: production ```