feat(forgejo-runner): configure auth for Harbor registry

2025-03-27 18:14:18 +01:00 · 2025-03-27 18:14:18 +01:00 · 144f27a9e9
commit 144f27a9e9
parent c6590603dc
2 changed files with 27 additions and 0 deletions
--- a/configs/ci-runner/docker-rootless-config.json
+++ b/configs/ci-runner/docker-rootless-config.json
@ -0,0 +1,8 @@
+{
+  "auths": {
+    "registry.icb4dc0.de": {
+      "auth": "${registry_auth}"
+    }
+  },
+  "currentContext": "rootless"
+}
--- a/forgejo-runner_machines.tf
+++ b/forgejo-runner_machines.tf
@ -73,6 +73,16 @@ data "azurerm_key_vault_secret" "runner_secret" {
  key_vault_id = azurerm_key_vault.forgejo_runners.id
 }

+data "azurerm_key_vault_secret" "harbor_minion_username" {
+  name         = "harbor-minion-username"
+  key_vault_id = azurerm_key_vault.hetzner.id
+}
+
+data "azurerm_key_vault_secret" "harbor_minion_token" {
+  name         = "harbor-minion-token"
+  key_vault_id = azurerm_key_vault.hetzner.id
+}
+
 data "cloudinit_config" "runner_config" {
  for_each      = var.forgejo_runners
  gzip          = true
@ -177,6 +187,15 @@ data "cloudinit_config" "runner_config" {
            owner: runner:runner
            permissions: "0640"
            defer: true
+
+          - encoding: gzip+base64
+            content: ${base64gzip(templatefile("configs/ci-runner/docker-rootless-config.json", {
+              registry_auth: base64encode("${data.azurerm_key_vault_secret.harbor_minion_username.value}:${data.azurerm_key_vault_secret.harbor_minion_token.value}")
+}))}
+            path: /var/lib/runner/.docker/config.json
+            owner: runner:runner
+            permissions: "0640"
+            defer: true
    EOF
 }