eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to
History
Erich Blume d7a10a9b1a Enable zot OIDC auth + accessControl, wire CI registry credentials 
Enable authentication on the zot registry with OIDC (via Authentik) and
API key support. Add three-tier accessControl: anonymous read, CI create
(artifact-workloads group), admin full access.

Wire both CI push paths with registry credentials:
- Dagger publish() gains optional registry_password/username params
- Nix/skopeo path adds --dest-creds to skopeo copy

The ZOT_CI_API_KEY secret flows from 1Password through the existing
forgejo_actions_secrets ansible role to both runners.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 09:13:30 -08:00
..
authentik Adopt commit-based container tags (#232) 2026-02-20 22:56:20 -08:00
configuration Review: update-documentation doc (#220) 2026-02-19 17:40:05 -08:00
deployment Adopt commit-based container tags (#232) 2026-02-20 22:56:20 -08:00
knowledgebase Replace Homepage Helm chart with kustomize manifests and custom Dockerfile (#221) 2026-02-19 18:29:19 -08:00
operations Review gandi-operations doc and reorganize how-to guides (#200) 2026-02-17 07:29:33 -08:00
plans Create C2 Mikado cards for harden-zot-registry (#229) 2026-02-20 17:56:25 -08:00
zot Enable zot OIDC auth + accessControl, wire CI registry credentials 2026-02-21 09:13:30 -08:00
agent-change-process.md Adopt commit-based container tags (#232) 2026-02-20 22:56:20 -08:00
how-to.md Add install-dagger-on-nix-runner Mikado card (#233) 2026-02-20 23:03:12 -08:00