eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/.forgejo/workflows
History
Erich Blume d7a10a9b1a Enable zot OIDC auth + accessControl, wire CI registry credentials 
Enable authentication on the zot registry with OIDC (via Authentik) and
API key support. Add three-tier accessControl: anonymous read, CI create
(artifact-workloads group), admin full access.

Wire both CI push paths with registry credentials:
- Dagger publish() gains optional registry_password/username params
- Nix/skopeo path adds --dest-creds to skopeo copy

The ZOT_CI_API_KEY secret flows from 1Password through the existing
forgejo_actions_secrets ansible role to both runners.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 09:13:30 -08:00
..
build-blumeops.yaml Eliminate double towncrier run in release workflow (#199) 2026-02-16 21:24:34 -08:00
build-container-nix.yaml Enable zot OIDC auth + accessControl, wire CI registry credentials 2026-02-21 09:13:30 -08:00
build-container.yaml Enable zot OIDC auth + accessControl, wire CI registry credentials 2026-02-21 09:13:30 -08:00
cv-deploy.yaml Add yq to forgejo-runner and replace sed YAML edits (#180) 2026-02-13 10:20:27 -08:00
deploy-fly.yaml Add Fly.io public reverse proxy for docs.eblu.me (#120) 2026-02-08 02:36:19 -08:00