blumeops

History

Erich Blume d7a10a9b1a Enable zot OIDC auth + accessControl, wire CI registry credentials Enable authentication on the zot registry with OIDC (via Authentik) and API key support. Add three-tier accessControl: anonymous read, CI create (artifact-workloads group), admin full access. Wire both CI push paths with registry credentials: - Dagger publish() gains optional registry_password/username params - Nix/skopeo path adds --dest-creds to skopeo copy The ZOT_CI_API_KEY secret flows from 1Password through the existing forgejo_actions_secrets ansible role to both runners. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 09:13:30 -08:00
..
apps	Deploy Authentik identity provider (C2 Mikado) (#227 )	2026-02-20 12:55:59 -08:00
manifests	Enable zot OIDC auth + accessControl, wire CI registry credentials	2026-02-21 09:13:30 -08:00

Erich Blume d7a10a9b1a Enable zot OIDC auth + accessControl, wire CI registry credentials

Enable authentication on the zot registry with OIDC (via Authentik) and
API key support. Add three-tier accessControl: anonymous read, CI create
(artifact-workloads group), admin full access.

Wire both CI push paths with registry credentials:
- Dagger publish() gains optional registry_password/username params
- Nix/skopeo path adds --dest-creds to skopeo copy

The ZOT_CI_API_KEY secret flows from 1Password through the existing
forgejo_actions_secrets ansible role to both runners.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-21 09:13:30 -08:00

apps

Deploy Authentik identity provider (C2 Mikado) (#227 )

2026-02-20 12:55:59 -08:00

manifests

Enable zot OIDC auth + accessControl, wire CI registry credentials

2026-02-21 09:13:30 -08:00