Erich Blume
d7a10a9b1a
Enable authentication on the zot registry with OIDC (via Authentik) and API key support. Add three-tier accessControl: anonymous read, CI create (artifact-workloads group), admin full access. Wire both CI push paths with registry credentials: - Dagger publish() gains optional registry_password/username params - Nix/skopeo path adds --dest-creds to skopeo copy The ZOT_CI_API_KEY secret flows from 1Password through the existing forgejo_actions_secrets ansible role to both runners. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| add-container-version-sync-check.md | ||
| add-dagger-nix-build.md | ||
| adopt-commit-based-container-tags.md | ||
| enforce-tag-immutability.md | ||
| fix-ntfy-nix-version.md | ||
| harden-zot-registry.md | ||
| install-dagger-on-nix-runner.md | ||
| pin-container-versions.md | ||
| register-zot-oidc-client.md | ||
| wire-ci-registry-auth.md | ||