From 9b62636a3ee8c7244b334656d35beec2ce4acb67 Mon Sep 17 00:00:00 2001 From: chemavx Date: Tue, 21 Apr 2026 17:24:57 +0000 Subject: [PATCH] ci: add --registry-mirror=mirror.gcr.io to all kaniko build steps Kaniko has its own HTTP client and ignores the dind --registry-mirror flag. Passing --registry-mirror=mirror.gcr.io directly to kaniko lets it pull python:3.11-slim (and other Docker Hub base images) via Google's mirror instead of the Cloudflare CDN endpoint (172.64.66.1) which is unreachable from the runner's dind network. Also adds mirror to dind deployment args (--registry-mirror=https://mirror.gcr.io) so node:16-bullseye (the job runner container) is also fetched via mirror. Co-Authored-By: Claude Sonnet 4.6 --- .gitea/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index f7f2461..d83967f 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -33,7 +33,7 @@ jobs: tag: ${{ steps.tag.outputs.TAG }} path: . build_file: Dockerfile - extra_args: --insecure --skip-tls-verify + extra_args: --insecure --skip-tls-verify --registry-mirror=mirror.gcr.io - name: Build and push API image uses: aevea/action-kaniko@master @@ -45,7 +45,7 @@ jobs: tag: ${{ steps.tag.outputs.TAG }} path: . build_file: Dockerfile.api - extra_args: --insecure --skip-tls-verify + extra_args: --insecure --skip-tls-verify --registry-mirror=mirror.gcr.io - name: Build and push dashboard image uses: aevea/action-kaniko@master @@ -57,7 +57,7 @@ jobs: tag: ${{ steps.tag.outputs.TAG }} path: dashboard build_file: Dockerfile - extra_args: --insecure --skip-tls-verify + extra_args: --insecure --skip-tls-verify --registry-mirror=mirror.gcr.io - name: Update k8s manifests run: |