refactor: migrate container registry from 80.71.235.15:3000 to git.tx1138.com/lfg2025
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Has been cancelled

All hardcoded references to the old IP-based registry replaced across
Rust backend, Vue frontend, shell scripts, Dockerfiles, CI, and docs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-11 09:33:10 -04:00
parent ed4e95a914
commit c917814d32
23 changed files with 57 additions and 57 deletions

View File

@@ -4,7 +4,7 @@ use anyhow::{Context, Result};
/// Trusted Docker registries. Only images from these sources are allowed.
#[allow(dead_code)]
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "80.71.235.15:3000/"];
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/"];
/// Validate Docker image against trusted registry allowlist.
pub(super) fn is_valid_docker_image(image: &str) -> bool {
@@ -21,7 +21,7 @@ pub(super) fn is_valid_docker_image(image: &str) -> bool {
Some(r) => r,
None => return false,
};
matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "80.71.235.15:3000")
matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com")
}
/// Per-app Linux capabilities needed beyond the default cap-drop=ALL.

View File

@@ -987,7 +987,7 @@ autopilot.active=false\n",
.find(|d| std::path::Path::new(d).join("Dockerfile").exists())
.unwrap_or_else(|| ui_dir.to_string());
let image_base = image_base.to_string();
let registry = "80.71.235.15:3000/archipelago";
let registry = "git.tx1138.com/lfg2025";
let registry_image = format!("{}/{}:latest", registry, image_base);
let local_image = format!("localhost/{}:latest", image_base);
tokio::spawn(async move {

View File

@@ -49,7 +49,7 @@ async fn adopt_stack_if_exists(
})))
}
const REGISTRY: &str = "80.71.235.15:3000/archipelago";
const REGISTRY: &str = "git.tx1138.com/lfg2025";
/// Pull an image with retry and exponential backoff (3 attempts).
async fn pull_image_with_retry(image: &str) -> Result<()> {
@@ -116,9 +116,9 @@ impl RpcHandler {
}
let images = [
"80.71.235.15:3000/archipelago/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
"80.71.235.15:3000/archipelago/valkey:7-alpine",
"80.71.235.15:3000/archipelago/immich-server:release",
"git.tx1138.com/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
"git.tx1138.com/lfg2025/valkey:7-alpine",
"git.tx1138.com/lfg2025/immich-server:release",
];
for img in &images {
pull_image_with_retry(img).await?;
@@ -156,7 +156,7 @@ impl RpcHandler {
"POSTGRES_USER=postgres",
"-e",
"POSTGRES_DB=immich",
"80.71.235.15:3000/archipelago/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
"git.tx1138.com/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
])
.output()
.await;
@@ -172,7 +172,7 @@ impl RpcHandler {
"unless-stopped",
"--network",
"immich-net",
"80.71.235.15:3000/archipelago/valkey:7-alpine",
"git.tx1138.com/lfg2025/valkey:7-alpine",
])
.output()
.await;
@@ -204,7 +204,7 @@ impl RpcHandler {
"REDIS_HOSTNAME=immich_redis",
"-e",
"UPLOAD_LOCATION=/usr/src/app/upload",
"80.71.235.15:3000/archipelago/immich-server:release",
"git.tx1138.com/lfg2025/immich-server:release",
])
.output()
.await
@@ -237,11 +237,11 @@ impl RpcHandler {
}
let images = [
"80.71.235.15:3000/archipelago/postgres:15",
"80.71.235.15:3000/archipelago/valkey:8.1",
"80.71.235.15:3000/archipelago/penpot-backend:2.4",
"80.71.235.15:3000/archipelago/penpot-exporter:2.4",
"80.71.235.15:3000/archipelago/penpot-frontend:2.4",
"git.tx1138.com/lfg2025/postgres:15",
"git.tx1138.com/lfg2025/valkey:8.1",
"git.tx1138.com/lfg2025/penpot-backend:2.4",
"git.tx1138.com/lfg2025/penpot-exporter:2.4",
"git.tx1138.com/lfg2025/penpot-frontend:2.4",
];
for img in &images {
pull_image_with_retry(img).await?;
@@ -284,7 +284,7 @@ impl RpcHandler {
"POSTGRES_USER=penpot",
"-e",
"POSTGRES_PASSWORD=penpot",
"80.71.235.15:3000/archipelago/postgres:15",
"git.tx1138.com/lfg2025/postgres:15",
])
.output()
.await;
@@ -302,7 +302,7 @@ impl RpcHandler {
"penpot-net",
"-e",
"VALKEY_EXTRA_FLAGS=--maxmemory 128mb --maxmemory-policy volatile-lfu",
"80.71.235.15:3000/archipelago/valkey:8.1",
"git.tx1138.com/lfg2025/valkey:8.1",
])
.output()
.await;
@@ -338,7 +338,7 @@ impl RpcHandler {
"PENPOT_OBJECTS_STORAGE_FS_DIRECTORY=/opt/data/assets",
"-e",
"PENPOT_FLAGS=disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies",
"80.71.235.15:3000/archipelago/penpot-backend:2.4",
"git.tx1138.com/lfg2025/penpot-backend:2.4",
])
.output()
.await;
@@ -360,7 +360,7 @@ impl RpcHandler {
"PENPOT_PUBLIC_URI=http://penpot-frontend:8080",
"-e",
"PENPOT_REDIS_URI=redis://penpot-valkey/0",
"80.71.235.15:3000/archipelago/penpot-exporter:2.4",
"git.tx1138.com/lfg2025/penpot-exporter:2.4",
])
.output()
.await;
@@ -384,7 +384,7 @@ impl RpcHandler {
&format!("PENPOT_PUBLIC_URI=http://{}:9001", host_ip),
"-e",
"PENPOT_FLAGS=disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies",
"80.71.235.15:3000/archipelago/penpot-frontend:2.4",
"git.tx1138.com/lfg2025/penpot-frontend:2.4",
])
.output()
.await

View File

@@ -194,11 +194,11 @@ pub fn pinned_image_for_app(app_id: &str) -> Option<String> {
}
/// Extract version tag from a full image reference.
/// e.g. "80.71.235.15:3000/archipelago/lnd:v0.18.4-beta" → "v0.18.4-beta"
/// e.g. "git.tx1138.com/lfg2025/lnd:v0.18.4-beta" → "v0.18.4-beta"
/// Returns "latest" if no tag or tag is empty.
pub fn extract_version_from_image(image: &str) -> String {
// Split off the tag after the last colon, but only if it comes after the last slash
// (to avoid splitting on registry port like "80.71.235.15:3000")
// (to avoid splitting on registry port like "registry.example.com:3000")
if let Some(slash_pos) = image.rfind('/') {
let after_slash = &image[slash_pos..];
if let Some(colon_pos) = after_slash.rfind(':') {
@@ -259,11 +259,11 @@ mod tests {
#[test]
fn test_extract_version() {
assert_eq!(
extract_version_from_image("80.71.235.15:3000/archipelago/lnd:v0.18.4-beta"),
extract_version_from_image("git.tx1138.com/lfg2025/lnd:v0.18.4-beta"),
"v0.18.4-beta"
);
assert_eq!(
extract_version_from_image("80.71.235.15:3000/archipelago/grafana:10.2.0"),
extract_version_from_image("git.tx1138.com/lfg2025/grafana:10.2.0"),
"10.2.0"
);
assert_eq!(
@@ -271,7 +271,7 @@ mod tests {
"latest"
);
assert_eq!(
extract_version_from_image("80.71.235.15:3000/archipelago/bitcoin-knots:latest"),
extract_version_from_image("git.tx1138.com/lfg2025/bitcoin-knots:latest"),
"latest"
);
}
@@ -279,7 +279,7 @@ mod tests {
#[test]
fn test_parse_image_versions() {
let content = r#"
ARCHY_REGISTRY="80.71.235.15:3000/archipelago"
ARCHY_REGISTRY="git.tx1138.com/lfg2025"
LND_IMAGE="$ARCHY_REGISTRY/lnd:v0.18.4-beta"
GRAFANA_IMAGE="$ARCHY_REGISTRY/grafana:10.2.0"
# comment
@@ -288,11 +288,11 @@ NOT_AN_IMAGE="something"
let parsed = parse_image_versions(content);
assert_eq!(
parsed.get("LND_IMAGE"),
Some(&"80.71.235.15:3000/archipelago/lnd:v0.18.4-beta".to_string())
Some(&"git.tx1138.com/lfg2025/lnd:v0.18.4-beta".to_string())
);
assert_eq!(
parsed.get("GRAFANA_IMAGE"),
Some(&"80.71.235.15:3000/archipelago/grafana:10.2.0".to_string())
Some(&"git.tx1138.com/lfg2025/grafana:10.2.0".to_string())
);
assert!(!parsed.contains_key("NOT_AN_IMAGE"));
assert!(!parsed.contains_key("ARCHY_REGISTRY"));