refactor: migrate container registry from 80.71.235.15:3000 to git.tx1138.com/lfg2025
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Has been cancelled
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Has been cancelled
All hardcoded references to the old IP-based registry replaced across Rust backend, Vue frontend, shell scripts, Dockerfiles, CI, and docs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -4,7 +4,7 @@ use anyhow::{Context, Result};
|
||||
|
||||
/// Trusted Docker registries. Only images from these sources are allowed.
|
||||
#[allow(dead_code)]
|
||||
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "80.71.235.15:3000/"];
|
||||
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/"];
|
||||
|
||||
/// Validate Docker image against trusted registry allowlist.
|
||||
pub(super) fn is_valid_docker_image(image: &str) -> bool {
|
||||
@@ -21,7 +21,7 @@ pub(super) fn is_valid_docker_image(image: &str) -> bool {
|
||||
Some(r) => r,
|
||||
None => return false,
|
||||
};
|
||||
matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "80.71.235.15:3000")
|
||||
matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com")
|
||||
}
|
||||
|
||||
/// Per-app Linux capabilities needed beyond the default cap-drop=ALL.
|
||||
|
||||
@@ -987,7 +987,7 @@ autopilot.active=false\n",
|
||||
.find(|d| std::path::Path::new(d).join("Dockerfile").exists())
|
||||
.unwrap_or_else(|| ui_dir.to_string());
|
||||
let image_base = image_base.to_string();
|
||||
let registry = "80.71.235.15:3000/archipelago";
|
||||
let registry = "git.tx1138.com/lfg2025";
|
||||
let registry_image = format!("{}/{}:latest", registry, image_base);
|
||||
let local_image = format!("localhost/{}:latest", image_base);
|
||||
tokio::spawn(async move {
|
||||
|
||||
@@ -49,7 +49,7 @@ async fn adopt_stack_if_exists(
|
||||
})))
|
||||
}
|
||||
|
||||
const REGISTRY: &str = "80.71.235.15:3000/archipelago";
|
||||
const REGISTRY: &str = "git.tx1138.com/lfg2025";
|
||||
|
||||
/// Pull an image with retry and exponential backoff (3 attempts).
|
||||
async fn pull_image_with_retry(image: &str) -> Result<()> {
|
||||
@@ -116,9 +116,9 @@ impl RpcHandler {
|
||||
}
|
||||
|
||||
let images = [
|
||||
"80.71.235.15:3000/archipelago/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
"80.71.235.15:3000/archipelago/valkey:7-alpine",
|
||||
"80.71.235.15:3000/archipelago/immich-server:release",
|
||||
"git.tx1138.com/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
"git.tx1138.com/lfg2025/valkey:7-alpine",
|
||||
"git.tx1138.com/lfg2025/immich-server:release",
|
||||
];
|
||||
for img in &images {
|
||||
pull_image_with_retry(img).await?;
|
||||
@@ -156,7 +156,7 @@ impl RpcHandler {
|
||||
"POSTGRES_USER=postgres",
|
||||
"-e",
|
||||
"POSTGRES_DB=immich",
|
||||
"80.71.235.15:3000/archipelago/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
"git.tx1138.com/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -172,7 +172,7 @@ impl RpcHandler {
|
||||
"unless-stopped",
|
||||
"--network",
|
||||
"immich-net",
|
||||
"80.71.235.15:3000/archipelago/valkey:7-alpine",
|
||||
"git.tx1138.com/lfg2025/valkey:7-alpine",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -204,7 +204,7 @@ impl RpcHandler {
|
||||
"REDIS_HOSTNAME=immich_redis",
|
||||
"-e",
|
||||
"UPLOAD_LOCATION=/usr/src/app/upload",
|
||||
"80.71.235.15:3000/archipelago/immich-server:release",
|
||||
"git.tx1138.com/lfg2025/immich-server:release",
|
||||
])
|
||||
.output()
|
||||
.await
|
||||
@@ -237,11 +237,11 @@ impl RpcHandler {
|
||||
}
|
||||
|
||||
let images = [
|
||||
"80.71.235.15:3000/archipelago/postgres:15",
|
||||
"80.71.235.15:3000/archipelago/valkey:8.1",
|
||||
"80.71.235.15:3000/archipelago/penpot-backend:2.4",
|
||||
"80.71.235.15:3000/archipelago/penpot-exporter:2.4",
|
||||
"80.71.235.15:3000/archipelago/penpot-frontend:2.4",
|
||||
"git.tx1138.com/lfg2025/postgres:15",
|
||||
"git.tx1138.com/lfg2025/valkey:8.1",
|
||||
"git.tx1138.com/lfg2025/penpot-backend:2.4",
|
||||
"git.tx1138.com/lfg2025/penpot-exporter:2.4",
|
||||
"git.tx1138.com/lfg2025/penpot-frontend:2.4",
|
||||
];
|
||||
for img in &images {
|
||||
pull_image_with_retry(img).await?;
|
||||
@@ -284,7 +284,7 @@ impl RpcHandler {
|
||||
"POSTGRES_USER=penpot",
|
||||
"-e",
|
||||
"POSTGRES_PASSWORD=penpot",
|
||||
"80.71.235.15:3000/archipelago/postgres:15",
|
||||
"git.tx1138.com/lfg2025/postgres:15",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -302,7 +302,7 @@ impl RpcHandler {
|
||||
"penpot-net",
|
||||
"-e",
|
||||
"VALKEY_EXTRA_FLAGS=--maxmemory 128mb --maxmemory-policy volatile-lfu",
|
||||
"80.71.235.15:3000/archipelago/valkey:8.1",
|
||||
"git.tx1138.com/lfg2025/valkey:8.1",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -338,7 +338,7 @@ impl RpcHandler {
|
||||
"PENPOT_OBJECTS_STORAGE_FS_DIRECTORY=/opt/data/assets",
|
||||
"-e",
|
||||
"PENPOT_FLAGS=disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies",
|
||||
"80.71.235.15:3000/archipelago/penpot-backend:2.4",
|
||||
"git.tx1138.com/lfg2025/penpot-backend:2.4",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -360,7 +360,7 @@ impl RpcHandler {
|
||||
"PENPOT_PUBLIC_URI=http://penpot-frontend:8080",
|
||||
"-e",
|
||||
"PENPOT_REDIS_URI=redis://penpot-valkey/0",
|
||||
"80.71.235.15:3000/archipelago/penpot-exporter:2.4",
|
||||
"git.tx1138.com/lfg2025/penpot-exporter:2.4",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -384,7 +384,7 @@ impl RpcHandler {
|
||||
&format!("PENPOT_PUBLIC_URI=http://{}:9001", host_ip),
|
||||
"-e",
|
||||
"PENPOT_FLAGS=disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies",
|
||||
"80.71.235.15:3000/archipelago/penpot-frontend:2.4",
|
||||
"git.tx1138.com/lfg2025/penpot-frontend:2.4",
|
||||
])
|
||||
.output()
|
||||
.await
|
||||
|
||||
@@ -194,11 +194,11 @@ pub fn pinned_image_for_app(app_id: &str) -> Option<String> {
|
||||
}
|
||||
|
||||
/// Extract version tag from a full image reference.
|
||||
/// e.g. "80.71.235.15:3000/archipelago/lnd:v0.18.4-beta" → "v0.18.4-beta"
|
||||
/// e.g. "git.tx1138.com/lfg2025/lnd:v0.18.4-beta" → "v0.18.4-beta"
|
||||
/// Returns "latest" if no tag or tag is empty.
|
||||
pub fn extract_version_from_image(image: &str) -> String {
|
||||
// Split off the tag after the last colon, but only if it comes after the last slash
|
||||
// (to avoid splitting on registry port like "80.71.235.15:3000")
|
||||
// (to avoid splitting on registry port like "registry.example.com:3000")
|
||||
if let Some(slash_pos) = image.rfind('/') {
|
||||
let after_slash = &image[slash_pos..];
|
||||
if let Some(colon_pos) = after_slash.rfind(':') {
|
||||
@@ -259,11 +259,11 @@ mod tests {
|
||||
#[test]
|
||||
fn test_extract_version() {
|
||||
assert_eq!(
|
||||
extract_version_from_image("80.71.235.15:3000/archipelago/lnd:v0.18.4-beta"),
|
||||
extract_version_from_image("git.tx1138.com/lfg2025/lnd:v0.18.4-beta"),
|
||||
"v0.18.4-beta"
|
||||
);
|
||||
assert_eq!(
|
||||
extract_version_from_image("80.71.235.15:3000/archipelago/grafana:10.2.0"),
|
||||
extract_version_from_image("git.tx1138.com/lfg2025/grafana:10.2.0"),
|
||||
"10.2.0"
|
||||
);
|
||||
assert_eq!(
|
||||
@@ -271,7 +271,7 @@ mod tests {
|
||||
"latest"
|
||||
);
|
||||
assert_eq!(
|
||||
extract_version_from_image("80.71.235.15:3000/archipelago/bitcoin-knots:latest"),
|
||||
extract_version_from_image("git.tx1138.com/lfg2025/bitcoin-knots:latest"),
|
||||
"latest"
|
||||
);
|
||||
}
|
||||
@@ -279,7 +279,7 @@ mod tests {
|
||||
#[test]
|
||||
fn test_parse_image_versions() {
|
||||
let content = r#"
|
||||
ARCHY_REGISTRY="80.71.235.15:3000/archipelago"
|
||||
ARCHY_REGISTRY="git.tx1138.com/lfg2025"
|
||||
LND_IMAGE="$ARCHY_REGISTRY/lnd:v0.18.4-beta"
|
||||
GRAFANA_IMAGE="$ARCHY_REGISTRY/grafana:10.2.0"
|
||||
# comment
|
||||
@@ -288,11 +288,11 @@ NOT_AN_IMAGE="something"
|
||||
let parsed = parse_image_versions(content);
|
||||
assert_eq!(
|
||||
parsed.get("LND_IMAGE"),
|
||||
Some(&"80.71.235.15:3000/archipelago/lnd:v0.18.4-beta".to_string())
|
||||
Some(&"git.tx1138.com/lfg2025/lnd:v0.18.4-beta".to_string())
|
||||
);
|
||||
assert_eq!(
|
||||
parsed.get("GRAFANA_IMAGE"),
|
||||
Some(&"80.71.235.15:3000/archipelago/grafana:10.2.0".to_string())
|
||||
Some(&"git.tx1138.com/lfg2025/grafana:10.2.0".to_string())
|
||||
);
|
||||
assert!(!parsed.contains_key("NOT_AN_IMAGE"));
|
||||
assert!(!parsed.contains_key("ARCHY_REGISTRY"));
|
||||
|
||||
Reference in New Issue
Block a user