Configuring Container Registry

Overview

The Continuous Delivery system can be configured to publish container images to GitHub Container Registry or other container registry (e.g. Quay.io). This can be done by creating the following GitHub variables and secrets:

• Variables:

  • REGISTRY (e.g. quay.io)

  • REGISTRY_NAMESPACE (e.g. dogtagpki)

• Secrets:

  • REGISTRY_USERNAME (e.g. robot account name)

  • REGISTRY_PASSWORD (e.g. robot account token)

To reset the configuration simply remove the variables and secrets.

Availability: Since PKI 11.4

Creating Repository in Quay.io

• Go to Account Settings → Repositories.

• Click Create New Repository.

• Enter a name for the repository (e.g. pki-dist).

• Select Public.

• Click Create Public Repository.

Creating Robot Account in Quay.io

• Go to Account Settings → Robot Accounts.

• Click Create Robot Account.

• Enter a name for the robot account (e.g. github).

• Click Create robot account.

• Provide Write permissions to the relevant repositories (e.g. pki-dist).

• Click Add permissions.

Getting Robot Account Token in Quay.io

• Go to Account Settings → Robot Accounts.

• Click the robot account name (e.g. dogtagpki+github).

• Click Robot Account.

• Copy the robot account token.

Configuring Container Registry in GitHub

• Go to Settings → Secrets and variables → Actions.

• Click New repository secret.

• Add REGISTRY_USERNAME and REGISTRY_PASSWORD secrets.

• Click Variables tab.

• Click New repository variable.

• Add REGISTRY and REGISTRY_NAMESPACE variables.

Resetting Container Registry Configuration in GitHub

• Go to Settings → Secrets and variables → Actions.

• Click Remove secret next to REGISTRY_USERNAME and REGISTRY_PASSWORD.

• Click Variables tab.

• Click Delete variable next to REGISTRY and REGISTRY_NAMESPACE.