From e86efd107aa32889b6ea41e11b397b3e77d9e2d3 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Thu, 7 May 2026 17:21:39 +0000 Subject: [PATCH] [forgejo] Migration script: exclude empty repos, all-images full mode Updated to handle the actual situation: wealthfolio-sync and fire-planner have registry repos but no tags (broken/abandoned deployments). Skip those with a SKIP marker. Migrate everything else as a stop-gap until Woodpecker pipelines start producing Forgejo images on their own. The image list now covers all private images currently in scope. --- scripts/forgejo-migrate-orphan-images.sh | 51 +++++++++++++++++------- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/scripts/forgejo-migrate-orphan-images.sh b/scripts/forgejo-migrate-orphan-images.sh index d1ac19eb..2bd77e35 100755 --- a/scripts/forgejo-migrate-orphan-images.sh +++ b/scripts/forgejo-migrate-orphan-images.sh @@ -1,17 +1,21 @@ #!/usr/bin/env bash -# One-shot migration of orphan images that have no CI pipeline producing them. +# One-shot migration of every private image on registry.viktorbarzin.me to +# Forgejo. Used as a stop-gap when the dual-push CI pipelines aren't +# producing Forgejo images on their own (Forgejo-Woodpecker forge driver +# context-deadline-exceeded issue, see bd code-d3y / 2026-05-07). # -# Some images on registry.viktorbarzin.me:5050 were built ad-hoc and there's -# no Dockerfile or pipeline to reproduce them — fire-planner (until this -# session added one), wealthfolio-sync. This script pulls each orphan from -# registry.viktorbarzin.me, retags for Forgejo, and pushes — preserving the -# blob bytes verbatim so the cluster can flip image= without a rebuild. +# Pulls each image from registry.viktorbarzin.me, retags, pushes to +# forgejo.viktorbarzin.me/viktor/: — preserving the blob bytes +# verbatim so the cluster can flip image= without a rebuild. # # Run from any host with docker + network reach to BOTH registries. Auth # from `docker login` (~/.docker/config.json) — make sure both registries # are logged in: # docker login registry.viktorbarzin.me -u viktorbarzin -# docker login forgejo.viktorbarzin.me -u ci-pusher +# docker login forgejo.viktorbarzin.me -u viktor # use viktor PAT, not ci-pusher +# +# (ci-pusher CANNOT push to viktor/ — Forgejo container packages +# are scoped to the pushing user. Only viktor's PAT can write to viktor/*.) # # After the script, the new image lives at # forgejo.viktorbarzin.me/viktor/: @@ -23,11 +27,24 @@ set -euo pipefail OLD_REG=registry.viktorbarzin.me NEW_REG=forgejo.viktorbarzin.me/viktor -# Image list: :. Add new entries as orphans surface. +# Image list: :. Generated 2026-05-07 from `grep -rEn 'image\s*=\s* +# "registry\.viktorbarzin\.me'` across infra/stacks/. +# +# Excluded: +# - wealthfolio-sync: registry repo exists but has 0 tags (CronJob has been +# broken for 36+ days, separate decision needed). User to triage before +# migration. +# - fire-planner: registry repo exists but has 0 tags. Dockerfile + CI added +# in this session (commit 8b53d99e); rebuild via Woodpecker before flipping. IMAGES=( - "wealthfolio-sync:latest" - "fire-planner:latest" "chrome-service-novnc:v4" + "chrome-service-novnc:latest" + "payslip-ingest:latest" + "job-hunter:latest" + "claude-agent-service:latest" + "freedify:latest" + "beadboard:latest" + "infra-ci:latest" ) for img in "${IMAGES[@]}"; do @@ -35,17 +52,23 @@ for img in "${IMAGES[@]}"; do src="$OLD_REG/$img" dst="$NEW_REG/$img" - echo " pull $src" - docker pull "$src" + if ! docker pull "$src" 2>&1 | tee /tmp/pull-$$ | grep -q 'Status: '; then + if grep -q 'not found' /tmp/pull-$$; then + echo " SKIP — image not present in source registry" + rm -f /tmp/pull-$$ + continue + fi + fi + rm -f /tmp/pull-$$ echo " tag → $dst" docker tag "$src" "$dst" echo " push $dst" - docker push "$dst" + docker push "$dst" 2>&1 | tail -2 echo " cleanup local copy" - docker rmi "$src" "$dst" || true + docker rmi "$src" "$dst" 2>&1 | tail -1 || true done echo ""