From f53d691de3afb67eb5d0d9d7c1134ef78b29cac2 Mon Sep 17 00:00:00 2001
From: Aleksandr Meshchriakov <avm@sh-inc.ru>
Date: Wed, 18 Feb 2026 14:09:53 +0100
Subject: [PATCH] =?UTF-8?q?CI:=20=D0=BE=D1=82=D0=BA=D0=BB=D1=8E=D1=87?=
 =?UTF-8?q?=D0=B8=D1=82=D1=8C=20proxy=20=D0=B4=D0=BB=D1=8F=20registry=20au?=
 =?UTF-8?q?th=20=D0=B8=20=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82=D1=8C?=
 =?UTF-8?q?=20NO=5FPROXY?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitea/workflows/ci-cd.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml
index b1e9b5b..7edc474 100644
--- a/.gitea/workflows/ci-cd.yml
+++ b/.gitea/workflows/ci-cd.yml
@@ -178,6 +178,13 @@ jobs:
           # Ensure token endpoint host resolves to internal network IP from runner.
           # Registry auth flow may redirect to ${GITEA_HOST} even when pushing to REGISTRY_HOST.
           echo "10.10.0.10 ${GITEA_HOST}" >> /etc/hosts
+          getent hosts "${GITEA_HOST}" || true
+
+          # Some runners have outbound proxy env configured; force direct access
+          # to internal registry/gitea hosts for auth flow.
+          unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY all_proxy ALL_PROXY
+          export NO_PROXY="${NO_PROXY:-},10.10.0.10,${GITEA_HOST}"
+          export no_proxy="${no_proxy:-},10.10.0.10,${GITEA_HOST}"
 
           echo "${REGISTRY_PASSWORD}" | ./crane auth login --insecure "${REGISTRY_HOST}" -u "${REGISTRY_USER}" --password-stdin