# Docker Registry Configuration Guide

## Setting up Docker Registry Secrets in Drone

To use a private Docker registry, you need to configure secrets in Drone. Here's how:

### 1. Create Secrets in Drone UI

Go to `https://drone.aipice.local` → Your Repository → Settings → Secrets

Create these secrets:

```bash
# For Docker Hub:
docker_username = your-dockerhub-username
docker_password = your-dockerhub-password  
docker_registry = docker.io

# For GitHub Container Registry:
docker_username = your-github-username
docker_password = your-github-token
docker_registry = ghcr.io

# For Harbor/Private Registry:
docker_username = your-harbor-username
docker_password = your-harbor-password
docker_registry = harbor.example.com
```

### 2. Alternative: CLI Method

```bash
# Install drone CLI first
curl -L https://github.com/harness/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
sudo install -t /usr/local/bin drone

# Set server and token
export DRONE_SERVER=https://drone.aipice.local
export DRONE_TOKEN=your-drone-token

# Create secrets
drone secret add --repository AIPICE/auth-service --name docker_username --data "your-username"
drone secret add --repository AIPICE/auth-service --name docker_password --data "your-password"
drone secret add --repository AIPICE/auth-service --name docker_registry --data "docker.io"
```

### 3. Update version.conf for Different Registries

```bash
# For Docker Hub:
DOCKER_REPO=yourusername/auth-service

# For GitHub Container Registry:
DOCKER_REPO=ghcr.io/yourusername/auth-service

# For Harbor:
DOCKER_REPO=harbor.example.com/project/auth-service

# For Local Registry:
DOCKER_REPO=registry.aipice.local/auth-service
```

### 4. Generated Docker Tags

With `BASE_VERSION=1.0` in version.conf, your images will be tagged as:
- `yourusername/auth-service:1.0.123` (where 123 is the build number)
- `ghcr.io/yourusername/auth-service:1.0.456`
- etc.

### 5. Troubleshooting

If push fails:
1. Check secrets are properly set in Drone UI
2. Verify registry URL format
3. Ensure credentials have push permissions
4. Check registry accepts the image format

### 6. Test Authentication

You can test manually:
```bash
kubectl exec buildah-pod -- buildah login -u username -p password registry.example.com
```