Merge pull request #15 from dev

ci: disable proxy for ecr publish

.gitea/workflows/build-production-docker.yml

@@ -73,6 +73,8 @@ jobs:
           ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
         run: |
           set -euo pipefail
+          export HTTP_PROXY= HTTPS_PROXY= ALL_PROXY= http_proxy= https_proxy= all_proxy=
+
           caller_account_id="$(aws sts get-caller-identity --query Account --output text)"
           if [ "${caller_account_id}" != "${AWS_ACCOUNT_ID}" ]; then
             echo "AWS_ACCOUNT_ID does not match caller identity" >&2
@@ -91,11 +93,6 @@ jobs:
               --image-scanning-configuration scanOnPush=true \
               --encryption-configuration encryptionType=AES256 >/dev/null
 
-          aws ecr get-login-password --region "${AWS_REGION}" \
-            | docker login --username AWS --password-stdin "${ecr_registry}"
-
-          docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:latest"
-
           retry() {
             for attempt in 1 2 3; do
               if "$@"; then
@@ -107,6 +104,14 @@ jobs:
               sleep "$((attempt * 5))"
             done
           }
+
+          ecr_login() {
+            aws ecr get-login-password --region "${AWS_REGION}" \
+              | docker login --username AWS --password-stdin "${ecr_registry}"
+          }
+
+          retry ecr_login
+          docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:latest"
           retry docker push "${ecr_image}:latest"
 
           untagged_image_ids="$(aws ecr list-images \