I’m running self-hosted Gitea with 4 runners in containers. For the longest time I’ve run a vanilla Docker registry with a self-signed cert and CA. I’ve been able to use the docker actions (e.g. setup-buildx-action, login-action, build-push-action) to build container images and push to my registry without any issues. The CA is pushed into the runner containers and is available for setup-buildx-action.
Recently I stood up a self-hosted instance of Harbor, again with a self-signed cert under the same CA. I thought it would be seamless to push to Harbor instead of my existing registry, but alas the build-push-action is consistently failing and complaining about the Harbor registry’s cert:
#8 exporting to image
#8 exporting layers
#8 exporting layers 3.1s done
#8 exporting manifest sha256:6cabbf5a6f392b27cca7ac6aab7fb71f83088911464607858ab9ea1b3e392296 done
#8 exporting config sha256:96e83991f20e6a1b719869ac5f8de08a16077701cfb7c5bd1e5f04b6680229bb done
#8 exporting attestation manifest sha256:60677a1c42ce0239825d4c30480f300bef14b7c93a89dbf694a4ddc4c527429a 0.0s done
#8 exporting manifest list sha256:e0c532dcd340bcce19fc20c466a81d9309b186269be78a2dbfe5bef44db6c68f 0.0s done
#8 pushing layers
#8 pushing layers 0.1s done
#8 ERROR: failed to push harbor.***.io/test/threadtest:latest: failed to authorize: failed to fetch oauth token: Post "https://harbor.***.io/service/token": tls: failed to verify certificate: x509: certificate signed by unknown authority
#9 [auth] test/threadtest:pull,push token for harbor.***.io
#9 DONE 0.0s
#10 [auth] test/threadtest:pull,push token for harbor.***.io
#10 DONE 0.0s
I can manually do the equivalent steps with docker buildx to create the image and push to Harbor, so I think it’s something with the docker actions. That being said there are a lot of moving parts 
and a lot of chances for pilot error.
Has anyone done this successfully?