fix(ci): use REGISTRY_TOKEN for cross-repo infra checkout

Replaces CI_GITEA_TOKEN (which lacks cross-repo access) with REGISTRY_TOKEN for checkout of cartsnitch/infra in deploy-uat/deploy-dev jobs. Fixes CAR-1147
fix(ci): add DinD service to enable image builds (CAR-1042)
2026-06-02 10:07:31 +00:00 · 2026-05-30 08:56:47 +00:00 · 2026-05-25 23:15:07 +00:00 · 2026-05-25 22:53:44 +00:00 · 2026-05-25 21:28:19 +00:00 · 2026-05-25 21:27:53 +00:00
3 changed files with 14 additions and 7 deletions
@@ -0,0 +1 @@
+# CI trigger 20260525231507 - post-DinD verification (CAR-1042)
@@ -23,6 +23,13 @@ jobs:
  build-and-push:
    runs-on: ubuntu-latest
    if: github.event_name == 'push'
+    services:
+      docker:
+        image: docker:dind
+        privileged: true
+    env:
+      DOCKER_HOST: tcp://docker:2375
+      DOCKER_TLS_CERTDIR: ""
    outputs:
      calver_tag: ${{ steps.calver.outputs.version }}
      sha_tag: sha-${{ github.sha }}
@@ -43,11 +50,7 @@ jobs:
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"

      - name: Log in to Gitea Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITEA_TOKEN }}
+        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin

      - name: Extract metadata
        id: meta
@@ -81,7 +84,7 @@ jobs:
      - uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
-          token: ${{ secrets.GITEA_TOKEN }}
+          token: ${{ secrets.REGISTRY_TOKEN }}
          ref: main
          path: infra

@@ -120,7 +123,7 @@ jobs:
      - uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
-          token: ${{ secrets.GITEA_TOKEN }}
+          token: ${{ secrets.REGISTRY_TOKEN }}
          ref: main
          path: infra

@@ -115,6 +115,9 @@ export const auth = betterAuth({
  trustedOrigins: [
    "http://localhost:3000",
    "http://localhost:5173",
+    "https://cartsnitch.farh.net",
+    "https://cartsnitch.dev.farh.net",
+    "https://cartsnitch.uat.farh.net",
    "https://cartsnitch.com",
    "https://dev.cartsnitch.com",
    "https://uat.cartsnitch.com",
Author	SHA1	Message	Date
Flea Flicker	1099037db1	fix(ci): use REGISTRY_TOKEN for cross-repo infra checkout CI / build-and-push (push) Failing after 8s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details Replaces CI_GITEA_TOKEN (which lacks cross-repo access) with REGISTRY_TOKEN for checkout of cartsnitch/infra in deploy-uat/deploy-dev jobs. Fixes CAR-1147	2026-06-02 10:07:31 +00:00
Flea Flicker	8c37c764e9	fix(ci): add DinD service to enable image builds (CAR-1042) CI / build-and-push (push) Failing after 15s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-30 08:56:47 +00:00
Flea Flicker	6f392bbbed	test(ci): trigger CI after DinD fix (CAR-1042) CI / build-and-push (push) Failing after 5s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-25 23:15:07 +00:00
Barcode Betty	4a63bc1da8	fix(ci): apply CAR-985 and CAR-986 fixes to uat CI / build-and-push (push) Failing after 5s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-25 22:53:44 +00:00
Savannah Savings	ca423073f1	Merge pull request 'Promote dev to uat (CAR-1034 - auth *.farh.net trustedOrigins fix)' (#27 ) from dev into uat CI / build-and-push (push) Failing after 7s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-25 21:28:19 +00:00
Savannah Savings	d066c14d4b	Merge pull request 'Add *.farh.net origins to trustedOrigins (CAR-1034)' (#26 ) from betty/car-1034-trustedorigins-fix into dev CI / build-and-push (push) Failing after 8s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details	2026-05-25 21:27:53 +00:00
Barcode Betty	23ab939d2f	Add .farh.net origins back to trustedOrigins CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Fixes 403 errors on UAT auth endpoints (cartsnitch.uat.farh.net). The previous change removed .farh.net origins causing Better Auth to reject requests from UAT environment. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-25 09:43:43 +00:00
Savannah Savings	8bf80a9890	fix(ci): use REGISTRY_TOKEN for container registry auth (CAR-973) CI / build-and-push (push) Failing after 7s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details The REGISTRY_TOKEN secret has write:package scope for git.farh.net. This fixes the unauthorized error at docker login. Related: CAR-1023 (REGISTRY_TOKEN setup), CAR-1009 (CI registry token standardization) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-25 00:04:25 +00:00
Savannah Savings	359d108fee	Merge pull request 'ci: use REGISTRY_TOKEN for docker login (CAR-1024)' (#24 ) from car-1023-use-registry-token into dev CI / build-and-push (push) Failing after 6s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-24 20:52:35 +00:00
Barcode Betty	f0291e8827	ci: use REGISTRY_TOKEN instead of GITEA_TOKEN for docker login (CAR-1024) CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-24 20:46:48 +00:00
Savannah Savings	a520a65f1b	fix(ci): use GITEA_TOKEN secret for docker login CI / build-and-push (push) Failing after 4s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details The github.token (automatic workflow token) in Gitea Actions doesn't inherit packages:write permission for container registry. Use the GITEA_TOKEN secret instead with direct docker login. Ref: CAR-973, CAR-1009	2026-05-24 20:38:35 +00:00
Savannah Savings	bb8d7f159c	fix(ci): use direct docker login with github.token for registry auth (CAR-973) CI / build-and-push (push) Failing after 6s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details docker/login-action@v3 fails with Gitea's automatic token. Use direct docker login with github.token instead, which has the necessary write:package scope for the container registry. Related: CAR-1009 (CI registry token standardization)	2026-05-24 20:37:22 +00:00
Barcode Betty	a92f578dcf	chore: re-trigger CI after DNS fix (CAR-968) CI / build-and-push (push) Failing after 5s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-24 20:34:39 +00:00
				`@@ -0,0 +1 @@`
				`# CI trigger 20260525231507 - post-DinD verification (CAR-1042)`