Migrates auth .gitea/workflows/ci.yml deploy-dev and deploy-uat
jobs from direct 'git push origin main' to cartsnitch/infra to the
CAR-1195 PR-bump pattern (open + (attempt) auto-merge an infra PR;
never hard-fail on approval gate, per CAR-1216). Brings auth in line
with cartsnitch/cartsnitch and stops the red deploy-uat job on every
uat push.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
ci(uat): runner-native Docker build + fix deploy infra token (CAR-1237)
Reviewed and merged by Savannah (CTO). Byte-identical to proven main except the spec-mandated REGISTRY_TOKEN registry-login (CAR-1009 standard).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Change A: replace build-and-push with runner-native Docker (no DinD service container)
- Change B: deploy-dev/deploy-uat use secrets.GITEA_TOKEN for infra checkout
Co-Authored-By: Paperclip <noreply@paperclip.ing>
docker/login-action@v3 exits 1 against git.farh.net. Replace with a
direct docker login shell command using secrets.REGISTRY_TOKEN via
--password-stdin.
cc @cpfarhood
Replaces CI_GITEA_TOKEN (which lacks cross-repo access) with REGISTRY_TOKEN
for checkout of cartsnitch/infra in deploy-uat/deploy-dev jobs.
Fixes CAR-1147
Remove deploy-dev and deploy-uat CI jobs. CartSnitch uses Flux GitOps —
CI builds images, Flux deploys. These Actions-based deployment jobs were
added incorrectly in CAR-987.
Co-Authored-By: Barcode Betty <betty@cartsnitch>
The REGISTRY_TOKEN secret has write:package scope for git.farh.net.
This fixes the unauthorized error at docker login.
Related: CAR-1023 (REGISTRY_TOKEN setup), CAR-1009 (CI registry token standardization)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The github.token (automatic workflow token) in Gitea Actions
doesn't inherit packages:write permission for container registry.
Use the GITEA_TOKEN secret instead with direct docker login.
Ref: CAR-973, CAR-1009
docker/login-action@v3 fails with Gitea's automatic token.
Use direct docker login with github.token instead, which has
the necessary write:package scope for the container registry.
Related: CAR-1009 (CI registry token standardization)
Replace stale .farh.net subdomains with correct *.cartsnitch.com domains to fix
CORS Origin validation blocking UAT auth (403 on sign-up/sign-in).
Refs: CAR-992
Co-Authored-By: Paperclip <noreply@paperclip.ing>
chore: move workflows from .github to .gitea (#9)
Merge PR: barcode-betty/move-workflows-to-gitea -> dev
Reviewed-by: Savannah Savings (CTO)
QA-by: Checkout Charlie
Replace ${{ secrets.GITHUB_TOKEN }} with ${{ secrets.GITEA_TOKEN }}
for docker/login-action in Gitea Actions. GITHUB_TOKEN is not available
in Gitea Actions and was causing 'authentication required' failures for
ghcr.io push, leaving the auth service with a stale image on UAT.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Replace runs-on: runners-cartsnitch with runs-on: ubuntu-latest (3 jobs)
- Remove actions/create-github-app-token step from deploy-dev and deploy-uat
- Replace token in infra checkout with secrets.GITEA_TOKEN
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add .github/workflows/ci.yml with build/push and deploy-dev/uat jobs
- Add .grype.yaml with Python 3.12 CVE ignores
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Build and push Docker image to GHCR on push to main/dev/uat
- Generate CalVer tags on main branch
- Auto-deploy to dev and uat overlays via infra repo
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Barcode Betty
Savannah Savings
Savannah Savings
Chris Farhood