- username: admin (was gitea.repository_owner — the org name, which fails
Gitea's per-scope token exchange during buildkit blob HEAD requests)
- :latest only on semver tag pushes (was every push to dev — dev pushes
don't carry semver tags so :latest just won't be re-emitted, which is
the right behavior for SHA-tracked dev deploys)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Change runner from runners-farhoodlabs to ubuntu-latest across all fork
workflows. Update container registry from ghcr.io to git.farh.net and
authenticate with REGISTRY_TOKEN. Migrate update-infra API calls from
GitHub to Gitea. Disable refresh-lockfile.yml (requires GitHub gh CLI).
Update CLAUDE.md references.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The self-hosted runner has been hitting context-deadline timeouts to
docker.io. The actual image push goes to GHCR, so the Docker Hub login
is only there to avoid pull rate limits. Mark it continue-on-error so
transient docker.io connectivity issues don't fail the whole build —
base image pulls fall back to anonymous and proceed.
Chris Farhood