Commit Graph

8 Commits

Author SHA1 Message Date
Chris Farhood 562693197a ci(dev): apply same registry-auth and tag-pattern fixes as build-prod
Build: Production / build (push) Successful in 11m26s
Build: Dev / build (push) Successful in 12m24s
Build: Dev / update-infra (push) Successful in 2s
- username: admin (was gitea.repository_owner — the org name, which fails
  Gitea's per-scope token exchange during buildkit blob HEAD requests)
- :latest only on semver tag pushes (was every push to dev — dev pushes
  don't carry semver tags so :latest just won't be re-emitted, which is
  the right behavior for SHA-tracked dev deploys)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-28 09:39:00 -04:00
Chris Farhood b172b6a319 ci: log into registry as token owner (admin), not org name
Build: Production / build (push) Successful in 6m41s
Gitea's docker login is lenient and accepts the org name as a username
at handshake time, but the per-scope token exchange that buildkit
performs for blob operations needs to resolve a real user identity.
Using admin (the user that owns REGISTRY_TOKEN) prevents 401s on
blob HEAD requests during push.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 22:28:10 -04:00
Chris Farhood 39790922f1 ci: emit :latest only on semver tags, not every commit
Build: Production / build (push) Failing after 3m2s
Tagging :latest on every push to local made every CI run try to
overwrite the existing :latest manifest. The Gitea registry rejected
the overwrite, causing builds to fail. Branch builds now produce
only the immutable SHA tag; :latest is reserved for vX.Y.Z tag pushes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 22:09:16 -04:00
Chris Farhood 5499a0b4a6 ci: adapt workflows for Gitea migration
Build: Production / build (push) Successful in 5m39s
Change runner from runners-farhoodlabs to ubuntu-latest across all fork
workflows. Update container registry from ghcr.io to git.farh.net and
authenticate with REGISTRY_TOKEN. Migrate update-infra API calls from
GitHub to Gitea. Disable refresh-lockfile.yml (requires GitHub gh CLI).
Update CLAUDE.md references.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-20 11:17:45 +00:00
Chris Farhood 30ef61bb25 Merge pull request #11 from farhoodlabs/dev
Dev
2026-05-11 17:02:31 -07:00
Chris Farhood 37e0aac971 ci: build prod image from .farhoodlabs/Dockerfile
Pulls the prod image up to the same toolset as the dev image (kubectl,
kubeseal, uv/uvx, forgejo CLIs, nano, vim) without diverging the upstream
root Dockerfile. Both build-dev.yml and build-prod.yml now share the same
fork-overlay Dockerfile; only the image tag and trigger branch differ.
2026-05-03 15:38:18 -04:00
Chris Farhood 18f550b946 fix(ci): make Docker Hub login non-blocking on dev build
The self-hosted runner has been hitting context-deadline timeouts to
docker.io. The actual image push goes to GHCR, so the Docker Hub login
is only there to avoid pull rate limits. Mark it continue-on-error so
transient docker.io connectivity issues don't fail the whole build —
base image pulls fall back to anonymous and proceed.
2026-05-02 17:30:04 -04:00
Chris Farhood c08c72e917 chore(ci): restore fork CI overlay 2026-05-01 19:27:04 -04:00