From 46ae6ff5fe651526a54f57bc46d2956f6ea704fc Mon Sep 17 00:00:00 2001
From: dlawler489 <104159223@student.swin.edu.au>
Date: Sat, 20 Jun 2026 07:22:20 +1000
Subject: [PATCH] Use REGISTRY_TOKEN (write:package) for registry login

The auto GITHUB_TOKEN can't push packages (unauthorized: reqPackageAccess).
Log in with a Forgejo token that has write:package, stored as the
REGISTRY_TOKEN Actions secret.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .forgejo/workflows/docker-build.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.forgejo/workflows/docker-build.yml b/.forgejo/workflows/docker-build.yml
index e489608..bd5197b 100644
--- a/.forgejo/workflows/docker-build.yml
+++ b/.forgejo/workflows/docker-build.yml
@@ -31,8 +31,10 @@ jobs:
           git fetch --depth 1 origin "${{ github.ref_name }}"
           git checkout -q -f FETCH_HEAD
 
+      # Uses a Forgejo token with write:package scope (the auto GITHUB_TOKEN
+      # can't write packages — push fails with 'unauthorized: reqPackageAccess')
       - name: Log in to Forgejo container registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login git.plexultra.com -u "${{ github.actor }}" --password-stdin
+        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.plexultra.com -u "${{ github.actor }}" --password-stdin
 
       - name: Build and push API image
         run: |