From 552091c45bf3ef97278fbd230c97f4869d189137 Mon Sep 17 00:00:00 2001
From: dlawler489 <104159223@student.swin.edu.au>
Date: Sat, 20 Jun 2026 06:50:55 +1000
Subject: [PATCH] Build in docker:cli container with host Docker socket mounted

Runner executes jobs in containers with no docker; mount the host
(OrbStack) socket into a docker:cli job container so builds reach the
host daemon. Use sh shell (alpine) and install git for checkout.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .forgejo/workflows/docker-build.yml | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/.forgejo/workflows/docker-build.yml b/.forgejo/workflows/docker-build.yml
index 7799670..e012b3e 100644
--- a/.forgejo/workflows/docker-build.yml
+++ b/.forgejo/workflows/docker-build.yml
@@ -4,17 +4,27 @@ on:
   push:
     branches: [main]
 
+defaults:
+  run:
+    shell: sh
+
 jobs:
   build-and-push:
-    # 'docker' is the host-mode label (no container image mapping), so the job
-    # runs directly on the Mac Mini where OrbStack's docker and git are present.
-    # 'ubuntu-latest' maps to a container that lacks docker, so builds fail there.
     runs-on: docker
+    # Run the job in a Docker-CLI container and mount the host's Docker socket
+    # (OrbStack) so `docker build` talks to the host daemon. Requires the runner
+    # config to allow this volume — see valid_volumes note.
+    container:
+      image: docker:cli
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
     steps:
-      # Manual checkout with plain git — the runner has no Node, so JS actions
-      # like actions/checkout can't run. git + docker are available on the host.
+      - name: Install git
+        run: apk add --no-cache git
+
       - name: Checkout
         run: |
+          git config --global --add safe.directory '*'
           git init -q .
           git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@git.plexultra.com/${{ github.repository }}.git" \
             || git remote set-url origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@git.plexultra.com/${{ github.repository }}.git"
@@ -24,8 +34,6 @@ jobs:
       - name: Log in to Forgejo container registry
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login git.plexultra.com -u "${{ github.actor }}" --password-stdin
 
-      # Runner is on the arm64 Mac Mini, so a plain build produces a native
-      # arm64 image (matches the deploy host) with no QEMU.
       - name: Build and push API image
         run: |
           IMAGE=git.plexultra.com/${{ github.repository }}