From b2bd70a356e8198c56be63dfbba14e82052fc703 Mon Sep 17 00:00:00 2001
From: dlawler489 <104159223@student.swin.edu.au>
Date: Fri, 19 Jun 2026 21:16:06 +1000
Subject: [PATCH] Switch CI/CD from GitHub Actions + GHCR to Forgejo Actions +
 Forgejo registry

- Add .forgejo/workflows/docker-build.yml: builds API (production) and
  nginx (nginx-frontend) images with plain docker build/push and pushes
  to git.plexultra.com (native arm64 on the mac-mini runner)
- Remove .github/workflows/docker-build.yml (GHCR/GitHub-specific)
- Point docker-compose.deploy.yml images at git.plexultra.com registry

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .forgejo/workflows/docker-build.yml |  34 ++++++++
 .github/workflows/docker-build.yml  | 129 ----------------------------
 docker-compose.deploy.yml           |   4 +-
 3 files changed, 36 insertions(+), 131 deletions(-)
 create mode 100644 .forgejo/workflows/docker-build.yml
 delete mode 100644 .github/workflows/docker-build.yml

diff --git a/.forgejo/workflows/docker-build.yml b/.forgejo/workflows/docker-build.yml
new file mode 100644
index 0000000..cb629dd
--- /dev/null
+++ b/.forgejo/workflows/docker-build.yml
@@ -0,0 +1,34 @@
+name: Build and Push Docker Images
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Forgejo's built-in container registry. The auto-provided token can push
+      # packages for the repo owner; if push fails on auth, create a Forgejo
+      # access token with package read/write and use it here instead.
+      - name: Log in to Forgejo container registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login git.plexultra.com -u "${{ github.actor }}" --password-stdin
+
+      # Runner is on the arm64 Mac Mini, so a plain build produces a native
+      # arm64 image (matches the deploy host) with no QEMU.
+      - name: Build and push API image
+        run: |
+          IMAGE=git.plexultra.com/${{ github.repository }}
+          docker build --target production -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
+          docker push "$IMAGE:main"
+          docker push "$IMAGE:${{ github.sha }}"
+
+      - name: Build and push Nginx image
+        run: |
+          IMAGE=git.plexultra.com/${{ github.repository }}-nginx
+          docker build --target nginx-frontend -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
+          docker push "$IMAGE:main"
+          docker push "$IMAGE:${{ github.sha }}"
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
deleted file mode 100644
index 94cbd5a..0000000
--- a/.github/workflows/docker-build.yml
+++ /dev/null
@@ -1,129 +0,0 @@
-name: Build and Push Docker Images
-
-on:
-  push:
-    branches: [ main, develop ]
-    tags: [ 'v*' ]
-  pull_request:
-    branches: [ main ]
-
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  build-and-push:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: '24'
-        cache: 'npm'
-        cache-dependency-path: |
-          client/package-lock.json
-          server/package-lock.json
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Log in to Container Registry
-      if: github.event_name != 'pull_request'
-      uses: docker/login-action@v3
-      with:
-        registry: ${{ env.REGISTRY }}
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Extract metadata for Docker
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-          type=sha,prefix=sha-
-          type=raw,value=main,enable={{is_default_branch}}
-
-    - name: Build React client
-      working-directory: ./client
-      run: |
-        npm ci
-        npm run build
-
-    - name: Verify client build
-      run: |
-        ls -la client/dist/ || echo "No dist directory found"
-        if [ -d "client/dist" ]; then
-          echo "✅ Client build successful"
-          echo "Build contents:"
-          find client/dist -type f | head -5
-        else
-          echo "❌ Client build failed - no dist directory"
-          exit 1
-        fi
-
-    - name: Build and push API image
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        target: production
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-        platforms: linux/amd64,linux/arm64
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-
-    - name: Extract metadata for Nginx image
-      id: nginx-meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-nginx
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-          type=sha,prefix=sha-
-          type=raw,value=main,enable={{is_default_branch}}
-
-    - name: Build and push Nginx image
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        target: nginx-frontend
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.nginx-meta.outputs.tags }}
-        labels: ${{ steps.nginx-meta.outputs.labels }}
-        platforms: linux/amd64,linux/arm64
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-
-    - name: Make package public
-      if: github.event_name != 'pull_request'
-      run: |
-        echo "Setting package visibility to public..."
-        # Note: This requires the GITHUB_TOKEN to have package:write permission
-        # The package visibility will be set to public automatically for public repos
-
-    - name: Image build summary
-      if: github.event_name != 'pull_request'
-      run: |
-        echo "✅ Docker image built and pushed successfully!"
-        echo "📦 Image tags:"
-        echo "${{ steps.meta.outputs.tags }}"
-        echo ""
-        echo "🚀 Deploy on your Mac Mini with:"
-        echo "git pull && ./build-deploy.sh ghcr"
\ No newline at end of file
diff --git a/docker-compose.deploy.yml b/docker-compose.deploy.yml
index 3d00157..51cf559 100644
--- a/docker-compose.deploy.yml
+++ b/docker-compose.deploy.yml
@@ -1,7 +1,7 @@
 services:
   # Nginx reverse proxy and static file server (client baked into image)
   nginx:
-    image: ghcr.io/dlawler489/etsy-finance-tracker-nginx:main
+    image: git.plexultra.com/dlawler489/etsy-finance-tracker-nginx:main
     container_name: etsy-nginx
     ports:
       - "3000:80"
@@ -27,7 +27,7 @@ services:
 
   # Etsy Finance Tracker API Server (from GitHub Container Registry)
   etsy-tracker:
-    image: ghcr.io/dlawler489/etsy-finance-tracker:main
+    image: git.plexultra.com/dlawler489/etsy-finance-tracker:main
     container_name: etsy-finance-tracker
     expose:
       - "8080"