From e299f6476eb3ed82525b596e4bf51117faffa1b0 Mon Sep 17 00:00:00 2001
From: "Billy D." <billy.davies.10@icloud.com>
Date: Wed, 4 Feb 2026 08:11:37 -0500
Subject: [PATCH] fix: Use external registry URL for proper Bearer token auth

Gitea's container registry uses Bearer token auth with realm pointing
to external URL. Changed from internal K8s service URL to
registry.lab.daviestechlabs.io for proper auth flow.

Also removed insecure registry buildx config since using HTTPS now.
---
 .gitea/workflows/build-push.yaml | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml
index e1534de..316f0e3 100644
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -23,9 +23,9 @@ on:
         default: 'all'
 
 env:
-  # Use internal K8s service URL for container registry (runner is in-cluster)
-  REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs
-  REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000
+  # Use external registry URL for proper Bearer token auth flow
+  REGISTRY: registry.lab.daviestechlabs.io/daviestechlabs
+  REGISTRY_HOST: registry.lab.daviestechlabs.io
   NTFY_URL: http://ntfy.observability.svc.cluster.local:80
 
 jobs:
@@ -101,10 +101,8 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
-          # Configure buildx to use HTTP for internal registry
           buildkitd-config-inline: |
-            [registry."gitea-http.gitea.svc.cluster.local:3000"]
-              http = true
+            [registry."registry.lab.daviestechlabs.io"]
               insecure = true
 
       # Login to Docker Hub to avoid pull rate limits
@@ -159,8 +157,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
         with:
           buildkitd-config-inline: |
-            [registry."gitea-http.gitea.svc.cluster.local:3000"]
-              http = true
+            [registry."registry.lab.daviestechlabs.io"]
               insecure = true
 
       - name: Login to Docker Hub
@@ -213,8 +210,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
         with:
           buildkitd-config-inline: |
-            [registry."gitea-http.gitea.svc.cluster.local:3000"]
-              http = true
+            [registry."registry.lab.daviestechlabs.io"]
               insecure = true
 
       - name: Login to Docker Hub
@@ -267,8 +263,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
         with:
           buildkitd-config-inline: |
-            [registry."gitea-http.gitea.svc.cluster.local:3000"]
-              http = true
+            [registry."registry.lab.daviestechlabs.io"]
               insecure = true
 
       - name: Login to Docker Hub