From c4fd58c951a9d4927a2c7addc3b884fd521684c0 Mon Sep 17 00:00:00 2001
From: "Billy D." <billy.davies.10@icloud.com>
Date: Sat, 21 Feb 2026 18:05:42 -0500
Subject: [PATCH] fix: switch Docker registry to HTTPS endpoint with
 login-action

- Replace gitea-http.gitea.svc.cluster.local:3000 with registry.lab.daviestechlabs.io
- Use docker/login-action@v3 for Gitea registry auth (proper buildx integration)
- Remove manual base64 auth to ~/.docker/config.json (not picked up by buildkit)
- Remove insecure registry daemon.json config and Docker restart
- Remove buildkitd insecure registry config
- Remove cache-from/cache-to type=gha (not supported on Gitea Actions)

Fixes 401 Unauthorized: reqPackageAccess on Docker push
---
 .gitea/workflows/build-push.yaml | 39 ++++++++------------------------
 1 file changed, 9 insertions(+), 30 deletions(-)

diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml
index 2aaf215..f461ad1 100644
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -8,8 +8,8 @@ on:
 
 env:
   NTFY_URL: http://ntfy.observability.svc.cluster.local:80
-  REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs
-  REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000
+  REGISTRY: registry.lab.daviestechlabs.io/daviestechlabs
+  REGISTRY_HOST: registry.lab.daviestechlabs.io
   IMAGE_NAME: ntfy-discord
 
 jobs:
@@ -116,11 +116,13 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+
+      - name: Login to Gitea Registry
+        uses: docker/login-action@v3
         with:
-          buildkitd-config-inline: |
-            [registry."gitea-http.gitea.svc.cluster.local:3000"]
-              http = true
-              insecure = true
+          registry: ${{ env.REGISTRY_HOST }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
 
       - name: Login to Docker Hub
         if: vars.DOCKERHUB_USERNAME != ''
@@ -129,28 +131,6 @@ jobs:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Configure Docker for insecure registry
-        run: |
-          sudo mkdir -p /etc/docker
-          echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
-          sudo systemctl restart docker || sudo service docker restart || true
-          sleep 2
-
-      - name: Login to Gitea Registry
-        run: |
-          AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
-          mkdir -p ~/.docker
-          cat > ~/.docker/config.json << EOF
-          {
-            "auths": {
-              "${{ env.REGISTRY_HOST }}": {
-                "auth": "$AUTH"
-              }
-            }
-          }
-          EOF
-          echo "Auth configured for ${{ env.REGISTRY_HOST }}"
-
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v5
@@ -168,8 +148,7 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+
 
   notify:
     name: Notify