From c814bfdf3b0d33192fc770a0e7d9eeec7b3d6165 Mon Sep 17 00:00:00 2001
From: Ronni Baslund <rhb@vdoc.dk>
Date: Tue, 9 Jun 2026 09:02:36 +0200
Subject: [PATCH] feat(ci): build + push app images to the Gitea registry

After typecheck + test pass on main, build portal/booking/platform-api images
(matrix) via the dind sidecar and push to git.lastcloud.io tagged latest + SHA.
Auth uses the runner's job token against the same Gitea instance.
---
 .gitea/workflows/ci.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index d4f6105..c6a3b24 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -50,3 +50,28 @@ jobs:
           pnpm install --frozen-lockfile
       - name: Test
         run: pnpm test
+
+  # Build + push app images to the Gitea container registry. Only on main, after
+  # typecheck + test pass. Uses the runner's job token to auth to the registry
+  # (same Gitea instance), and the dind sidecar for docker build.
+  build:
+    runs-on: ubuntu-latest
+    needs: [typecheck, test]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    strategy:
+      fail-fast: false
+      matrix:
+        app:
+          - { name: portal, dir: apps/portal }
+          - { name: booking, dir: apps/booking }
+          - { name: platform-api, dir: services/platform-api }
+    steps:
+      - uses: actions/checkout@v4
+      - name: Registry login
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login git.lastcloud.io -u "${{ github.actor }}" --password-stdin
+      - name: Build + push
+        run: |
+          IMG=git.lastcloud.io/ronnibaslund/dezky/${{ matrix.app.name }}
+          docker build -t "$IMG:latest" -t "$IMG:${{ github.sha }}" "${{ matrix.app.dir }}"
+          docker push "$IMG:latest"
+          docker push "$IMG:${{ github.sha }}"