From b7d86ad5f8312b211631b43ca0a4ff121135f1c9 Mon Sep 17 00:00:00 2001
From: Tomas Dvorak <contact.dvorak@gmail.com>
Date: Thu, 7 May 2026 09:47:56 +0200
Subject: [PATCH] ci(docker): add support for Gitea registry and update
 permissions

Update the docker-build workflow to support both GitHub Container Registry
and Gitea by dynamically determining the registry URL based on the
server URL. Added explicit permissions for package writing and implemented
conditional login steps to handle GitHub and Gitea authentication
differently.
---
 .github/workflows/docker-build.yml | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 587fbb0..75e1ae6 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -8,9 +8,13 @@ on:
     branches: [main]
 
 env:
-  REGISTRY: ghcr.io
+  REGISTRY: ${{ github.server_url == 'https://github.com' && 'ghcr.io' || format('{0}/v2', github.server_url) }}
   IMAGE_PREFIX: ${{ github.repository }}
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   build-backend:
     runs-on: ubuntu-latest
@@ -20,14 +24,22 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log in to registry (push only)
-        if: github.event_name == 'push'
+      - name: Log in to registry (push only) - GitHub
+        if: github.event_name == 'push' && github.server_url == 'https://github.com'
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Log in to registry (push only) - Gitea
+        if: github.event_name == 'push' && github.server_url != 'https://github.com'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.GITEA_USERNAME || github.actor }}
+          password: ${{ secrets.GITEA_TOKEN || secrets.GITHUB_TOKEN }}
+
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v5
@@ -57,14 +69,22 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log in to registry (push only)
-        if: github.event_name == 'push'
+      - name: Log in to registry (push only) - GitHub
+        if: github.event_name == 'push' && github.server_url == 'https://github.com'
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Log in to registry (push only) - Gitea
+        if: github.event_name == 'push' && github.server_url != 'https://github.com'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.GITEA_USERNAME || github.actor }}
+          password: ${{ secrets.GITEA_TOKEN || secrets.GITHUB_TOKEN }}
+
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v5