From 0ea8d656a22d9cfc0ccaf5b8248839e705d9fcce Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 19:07:06 +0200
Subject: [PATCH 1/7] fix CI not being allowed to push container image

---
 .forgejo/workflows/container.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/.forgejo/workflows/container.yml b/.forgejo/workflows/container.yml
index afd83a3..957e347 100644
--- a/.forgejo/workflows/container.yml
+++ b/.forgejo/workflows/container.yml
@@ -3,9 +3,6 @@ name: Build Container
 on:
   push: {}
 
-permissions:
-  packages: write
-
 jobs:
   build-container:
     name: Build Container
@@ -19,7 +16,7 @@ jobs:
         uses: actions/checkout@v6
       - name: Login to container registry (prod only)
         if: ${{ forgejo.ref_name == 'main' }}
-        run: /kaniko/executor login --username="forgejo-actions" --password="${{ forgejo.token }}" git.hamburg.ccc.de
+        run: /kaniko/executor login --username="forgejo-actions" --password="${{ secrets.PACKAGES_TOKEN }}" git.hamburg.ccc.de
       - name: Build Container
         env:
           KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
@@ -27,7 +24,6 @@ jobs:
           --dockerfile="${{forgejo.workspace }}/Containerfile"
           --context="dir://${{ forgejo.workspace }}"
           --destination=git.hamburg.ccc.de/ccchh/dooris:latest
-          --credential-helpers=env
           --no-push-cache
           --annotation=org.opencontainers.image.ref.name=dooris
           --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}

From c63537e0eda1b315883b7f7fdf8132c4023dee0e Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 19:16:21 +0200
Subject: [PATCH 2/7] allow users to trigger container building in CI

---
 .forgejo/workflows/container.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.forgejo/workflows/container.yml b/.forgejo/workflows/container.yml
index 957e347..700e336 100644
--- a/.forgejo/workflows/container.yml
+++ b/.forgejo/workflows/container.yml
@@ -1,6 +1,7 @@
 name: Build Container
 
 on:
+  workflow_dispatch: {}
   push: {}
 
 jobs:

From 60a7f5dc44665de0d447785ad5c8ea72724618e8 Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 19:25:07 +0200
Subject: [PATCH 3/7] debug ci

---
 .forgejo/workflows/container.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/container.yml b/.forgejo/workflows/container.yml
index 700e336..a4501ec 100644
--- a/.forgejo/workflows/container.yml
+++ b/.forgejo/workflows/container.yml
@@ -8,16 +8,17 @@ jobs:
   build-container:
     name: Build Container
     runs-on: docker
-    container:
-      image: ghcr.io/osscontainertools/kaniko:alpine
     steps:
       - name: Install NodeJS for actions compatibility
         run: apk add --no-cache nodejs
+        
       - name: Checkout source code
         uses: actions/checkout@v6
+
       - name: Login to container registry (prod only)
         if: ${{ forgejo.ref_name == 'main' }}
-        run: /kaniko/executor login --username="forgejo-actions" --password="${{ secrets.PACKAGES_TOKEN }}" git.hamburg.ccc.de
+        run: echo /kaniko/executor login --username="forgejo-actions" --password="${{ secrets.PACKAGES_TOKEN }}" git.hamburg.ccc.de
+
       - name: Build Container
         env:
           KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}

From 06849aa76aa382a2ddf7d1a50869996f81d8a03d Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 19:31:00 +0200
Subject: [PATCH 4/7] debug ci

---
 .forgejo/workflows/container.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.forgejo/workflows/container.yml b/.forgejo/workflows/container.yml
index a4501ec..69a5ed9 100644
--- a/.forgejo/workflows/container.yml
+++ b/.forgejo/workflows/container.yml
@@ -8,6 +8,8 @@ jobs:
   build-container:
     name: Build Container
     runs-on: docker
+    container:
+      image: ghcr.io/osscontainertools/kaniko:alpine
     steps:
       - name: Install NodeJS for actions compatibility
         run: apk add --no-cache nodejs

From 5759f1213fc24551d00d0ca881921689ae52a237 Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 19:31:26 +0200
Subject: [PATCH 5/7] remove ci debug

---
 .forgejo/workflows/container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/container.yml b/.forgejo/workflows/container.yml
index 69a5ed9..9fb606b 100644
--- a/.forgejo/workflows/container.yml
+++ b/.forgejo/workflows/container.yml
@@ -19,7 +19,7 @@ jobs:
 
       - name: Login to container registry (prod only)
         if: ${{ forgejo.ref_name == 'main' }}
-        run: echo /kaniko/executor login --username="forgejo-actions" --password="${{ secrets.PACKAGES_TOKEN }}" git.hamburg.ccc.de
+        run: /kaniko/executor login --username="forgejo-actions" --password="${{ secrets.PACKAGES_TOKEN }}" git.hamburg.ccc.de
 
       - name: Build Container
         env:

From f133a491b2177cae6d0c7584fccc34cfcf7c2607 Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 19:16:21 +0200
Subject: [PATCH 6/7] allow users to trigger container building in CI

---
 .forgejo/workflows/container.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.forgejo/workflows/container.yml b/.forgejo/workflows/container.yml
index afd83a3..554b2e9 100644
--- a/.forgejo/workflows/container.yml
+++ b/.forgejo/workflows/container.yml
@@ -1,6 +1,7 @@
 name: Build Container
 
 on:
+  workflow_dispatch: {}
   push: {}
 
 permissions:

From eb773f0307881fcee2e0c2a32511f9817fc110ea Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 19:07:06 +0200
Subject: [PATCH 7/7] fix CI not being allowed to push container image

---
 .forgejo/workflows/container.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/.forgejo/workflows/container.yml b/.forgejo/workflows/container.yml
index 554b2e9..9fb606b 100644
--- a/.forgejo/workflows/container.yml
+++ b/.forgejo/workflows/container.yml
@@ -4,9 +4,6 @@ on:
   workflow_dispatch: {}
   push: {}
 
-permissions:
-  packages: write
-
 jobs:
   build-container:
     name: Build Container
@@ -16,11 +13,14 @@ jobs:
     steps:
       - name: Install NodeJS for actions compatibility
         run: apk add --no-cache nodejs
+        
       - name: Checkout source code
         uses: actions/checkout@v6
+
       - name: Login to container registry (prod only)
         if: ${{ forgejo.ref_name == 'main' }}
-        run: /kaniko/executor login --username="forgejo-actions" --password="${{ forgejo.token }}" git.hamburg.ccc.de
+        run: /kaniko/executor login --username="forgejo-actions" --password="${{ secrets.PACKAGES_TOKEN }}" git.hamburg.ccc.de
+
       - name: Build Container
         env:
           KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
@@ -28,7 +28,6 @@ jobs:
           --dockerfile="${{forgejo.workspace }}/Containerfile"
           --context="dir://${{ forgejo.workspace }}"
           --destination=git.hamburg.ccc.de/ccchh/dooris:latest
-          --credential-helpers=env
           --no-push-cache
           --annotation=org.opencontainers.image.ref.name=dooris
           --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}