From f712f871f16c81ad8a9f6ef7e605df226e7e1459 Mon Sep 17 00:00:00 2001
From: Senko-san <senko@Senko-sans-Mac-mini.local>
Date: Sun, 7 Jun 2026 21:26:57 +0300
Subject: [PATCH] feat: build

---
 .gitea/workflows/docker-publish.yml | 57 +++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 15 deletions(-)

diff --git a/.gitea/workflows/docker-publish.yml b/.gitea/workflows/docker-publish.yml
index 34d6f89..0dd5c73 100644
--- a/.gitea/workflows/docker-publish.yml
+++ b/.gitea/workflows/docker-publish.yml
@@ -10,46 +10,73 @@ env:
   KEEP_VERSIONS: "5"
 
 jobs:
-  build-and-push:
+  build:
     runs-on: ubuntu-latest
+    outputs:
+      host:  ${{ steps.meta.outputs.host }}
+      image: ${{ steps.meta.outputs.image }}
+      sha:   ${{ steps.meta.outputs.sha }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      # Strip protocol and trailing slash from server_url to get the registry host.
       - name: Resolve registry metadata
         id: meta
         run: |
           host=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||; s|/$||')
-          # Container registry requires lowercase image names.
           repo_lc=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]')
           echo "host=$host"            >> "$GITHUB_OUTPUT"
           echo "image=$host/$repo_lc" >> "$GITHUB_OUTPUT"
           echo "sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
 
-      - name: Log in to Gitea registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ steps.meta.outputs.host }}
-          username: ${{ gitea.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push
+      - name: Build image
         uses: docker/build-push-action@v5
         with:
           context: .
           file: dockerfiles/Dockerfile.prod
-          push: true
-          # PUBLIC_API_BASE_URL left as /api/v1 so any reverse proxy works.
+          push: false
           build-args: |
             PUBLIC_API_BASE_URL=/api/v1
           tags: |
             ${{ steps.meta.outputs.image }}:latest
             ${{ steps.meta.outputs.image }}:${{ steps.meta.outputs.sha }}
+          outputs: type=docker,dest=/tmp/image.tar
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: docker-image
+          path: /tmp/image.tar
+          retention-days: 1
+
+  push:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download image artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: docker-image
+          path: /tmp
+
+      - name: Load image
+        run: docker load < /tmp/image.tar
+
+      - name: Log in to Gitea registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ needs.build.outputs.host }}
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGE_REGISTRY_TOKEN }}
+
+      - name: Push image
+        run: |
+          docker push ${{ needs.build.outputs.image }}:latest
+          docker push ${{ needs.build.outputs.image }}:${{ needs.build.outputs.sha }}
 
   cleanup:
     name: Prune old image versions
-    needs: build-and-push
+    needs: push
     runs-on: ubuntu-latest
     steps:
       - name: Delete versions beyond KEEP_VERSIONS
@@ -57,7 +84,7 @@ jobs:
           GITEA_URL: ${{ gitea.server_url }}
           OWNER: ${{ gitea.repository_owner }}
           IMAGE: ${{ gitea.event.repository.name }}
-          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TOKEN: ${{ secrets.PACKAGE_REGISTRY_TOKEN }}
         run: |
           image=$(echo "$IMAGE" | tr '[:upper:]' '[:lower:]')