From a1bbff87b16cf53b8d2deb0dff41c841ae338e6d Mon Sep 17 00:00:00 2001
From: Ashwin Kumar Sivakumar <ashwin@traceworks.in>
Date: Sat, 13 Jun 2026 18:32:15 +0530
Subject: [PATCH] chore: rebuild all

---
 .gitea/workflows/build.yaml           | 71 +++++++++++++++++++++++++++
 .github/workflows/sync-to-forgejo.yml | 22 ++++-----
 2 files changed, 82 insertions(+), 11 deletions(-)
 create mode 100644 .gitea/workflows/build.yaml

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..d575d0e
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,71 @@
+name: Build Admin And Update GitOps
+
+on:
+  push:
+    branches:
+      - main
+      - high-performance
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_HOST: unix:///var/run/docker.sock
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Docker CLI
+        run: |
+          apt-get update
+          apt-get install -y docker.io
+
+      - name: Log in to registry
+        run: |
+          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login registry.nxtgauge.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+
+      - name: Build and push admin image
+        run: |
+          set -euo pipefail
+          IMAGE="registry.nxtgauge.com/nxtgauge-admin-solid:${{ github.sha }}"
+          docker build -t "${IMAGE}" -t registry.nxtgauge.com/nxtgauge-admin-solid:latest .
+          docker push "${IMAGE}"
+          docker push registry.nxtgauge.com/nxtgauge-admin-solid:latest
+
+  update-gitops:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Update GitOps admin tag
+        env:
+          GITOPS_USERNAME: ${{ secrets.GITOPS_GITHUB_USERNAME || 'Traceworks2023' }}
+          GITOPS_PASSWORD: ${{ secrets.GITOPS_GITHUB_TOKEN || secrets.GITOPS_PAT }}
+          GITOPS_REPO: https://github.com/Traceworks2023/nxtgauge-gitops.git
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          set -euo pipefail
+          test -n "${GITOPS_PASSWORD:-}" || { echo "GITOPS_PASSWORD is empty"; exit 1; }
+          AUTH="$(printf '%s' "${GITOPS_USERNAME}:${GITOPS_PASSWORD}" | base64 -w0)"
+          TMP_DIR="$(mktemp -d)"
+          git -c http.extraHeader="AUTHORIZATION: basic ${AUTH}" clone --branch main "${GITOPS_REPO}" "${TMP_DIR}"
+          cd "${TMP_DIR}"
+          python3 - <<'PY'
+from pathlib import Path
+import os
+path = Path('apps/nxtgauge-admin-solid/overlays/prod/kustomization.yaml')
+lines = path.read_text().splitlines()
+out = []
+for line in lines:
+    if line.strip().startswith('newTag:'):
+        indent = line[:len(line) - len(line.lstrip())]
+        out.append(f"{indent}newTag: {os.environ['IMAGE_TAG']}")
+    else:
+        out.append(line)
+path.write_text('\n'.join(out) + '\n')
+PY
+          git config user.name "forgejo-actions"
+          git config user.email "forgejo-actions@nxtgauge.com"
+          git add apps/nxtgauge-admin-solid/overlays/prod/kustomization.yaml
+          git diff --cached --quiet && exit 0
+          git commit -m "chore(gitops): update admin image to ${IMAGE_TAG}"
+          git -c http.extraHeader="AUTHORIZATION: basic ${AUTH}" push origin main
diff --git a/.github/workflows/sync-to-forgejo.yml b/.github/workflows/sync-to-forgejo.yml
index 2b970dc..354a407 100644
--- a/.github/workflows/sync-to-forgejo.yml
+++ b/.github/workflows/sync-to-forgejo.yml
@@ -10,14 +10,14 @@ jobs:
   sync:
     runs-on: ubuntu-latest
     permissions:
-      contents: write
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Sync to Forgejo
+      - name: Push branch to Forgejo
         env:
           FORGEJO_SECRET: ${{ secrets.FORGEJO_SECRET || secrets.GITEA_SECRET }}
           FORGEJO_OWNER: ${{ secrets.FORGEJO_OWNER || 'ashwin' }}
@@ -25,16 +25,16 @@ jobs:
           REPO: ${{ github.event.repository.name }}
           BRANCH: ${{ github.ref_name }}
         run: |
-          set -euxo pipefail
-          export GIT_TERMINAL_PROMPT=0
-          export GIT_TRACE=1
-          export GIT_CURL_VERBOSE=1
+          set -euo pipefail
+          test -n "${FORGEJO_SECRET:-}" || { echo "FORGEJO_SECRET is empty"; exit 1; }
 
-          USER="${FORGEJO_USERNAME}"
+          AUTH="$(printf '%s' "${FORGEJO_USERNAME}:${FORGEJO_SECRET}" | base64 -w0)"
           TARGET="https://ci.nxtgauge.com/${FORGEJO_OWNER}/${REPO}.git"
-          AUTH="$(printf '%s' "${USER}:${FORGEJO_SECRET}" | base64 -w0)"
 
-          test -n "${FORGEJO_SECRET:-}" || (echo "FORGEJO_SECRET empty" && exit 1)
-          curl -fsS -H "Authorization: Basic ${AUTH}" https://ci.nxtgauge.com/api/v1/user >/dev/null
-          curl -fsS -X POST             -H "Authorization: Basic ${AUTH}"             "https://ci.nxtgauge.com/api/v1/repos/${FORGEJO_OWNER}/${REPO}/mirror-sync" >/dev/null
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git remote remove forgejo 2>/dev/null || true
+          git remote add forgejo "${TARGET}"
 
+          git -c http.extraHeader="AUTHORIZATION: basic ${AUTH}" push forgejo "HEAD:${BRANCH}" --force
+          git -c http.extraHeader="AUTHORIZATION: basic ${AUTH}" push forgejo --tags --force