fix: install docker cli in forgejo workflow namespace

.forgejo/workflows/build.yaml

@@ -0,0 +1,119 @@
+name: build-and-push
+
+on:
+  push:
+    branches:
+      - main
+      - high-performance
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_HOST: unix:///var/run/docker.sock
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Docker CLI
+        run: |
+          apt-get update
+          apt-get install -y docker.io
+
+      - name: Set up Docker Buildx
+        run: |
+          export DOCKER_HOST=unix:///var/run/docker.sock
+          docker version
+          docker buildx create --use || true
+          docker buildx inspect --bootstrap
+
+      - name: Login to Registry
+        env:
+          REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
+          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+        run: |
+          set -euo pipefail
+          export DOCKER_HOST=unix:///var/run/docker.sock
+          SHA="$(git rev-parse HEAD)"
+          test -n "$REGISTRY_HOSTPORT"
+          echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_HOSTPORT" -u "$REGISTRY_USERNAME" --password-stdin
+
+      - name: Build and push
+        env:
+          REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
+        run: |
+          set -euo pipefail
+          export DOCKER_HOST=unix:///var/run/docker.sock
+          SHA="$(git rev-parse HEAD)"
+
+          build_and_push() {
+            docker buildx build --push \
+              -f Dockerfile \
+              -t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:${SHA}" \
+              -t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:high-performance-latest" \
+              .
+          }
+
+          for attempt in 1 2 3; do
+            echo "Build attempt $attempt"
+            if build_and_push; then
+              exit 0
+            fi
+            echo "Build attempt $attempt failed; recreating builder and retrying"
+            docker buildx rm --all-inactive --force || true
+            docker buildx create --use || true
+            docker buildx inspect --bootstrap
+            sleep $((attempt * 10))
+          done
+
+          echo "Build failed after retries"
+          exit 1
+
+      - name: Prune old image tags (keep latest 1 SHA)
+        if: success()
+        continue-on-error: true
+        env:
+          REGISTRY_HOST: ${{ secrets.REGISTRY_HOSTPORT }}
+          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+        run: |
+          set -euo pipefail
+          python3 .forgejo/scripts/registry_prune.py \
+            --registry "$REGISTRY_HOST" \
+            --repo "nxtgauge-frontend-solid" \
+            --username "$REGISTRY_USERNAME" \
+            --password "$REGISTRY_PASSWORD" \
+            --keep 1
+
+      - name: Update GitOps and trigger deployment
+        if: success()
+        continue-on-error: true
+        env:
+          GITEOPS_REPO: ${{ secrets.GITEOPS_REPO }}
+          GITEOPS_SSH_KEY: ${{ secrets.GITEOPS_SSH_KEY }}
+        run: |
+          set -euo pipefail
+          SHA="$(git rev-parse HEAD)"
+
+          if [ -z "$GITEOPS_REPO" ]; then
+            echo "GITEOPS_REPO secret not set, skipping GitOps update"
+            exit 0
+          fi
+
+          GITEOPS_DIR=$(mktemp -d)
+          git clone "$GITEOPS_REPO" "$GITEOPS_DIR"
+          cd "$GITEOPS_DIR"
+
+          mkdir -p ~/.ssh
+          echo "$GITEOPS_SSH_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
+
+          python3 .forgejo/scripts/update-gitops.py \
+            --repo "$GITEOPS_DIR" \
+            --service "frontend-solid" \
+            --sha "${SHA}" \
+            --message "chore: deploy frontend-solid@${SHA}"
+
+          rm -rf "$GITEOPS_DIR"