fix: use dind service for forgejo builds

.forgejo/workflows/build.yaml

@@ -0,0 +1,126 @@
+name: build-and-push
+
+on:
+  push:
+    branches:
+      - main
+      - high-performance
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_HOST: tcp://docker:2375
+      DOCKER_TLS_CERTDIR: ""
+    services:
+      docker:
+        image: docker:27-dind
+        env:
+          DOCKER_TLS_CERTDIR: ""
+        options: --privileged
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Docker CLI
+        run: |
+          apt-get update
+          apt-get install -y docker.io
+
+      - name: Set up Docker Buildx
+        run: |
+          export DOCKER_HOST=tcp://docker:2375
+          docker version
+          docker buildx create --use || true
+          docker buildx inspect --bootstrap
+
+      - name: Login to Registry
+        env:
+          REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
+          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+        run: |
+          set -euo pipefail
+          export DOCKER_HOST=tcp://docker:2375
+          SHA="$(git rev-parse HEAD)"
+          test -n "$REGISTRY_HOSTPORT"
+          echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_HOSTPORT" -u "$REGISTRY_USERNAME" --password-stdin
+
+      - name: Build and push
+        env:
+          REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
+        run: |
+          set -euo pipefail
+          export DOCKER_HOST=tcp://docker:2375
+          SHA="$(git rev-parse HEAD)"
+
+          build_and_push() {
+            docker buildx build --push \
+              -f Dockerfile \
+              -t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:${SHA}" \
+              -t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:high-performance-latest" \
+              .
+          }
+
+          for attempt in 1 2 3; do
+            echo "Build attempt $attempt"
+            if build_and_push; then
+              exit 0
+            fi
+            echo "Build attempt $attempt failed; recreating builder and retrying"
+            docker buildx rm --all-inactive --force || true
+            docker buildx create --use || true
+            docker buildx inspect --bootstrap
+            sleep $((attempt * 10))
+          done
+
+          echo "Build failed after retries"
+          exit 1
+
+      - name: Prune old image tags (keep latest 1 SHA)
+        if: success()
+        continue-on-error: true
+        env:
+          REGISTRY_HOST: ${{ secrets.REGISTRY_HOSTPORT }}
+          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+        run: |
+          set -euo pipefail
+          python3 .forgejo/scripts/registry_prune.py \
+            --registry "$REGISTRY_HOST" \
+            --repo "nxtgauge-frontend-solid" \
+            --username "$REGISTRY_USERNAME" \
+            --password "$REGISTRY_PASSWORD" \
+            --keep 1
+
+      - name: Update GitOps and trigger deployment
+        if: success()
+        continue-on-error: true
+        env:
+          GITEOPS_REPO: ${{ secrets.GITEOPS_REPO }}
+          GITEOPS_SSH_KEY: ${{ secrets.GITEOPS_SSH_KEY }}
+        run: |
+          set -euo pipefail
+          SHA="$(git rev-parse HEAD)"
+
+          if [ -z "$GITEOPS_REPO" ]; then
+            echo "GITEOPS_REPO secret not set, skipping GitOps update"
+            exit 0
+          fi
+
+          GITEOPS_DIR=$(mktemp -d)
+          git clone "$GITEOPS_REPO" "$GITEOPS_DIR"
+          cd "$GITEOPS_DIR"
+
+          mkdir -p ~/.ssh
+          echo "$GITEOPS_SSH_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
+
+          python3 .forgejo/scripts/update-gitops.py \
+            --repo "$GITEOPS_DIR" \
+            --service "frontend-solid" \
+            --sha "${SHA}" \
+            --message "chore: deploy frontend-solid@${SHA}"
+
+          rm -rf "$GITEOPS_DIR"

.gitea/workflows/build.yaml

@@ -1,4 +1,4 @@
-name: build-and-push
+name: Build Frontend And Update GitOps
 
 on:
   push:
@@ -15,97 +15,57 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Set up Docker Buildx
+      - name: Install Docker CLI
         run: |
-          export DOCKER_HOST=unix:///var/run/docker.sock
-          docker version
-          docker buildx create --use || true
-          docker buildx inspect --bootstrap
+          apt-get update
+          apt-get install -y docker.io
 
-      - name: Login to Registry
-        env:
-          REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
-          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+      - name: Log in to registry
+        run: |
+          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login registry.nxtgauge.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+
+      - name: Build and push frontend image
         run: |
           set -euo pipefail
-          export DOCKER_HOST=unix:///var/run/docker.sock
-          test -n "$REGISTRY_HOSTPORT"
-          echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_HOSTPORT" -u "$REGISTRY_USERNAME" --password-stdin
+          IMAGE="registry.nxtgauge.com/nxtgauge-frontend-solid:${{ github.sha }}"
+          docker build -t "${IMAGE}" -t registry.nxtgauge.com/nxtgauge-frontend-solid:latest .
+          docker push "${IMAGE}"
+          docker push registry.nxtgauge.com/nxtgauge-frontend-solid:latest
 
-      - name: Build and push
+  update-gitops:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Update GitOps frontend tag
         env:
-          REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
+          GITOPS_USERNAME: ${{ secrets.GITOPS_GITHUB_USERNAME || 'Traceworks2023' }}
+          GITOPS_PASSWORD: ${{ secrets.GITOPS_GITHUB_TOKEN || secrets.GITOPS_PAT }}
+          GITOPS_REPO: https://github.com/Traceworks2023/nxtgauge-gitops.git
+          IMAGE_TAG: ${{ github.sha }}
         run: |
           set -euo pipefail
-          export DOCKER_HOST=unix:///var/run/docker.sock
-
-          build_and_push() {
-            docker buildx build --push \
-              -f Dockerfile \
-              -t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:${{ gitea.sha }}" \
-              -t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:high-performance-latest" \
-              .
-          }
-
-          for attempt in 1 2 3; do
-            echo "Build attempt $attempt"
-            if build_and_push; then
-              exit 0
-            fi
-            echo "Build attempt $attempt failed; recreating builder and retrying"
-            docker buildx rm --all-inactive --force || true
-            docker buildx create --use || true
-            docker buildx inspect --bootstrap
-            sleep $((attempt * 10))
-          done
-
-          echo "Build failed after retries"
-          exit 1
-
-      - name: Prune old image tags (keep latest 1 SHA)
-        if: success()
-        continue-on-error: true
-        env:
-          REGISTRY_HOST: ${{ secrets.REGISTRY_HOSTPORT }}
-          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-        run: |
-          set -euo pipefail
-          python3 .gitea/scripts/registry_prune.py \
-            --registry "$REGISTRY_HOST" \
-            --repo "nxtgauge-frontend-solid" \
-            --username "$REGISTRY_USERNAME" \
-            --password "$REGISTRY_PASSWORD" \
-            --keep 1
-
-      - name: Update GitOps and trigger deployment
-        if: success()
-        continue-on-error: true
-        env:
-          GITEOPS_REPO: ${{ secrets.GITEOPS_REPO }}
-          GITEOPS_SSH_KEY: ${{ secrets.GITEOPS_SSH_KEY }}
-        run: |
-          set -euo pipefail
-
-          if [ -z "$GITEOPS_REPO" ]; then
-            echo "GITEOPS_REPO secret not set, skipping GitOps update"
-            exit 0
-          fi
-
-          GITEOPS_DIR=$(mktemp -d)
-          git clone "$GITEOPS_REPO" "$GITEOPS_DIR"
-          cd "$GITEOPS_DIR"
-
-          mkdir -p ~/.ssh
-          echo "$GITEOPS_SSH_KEY" > ~/.ssh/id_ed25519
-          chmod 600 ~/.ssh/id_ed25519
-          ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
-
-          python3 .gitea/scripts/update-gitops.py \
-            --repo "$GITEOPS_DIR" \
-            --service "frontend-solid" \
-            --sha "${{ gitea.sha }}" \
-            --message "chore: deploy frontend-solid@${{ gitea.sha }}"
-
-          rm -rf "$GITEOPS_DIR"
+          test -n "${GITOPS_PASSWORD:-}" || { echo "GITOPS_PASSWORD is empty"; exit 1; }
+          AUTH="$(printf '%s' "${GITOPS_USERNAME}:${GITOPS_PASSWORD}" | base64 -w0)"
+          TMP_DIR="$(mktemp -d)"
+          git -c http.extraHeader="AUTHORIZATION: basic ${AUTH}" clone --branch main "${GITOPS_REPO}" "${TMP_DIR}"
+          cd "${TMP_DIR}"
+          python3 - <<'PY'
+from pathlib import Path
+import os
+path = Path('apps/nxtgauge-frontend-solid/overlays/prod/kustomization.yaml')
+lines = path.read_text().splitlines()
+out = []
+for line in lines:
+    if line.strip().startswith('newTag:'):
+        indent = line[:len(line) - len(line.lstrip())]
+        out.append(f"{indent}newTag: {os.environ['IMAGE_TAG']}")
+    else:
+        out.append(line)
+path.write_text('\n'.join(out) + '\n')
+PY
+          git config user.name "forgejo-actions"
+          git config user.email "forgejo-actions@nxtgauge.com"
+          git add apps/nxtgauge-frontend-solid/overlays/prod/kustomization.yaml
+          git diff --cached --quiet && exit 0
+          git commit -m "chore(gitops): update frontend image to ${IMAGE_TAG}"
+          git -c http.extraHeader="AUTHORIZATION: basic ${AUTH}" push origin main

.github/workflows/sync-to-forgejo.yml

@@ -0,0 +1,40 @@
+name: sync-to-forgejo
+
+on:
+  push:
+    branches:
+      - main
+      - high-performance
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Push branch to Forgejo
+        env:
+          FORGEJO_SECRET: ${{ secrets.FORGEJO_SECRET || secrets.GITEA_SECRET }}
+          FORGEJO_OWNER: ${{ secrets.FORGEJO_OWNER || 'ashwin' }}
+          FORGEJO_USERNAME: ${{ secrets.FORGEJO_USERNAME || secrets.GITEA_USERNAME || 'ashwin' }}
+          REPO: ${{ github.event.repository.name }}
+          BRANCH: ${{ github.ref_name }}
+        run: |
+          set -euo pipefail
+          test -n "${FORGEJO_SECRET:-}" || { echo "FORGEJO_SECRET is empty"; exit 1; }
+
+          ENCODED_PASSWORD="$(printf '%s' "${FORGEJO_SECRET}" | jq -sRr @uri)"
+          TARGET="https://${FORGEJO_USERNAME}:${ENCODED_PASSWORD}@ci.nxtgauge.com/${FORGEJO_OWNER}/${REPO}.git"
+
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git remote remove forgejo 2>/dev/null || true
+          git remote add forgejo "${TARGET}"
+
+          git push forgejo "HEAD:${BRANCH}" --force
+          git push forgejo --tags --force