From 2555153994fb883628e228e3fa18448a99e33ee4 Mon Sep 17 00:00:00 2001
From: Aleksandr Meshchriakov <avm@sh-inc.ru>
Date: Mon, 2 Feb 2026 14:11:15 +0100
Subject: [PATCH] fix(ci): use REGISTRY_TOKEN secret for container registry
 auth

---
 .gitea/workflows/ci-cd.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml
index eb57a3c..b7af79e 100644
--- a/.gitea/workflows/ci-cd.yml
+++ b/.gitea/workflows/ci-cd.yml
@@ -136,8 +136,8 @@ jobs:
           echo "Registry: ${REGISTRY_HOST}"
           echo "Actor: ${GITHUB_ACTOR}"
           
-          # Login to Gitea container registry
-          echo "${REGISTRY_PASSWORD}" | ./crane auth login --insecure ${REGISTRY_HOST} -u "${GITHUB_ACTOR}" --password-stdin
+          # Login to Gitea container registry (requires REGISTRY_TOKEN secret with write:package scope)
+          echo "${REGISTRY_PASSWORD}" | ./crane auth login --insecure ${REGISTRY_HOST} -u "${REGISTRY_USER}" --password-stdin
           
           # Build and push web image
           docker build -f ./docker/Dockerfile.web -t mostovik-web:local .
@@ -161,7 +161,8 @@ jobs:
             ./crane push --insecure /tmp/celery.tar ${REGISTRY}/mostovik-celery:latest
           fi
         env:
-          REGISTRY_PASSWORD: ${{ gitea.token }}
+          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}
 
       - name: Image summary
         run: |