From b86c76a2fcb22a9a9a72bbeef8b1ac35ae7c23b1 Mon Sep 17 00:00:00 2001
From: admin <admin@gitea.local>
Date: Wed, 4 Mar 2026 20:18:20 +0000
Subject: [PATCH] fix: bypass docker login, pre-populate auth config for HTTP
 registry push

---
 .gitea/workflows/build.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 68c84a2..d2cdc39 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -112,7 +112,12 @@ jobs:
       - name: Push to registry
         if: env.REGISTRY != ''
         run: |
-          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+          # docker login sends POST /auth to Podman which incorrectly tries HTTPS even for
+          # insecure registries. Pre-populate config.json instead — docker push goes through
+          # the Podman daemon which correctly uses HTTP (insecure=true in registries.conf).
+          mkdir -p ~/.docker
+          AUTH=$(echo -n "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" | base64 -w 0)
+          echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json
           docker push "${{ steps.image.outputs.full }}"
 
       - name: Save image to file