ci: docker build + skopeo push for HTTP registry

docker build works via podman socket (builds don't need registry access).
skopeo pushes directly over HTTP with --dest-tls-verify=false, bypassing
the daemon's registry config entirely. No login/daemon config needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitea/workflows/ci.yml

@@ -148,42 +148,40 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Configure insecure registry
+      - name: Install skopeo
-        run: |
+        run: sudo apt-get update && sudo apt-get install -y skopeo
-          # Host uses podman — configure registries.conf for HTTP access
-          sudo mkdir -p /etc/containers
-          printf '[[registry]]\nlocation = "%s"\ninsecure = true\n' "${{ env.REGISTRY }}" \
-            | sudo tee /etc/containers/registries.conf
-
-      - name: Login to Gitea container registry
-        run: |
-          echo "${{ secrets.PACKAGES_TOKEN }}" | docker login \
-            --username ${{ env.OWNER }} --password-stdin \
-            ${{ env.REGISTRY }}
 
       - name: Build & push mcpd
         run: |
-          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest \
+          docker build -t mcpd:latest -f deploy/Dockerfile.mcpd .
-            -f deploy/Dockerfile.mcpd .
+          skopeo copy --dest-tls-verify=false \
-          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest
+            --dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
+            docker-daemon:mcpd:latest \
+            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest
 
       - name: Build & push node-runner
         run: |
-          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest \
+          docker build -t node-runner:latest -f deploy/Dockerfile.node-runner .
-            -f deploy/Dockerfile.node-runner .
+          skopeo copy --dest-tls-verify=false \
-          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest
+            --dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
+            docker-daemon:node-runner:latest \
+            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest
 
       - name: Build & push python-runner
         run: |
-          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest \
+          docker build -t python-runner:latest -f deploy/Dockerfile.python-runner .
-            -f deploy/Dockerfile.python-runner .
+          skopeo copy --dest-tls-verify=false \
-          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest
+            --dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
+            docker-daemon:python-runner:latest \
+            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest
 
       - name: Build & push docmost-mcp
         run: |
-          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest \
+          docker build -t docmost-mcp:latest -f deploy/Dockerfile.docmost-mcp .
-            -f deploy/Dockerfile.docmost-mcp .
+          skopeo copy --dest-tls-verify=false \
-          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest
+            --dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
+            docker-daemon:docmost-mcp:latest \
+            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest
 
       - name: Link packages to repository
         env: