From 5e325b030116ca1e05bbb642ae7feb38cca6d710 Mon Sep 17 00:00:00 2001
From: Michal <michal@itaz.eu>
Date: Mon, 9 Mar 2026 00:50:15 +0000
Subject: [PATCH] ci: use buildx for docker builds (no daemon restart needed)

The Gitea Act Runner can't restart dockerd to add insecure registries.
Switch to buildx with a BuildKit config that allows HTTP registries,
and write Docker credentials directly instead of using docker login.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 41 ++++++++++++++++++++---------------------
 1 file changed, 20 insertions(+), 21 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 88303f7..851598c 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -144,46 +144,45 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Configure insecure registry
+      - name: Set up Buildx for insecure registry
         run: |
-          sudo mkdir -p /etc/docker
-          echo '{"insecure-registries":["${{ env.GITEA_REGISTRY }}"]}' | sudo tee /etc/docker/daemon.json
-          # Restart dockerd - kill existing process and relaunch
-          sudo kill "$(cat /var/run/docker.pid 2>/dev/null)" 2>/dev/null || sudo pkill dockerd || true
-          sleep 3
-          sudo dockerd &>/dev/null &
-          # Wait for Docker to be ready
-          for i in $(seq 1 30); do docker info &>/dev/null && break || sleep 1; done
+          cat > /tmp/buildkitd.toml <<TOML
+          [registry."${{ env.GITEA_REGISTRY }}"]
+            http = true
+            insecure = true
+          TOML
+          docker buildx create --name ci-builder --config /tmp/buildkitd.toml --driver docker-container --use
+          docker buildx inspect --bootstrap
 
-      - name: Login to Gitea container registry
+      - name: Configure registry credentials
         run: |
-          echo "${{ secrets.PACKAGES_TOKEN }}" | docker login \
-            --username ${{ env.GITEA_OWNER }} --password-stdin \
-            ${{ env.GITEA_REGISTRY }}
+          mkdir -p ~/.docker
+          AUTH=$(printf '%s:%s' "${{ env.GITEA_OWNER }}" "${{ secrets.PACKAGES_TOKEN }}" | base64 -w0)
+          printf '{"auths":{"%s":{"auth":"%s"}}}\n' "${{ env.GITEA_REGISTRY }}" "$AUTH" > ~/.docker/config.json
 
       - name: Build & push mcpd
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpd:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpd:latest \
             -f deploy/Dockerfile.mcpd .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpd:latest
 
       - name: Build & push node-runner
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-node-runner:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-node-runner:latest \
             -f deploy/Dockerfile.node-runner .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-node-runner:latest
 
       - name: Build & push python-runner
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-python-runner:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-python-runner:latest \
             -f deploy/Dockerfile.python-runner .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-python-runner:latest
 
       - name: Build & push docmost-mcp
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/docmost-mcp:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/docmost-mcp:latest \
             -f deploy/Dockerfile.docmost-mcp .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/docmost-mcp:latest
 
       - name: Link packages to repository
         env: