ci: use buildx for docker builds (no daemon restart needed)

The Gitea Act Runner can't restart dockerd to add insecure registries.
Switch to buildx with a BuildKit config that allows HTTP registries,
and write Docker credentials directly instead of using docker login.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitea/workflows/ci.yml

@@ -144,46 +144,45 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Configure insecure registry
+      - name: Set up Buildx for insecure registry
         run: |
-          sudo mkdir -p /etc/docker
-          echo '{"insecure-registries":["${{ env.GITEA_REGISTRY }}"]}' | sudo tee /etc/docker/daemon.json
-          # Restart dockerd - kill existing process and relaunch
-          sudo kill "$(cat /var/run/docker.pid 2>/dev/null)" 2>/dev/null || sudo pkill dockerd || true
-          sleep 3
-          sudo dockerd &>/dev/null &
-          # Wait for Docker to be ready
-          for i in $(seq 1 30); do docker info &>/dev/null && break || sleep 1; done
+          cat > /tmp/buildkitd.toml <<TOML
+          [registry."${{ env.GITEA_REGISTRY }}"]
+            http = true
+            insecure = true
+          TOML
+          docker buildx create --name ci-builder --config /tmp/buildkitd.toml --driver docker-container --use
+          docker buildx inspect --bootstrap
 
-      - name: Login to Gitea container registry
+      - name: Configure registry credentials
         run: |
-          echo "${{ secrets.PACKAGES_TOKEN }}" | docker login \
-            --username ${{ env.GITEA_OWNER }} --password-stdin \
-            ${{ env.GITEA_REGISTRY }}
+          mkdir -p ~/.docker
+          AUTH=$(printf '%s:%s' "${{ env.GITEA_OWNER }}" "${{ secrets.PACKAGES_TOKEN }}" | base64 -w0)
+          printf '{"auths":{"%s":{"auth":"%s"}}}\n' "${{ env.GITEA_REGISTRY }}" "$AUTH" > ~/.docker/config.json
 
       - name: Build & push mcpd
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpd:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpd:latest \
             -f deploy/Dockerfile.mcpd .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpd:latest
 
       - name: Build & push node-runner
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-node-runner:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-node-runner:latest \
             -f deploy/Dockerfile.node-runner .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-node-runner:latest
 
       - name: Build & push python-runner
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-python-runner:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-python-runner:latest \
             -f deploy/Dockerfile.python-runner .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/mcpctl-python-runner:latest
 
       - name: Build & push docmost-mcp
         run: |
-          docker build -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/docmost-mcp:latest \
+          docker buildx build --push \
+            -t ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/docmost-mcp:latest \
             -f deploy/Dockerfile.docmost-mcp .
-          docker push ${{ env.GITEA_REGISTRY }}/${{ env.GITEA_OWNER }}/docmost-mcp:latest
 
       - name: Link packages to repository
         env: