From 648fbbfed8717a1169b996eaba2ffad4e9bbf70c Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Thu, 7 May 2026 15:58:44 +0000
Subject: [PATCH] [ci] Switch build to Woodpecker dual-push (registry-private +
 Forgejo)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phase 1 of the registry consolidation rolling out across the homelab —
infra/docs/plans/2026-05-07-forgejo-registry-consolidation-plan.md.

* New .woodpecker.yml builds + dual-pushes to
  registry.viktorbarzin.me:5050/beadboard AND
  forgejo.viktorbarzin.me/viktor/beadboard.
* GHA build-and-deploy.yml renamed to .disabled — would otherwise
  race the Woodpecker build and clobber Forgejo with a stale image
  during the bake. Re-enable only on rollback.
* No deploy step yet — Phase 3 flips infra/stacks/beads-server/main.tf
  image= reference; pods still pull from registry.viktorbarzin.me
  through the bake.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 ...ploy.yml => build-and-deploy.yml.disabled} |  0
 .woodpecker.yml                               | 44 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 rename .github/workflows/{build-and-deploy.yml => build-and-deploy.yml.disabled} (100%)
 create mode 100644 .woodpecker.yml

diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml.disabled
similarity index 100%
rename from .github/workflows/build-and-deploy.yml
rename to .github/workflows/build-and-deploy.yml.disabled
diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..d52853c
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,44 @@
+when:
+  event: push
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      attempts: 5
+      backoff: 10s
+
+steps:
+  - name: build-and-push
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      # Dual-push during the Forgejo registry consolidation bake. After
+      # ≥14 days clean, registry.viktorbarzin.me drops out (Phase 4).
+      # GHA build-and-deploy.yml is .disabled until rollback — see
+      # docs/plans/2026-05-07-forgejo-registry-consolidation-plan.md
+      # § "Risk register" (clobber-during-bake mitigation).
+      repo:
+        - registry.viktorbarzin.me:5050/beadboard
+        - forgejo.viktorbarzin.me/viktor/beadboard
+      logins:
+        - registry: registry.viktorbarzin.me:5050
+          username:
+            from_secret: registry_user
+          password:
+            from_secret: registry_password
+        - registry: forgejo.viktorbarzin.me
+          username:
+            from_secret: forgejo_user
+          password:
+            from_secret: forgejo_push_token
+      dockerfile: Dockerfile
+      context: .
+      auto_tag: true
+      platforms:
+        - linux/amd64
+
+# Deploy step intentionally omitted during Phase 1 dual-push bake —
+# pods continue pulling from registry.viktorbarzin.me until Phase 3
+# (`infra/stacks/beads-server/main.tf` `image=` flip). Re-add a
+# kubectl-set-image step here at Phase 3 if desired, or keep the
+# Terraform-driven flip pattern instead.