[forgejo] Migration script: exclude empty repos, all-images full mode

Updated to handle the actual situation: wealthfolio-sync and fire-planner have registry repos but no tags (broken/abandoned deployments). Skip those with a SKIP marker. Migrate everything else as a stop-gap until Woodpecker pipelines start producing Forgejo images on their own. The image list now covers all private images currently in scope.
2026-05-07 17:21:39 +00:00 · 2026-05-07 17:21:39 +00:00 · e86efd107a
commit e86efd107a
parent 874f80ecbe
1 changed files with 37 additions and 14 deletions
--- a/scripts/forgejo-migrate-orphan-images.sh
+++ b/scripts/forgejo-migrate-orphan-images.sh
@ -1,17 +1,21 @@
 #!/usr/bin/env bash
-# One-shot migration of orphan images that have no CI pipeline producing them.
+# One-shot migration of every private image on registry.viktorbarzin.me to
+# Forgejo. Used as a stop-gap when the dual-push CI pipelines aren't
+# producing Forgejo images on their own (Forgejo-Woodpecker forge driver
+# context-deadline-exceeded issue, see bd code-d3y / 2026-05-07).
 #
-# Some images on registry.viktorbarzin.me:5050 were built ad-hoc and there's
-# no Dockerfile or pipeline to reproduce them — fire-planner (until this
-# session added one), wealthfolio-sync. This script pulls each orphan from
-# registry.viktorbarzin.me, retags for Forgejo, and pushes — preserving the
-# blob bytes verbatim so the cluster can flip image= without a rebuild.
+# Pulls each image from registry.viktorbarzin.me, retags, pushes to
+# forgejo.viktorbarzin.me/viktor/<name>:<tag> — preserving the blob bytes
+# verbatim so the cluster can flip image= without a rebuild.
 #
 # Run from any host with docker + network reach to BOTH registries. Auth
 # from `docker login` (~/.docker/config.json) — make sure both registries
 # are logged in:
 #   docker login registry.viktorbarzin.me -u viktorbarzin
-#   docker login forgejo.viktorbarzin.me -u ci-pusher
+#   docker login forgejo.viktorbarzin.me -u viktor   # use viktor PAT, not ci-pusher
+#
+# (ci-pusher CANNOT push to viktor/<image> — Forgejo container packages
+# are scoped to the pushing user. Only viktor's PAT can write to viktor/*.)
 #
 # After the script, the new image lives at
 #   forgejo.viktorbarzin.me/viktor/<name>:<tag>
@ -23,11 +27,24 @@ set -euo pipefail
 OLD_REG=registry.viktorbarzin.me
 NEW_REG=forgejo.viktorbarzin.me/viktor

-# Image list: <name>:<tag>. Add new entries as orphans surface.
+# Image list: <name>:<tag>. Generated 2026-05-07 from `grep -rEn 'image\s*=\s*
+# "registry\.viktorbarzin\.me'` across infra/stacks/.
+#
+# Excluded:
+# - wealthfolio-sync: registry repo exists but has 0 tags (CronJob has been
+#   broken for 36+ days, separate decision needed). User to triage before
+#   migration.
+# - fire-planner: registry repo exists but has 0 tags. Dockerfile + CI added
+#   in this session (commit 8b53d99e); rebuild via Woodpecker before flipping.
 IMAGES=(
-  "wealthfolio-sync:latest"
-  "fire-planner:latest"
  "chrome-service-novnc:v4"
+  "chrome-service-novnc:latest"
+  "payslip-ingest:latest"
+  "job-hunter:latest"
+  "claude-agent-service:latest"
+  "freedify:latest"
+  "beadboard:latest"
+  "infra-ci:latest"
 )

 for img in "${IMAGES[@]}"; do
@ -35,17 +52,23 @@ for img in "${IMAGES[@]}"; do
  src="$OLD_REG/$img"
  dst="$NEW_REG/$img"

-  echo "  pull $src"
-  docker pull "$src"
+  if ! docker pull "$src" 2>&1 | tee /tmp/pull-$$ | grep -q 'Status: '; then
+    if grep -q 'not found' /tmp/pull-$$; then
+      echo "  SKIP — image not present in source registry"
+      rm -f /tmp/pull-$$
+      continue
+    fi
+  fi
+  rm -f /tmp/pull-$$

  echo "  tag → $dst"
  docker tag "$src" "$dst"

  echo "  push $dst"
-  docker push "$dst"
+  docker push "$dst" 2>&1 | tail -2

  echo "  cleanup local copy"
-  docker rmi "$src" "$dst" || true
+  docker rmi "$src" "$dst" 2>&1 | tail -1 || true
 done

 echo ""