From b68e41ed91583c1428e18585de1e95cc5c873da7 Mon Sep 17 00:00:00 2001
From: NexVeridian <nexveridian@gmail.com>
Date: Thu, 21 Aug 2025 14:26:43 -0700
Subject: [PATCH] fix docker

---
 .forgejo/workflows/docker.yml | 40 ++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/.forgejo/workflows/docker.yml b/.forgejo/workflows/docker.yml
index 278a963..87a3fe7 100644
--- a/.forgejo/workflows/docker.yml
+++ b/.forgejo/workflows/docker.yml
@@ -48,21 +48,13 @@ jobs:
 
       - uses: actions/checkout@v4
 
-      - name: Install Docker
+      - name: Install skopeo
         run: |
           mkdir -p ~/.local/bin
-          nix build -I nixpkgs=channel:nixos-unstable nixpkgs#docker -o ~/.local/docker
-          ln -sf ~/.local/docker/bin/docker ~/.local/bin/docker
+          nix build -I nixpkgs=channel:nixos-unstable nixpkgs#skopeo -o ~/.local/skopeo
+          ln -sf ~/.local/skopeo/bin/skopeo ~/.local/bin/skopeo
           echo "$HOME/.local/bin" >> $GITHUB_PATH
 
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ env.GITHUB_ACTOR }}
-          password: ${{ env.GITHUB_TOKEN }}
-
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
@@ -72,7 +64,13 @@ jobs:
       - name: Build Nix package
         run: nix build .#my-docker
 
-      # https://github.com/orgs/community/discussions/25768#discussioncomment-3249183
+      - name: Verify built image
+        run: |
+          export TMPDIR=/tmp
+          mkdir -p $TMPDIR
+          echo "Verifying image structure..."
+          skopeo inspect docker-archive:$(readlink -f result)
+
       - name: Downcase REPO
         run: |
           echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
@@ -82,12 +80,20 @@ jobs:
           STRIP_REPO_USERNAME=${REPO#nexveridian/}
           echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}
 
-      # https://github.com/docker/build-push-action/issues/538
-      - name: Push and tag Docker image
+      - name: Push Docker image with skopeo
         run: |
-          docker load < result
-          docker tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest
-          docker push ${{ env.REGISTRY }}/${{ env.REPO }}:latest
+          export TMPDIR=/tmp
+          mkdir -p $TMPDIR
+          IMAGE_PATH=$(readlink -f result)
+          echo "Pushing image from: $IMAGE_PATH"
+          echo "Target registry: ${{ env.REGISTRY }}/${{ env.REPO }}:latest"
+          echo "Using actor: ${{ github.actor }}"
+          echo "Token length: ${#GITHUB_TOKEN}"
+          skopeo copy \
+            --insecure-policy \
+            --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \
+            "docker-archive://$IMAGE_PATH" \
+            "docker://${{ env.REGISTRY }}/${{ env.REPO }}:latest"
 
       - name: Push to attic
         if: always()