From fa2be6182d929661223a12f42dd545ee0ba85255 Mon Sep 17 00:00:00 2001
From: NexVeridian <nexveridian@gmail.com>
Date: Thu, 21 Aug 2025 13:39:24 -0700
Subject: [PATCH] docker daemon

---
 .forgejo/workflows/docker.yml | 44 +++++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/.forgejo/workflows/docker.yml b/.forgejo/workflows/docker.yml
index 278a963..eeb85a0 100644
--- a/.forgejo/workflows/docker.yml
+++ b/.forgejo/workflows/docker.yml
@@ -48,21 +48,28 @@ jobs:
 
       - uses: actions/checkout@v4
 
-      - name: Install Docker
+      # Install skopeo from Nix (for daemonless image operations)
+      - name: Install skopeo
         run: |
           mkdir -p ~/.local/bin
-          nix build -I nixpkgs=channel:nixos-unstable nixpkgs#docker -o ~/.local/docker
-          ln -sf ~/.local/docker/bin/docker ~/.local/bin/docker
+          nix build -I nixpkgs=channel:nixos-unstable nixpkgs#skopeo -o ~/.local/skopeo
+          ln -sf ~/.local/skopeo/bin/skopeo ~/.local/bin/skopeo
           echo "$HOME/.local/bin" >> $GITHUB_PATH
+          # Create a simple policy file for skopeo
+          mkdir -p ~/.config/containers
+          cat > ~/.config/containers/policy.json << 'EOF'
+          {
+            "default": [
+              {
+                "type": "insecureAcceptAnything"
+              }
+            ]
+          }
+          EOF
+          skopeo --version
 
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ env.GITHUB_ACTOR }}
-          password: ${{ env.GITHUB_TOKEN }}
-
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
@@ -83,11 +90,18 @@ jobs:
           echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}
 
       # https://github.com/docker/build-push-action/issues/538
-      - name: Push and tag Docker image
+      - name: Push Docker image with skopeo
+        if: github.event_name != 'pull_request'
         run: |
-          docker load < result
-          docker tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest
-          docker push ${{ env.REGISTRY }}/${{ env.REPO }}:latest
+          # Debug: Check what files exist
+          ls -la
+          file result
+          readlink -f result
+          # Copy the image directly from the Nix result to the registry
+          skopeo copy \
+            --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
+            docker-archive:$(readlink -f result) \
+            docker://${{ env.REGISTRY }}/${{ env.REPO }}:latest
 
       - name: Push to attic
         if: always()