new all workflow

.gitea/workflows/build-image.yaml

@@ -16,13 +16,18 @@ on:
 
 jobs:
   build:
-    # Runs in our custom ubuntu-act-runner image (Node 20 + Docker CLI + git)
-    # Docker daemon is the DinD sidecar via DOCKER_HOST=tcp://localhost:2376
-    runs-on: ubuntu-latest
+    # Runs directly on runner host — buildah+skopeo available via tools volume
+    # No container spawned, no internet required in container
+    runs-on: docker
 
     steps:
       - name: 🔎 Checkout
-        uses: actions/checkout@v4
+        run: |
+          git clone \
+            --depth 1 \
+            --branch "${{ gitea.ref_name }}" \
+            "http://${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}@gitea.mod.home/ansible/ansible-runner.git" \
+            .
 
       - name: 🏷️ Set Image Tags
         id: tags
@@ -37,30 +42,34 @@ jobs:
           echo "tag_sha=${REGISTRY}/${ORG}/${IMAGE}:${SHORT_SHA}" >> $GITHUB_OUTPUT
           echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT
 
-      - name: 🐳 Docker Login → Gitea Registry
-        run: |
-          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
-            docker login gitea.mod.home \
-              --username "${{ secrets.REGISTRY_USER }}" \
-              --password-stdin
-
-      - name: 🐳 Build Image
+      - name: 🔨 Build Image
         run: |
           BUILD_ARGS=""
           if [ "${{ inputs.force_rebuild }}" = "true" ]; then
             BUILD_ARGS="--no-cache"
           fi
 
-          docker build ${BUILD_ARGS} \
+          buildah bud \
+            --storage-driver vfs \
+            ${BUILD_ARGS} \
             -t ${{ steps.tags.outputs.tag_latest }} \
             -t ${{ steps.tags.outputs.tag_sha }} \
             -f docker/Dockerfile \
             docker/
 
-      - name: 🐳 Push Image
+      - name: 📤 Push Image → Gitea Registry
         run: |
-          docker push ${{ steps.tags.outputs.tag_latest }}
-          docker push ${{ steps.tags.outputs.tag_sha }}
+          skopeo copy \
+            --dest-tls-verify=false \
+            --dest-creds "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}" \
+            containers-storage:${{ steps.tags.outputs.tag_latest }} \
+            docker://${{ steps.tags.outputs.tag_latest }}
+
+          skopeo copy \
+            --dest-tls-verify=false \
+            --dest-creds "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}" \
+            containers-storage:${{ steps.tags.outputs.tag_sha }} \
+            docker://${{ steps.tags.outputs.tag_sha }}
 
       - name: 📨 Telegram Notification
         if: always()