chore(ci): migrate docker registry from Gitea to standalone registry.infra.mintel.me

.gitea/workflows/deploy.yml

@@ -207,32 +207,9 @@ jobs:
         uses: actions/checkout@v4
       - name: 🐳 Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: 🔐 Discover Valid Registry Token
-        id: discover_token
+      - name: 🔐 Registry Login
         run: |
-          echo "Testing available secrets against git.infra.mintel.me Docker registry..."
-          TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
-          USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
-
-          for TOKEN in $TOKENS; do
-            if [ -n "$TOKEN" ]; then
-              for U in $USERS; do
-                if [ -n "$U" ]; then
-                  echo "Attempting docker login for a token with user $U..."
-                  if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
-                    echo "✅ Successfully authenticated with a token."
-                    echo "::add-mask::$TOKEN"
-                    echo "token=$TOKEN" >> $GITHUB_OUTPUT
-                    echo "NPM_TOKEN=$TOKEN" >> $GITHUB_ENV
-                    echo "user=$U" >> $GITHUB_OUTPUT
-                    exit 0
-                  fi
-                fi
-              done
-            fi
-          done
-          echo "❌ All available tokens failed to authenticate!"
-          exit 1
+          echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin
       - name: 🏗️ Build and Push
         uses: docker/build-push-action@v5
         with:
@@ -245,10 +222,10 @@ jobs:
             NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
             UMAMI_WEBSITE_ID=${{ secrets.UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID }}
             UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }}
-            NPM_TOKEN=${{ steps.discover_token.outputs.token }}
-          tags: git.infra.mintel.me/mmintel/klz-2026:${{ needs.prepare.outputs.image_tag }}
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
+          tags: registry.infra.mintel.me/mintel/klz-2026:${{ needs.prepare.outputs.image_tag }}
           secrets: |
-            NPM_TOKEN=${{ steps.discover_token.outputs.token }}
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
 
   # ──────────────────────────────────────────────────────────────────────────────
   # JOB 4: Deploy
@@ -297,9 +274,9 @@ jobs:
       QDRANT_URL:          ${{ secrets.QDRANT_URL || vars.QDRANT_URL || 'http://klz-qdrant:6333' }}
       QDRANT_API_KEY:      ${{ secrets.QDRANT_API_KEY || vars.QDRANT_API_KEY }}
       REDIS_URL:           ${{ secrets.REDIS_URL || vars.REDIS_URL || 'redis://klz-redis:6379' }}
-      # Container Registry
-      REGISTRY_USER:       ${{ github.repository_owner }}
-      REGISTRY_PASS:       ${{ secrets.NPM_TOKEN }}
+      # Container Registry (standalone)
+      REGISTRY_USER:       ${{ secrets.REGISTRY_USER }}
+      REGISTRY_PASS:       ${{ secrets.REGISTRY_PASS }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -437,15 +414,8 @@ jobs:
           scp .env.deploy root@alpha.mintel.me:$SITE_DIR/$ENV_FILE
           scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml
           
-          # Execute remote commands
-          # Write docker credentials to a temp file on local, scp it, then use it on remote
-          echo "DEBUG: REGISTRY_USER=${REGISTRY_USER}, REGISTRY_PASS length=${#REGISTRY_PASS}"
-          B64_AUTH=$(printf '%s:%s' "${REGISTRY_USER}" "${REGISTRY_PASS}" | base64 | tr -d '\n')
-          echo "DEBUG: B64_AUTH length=${#B64_AUTH}"
-          printf '{"auths":{"git.infra.mintel.me":{"auth":"%s"}}}' "${B64_AUTH}" > /tmp/docker_creds.json
-          scp /tmp/docker_creds.json root@alpha.mintel.me:/tmp/docker_creds.json
-          rm /tmp/docker_creds.json
-          ssh root@alpha.mintel.me "mkdir -p ~/.docker && cp /tmp/docker_creds.json ~/.docker/config.json && rm /tmp/docker_creds.json && cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans"
+          # Execute remote commands — alpha is pre-logged into registry.infra.mintel.me
+          ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE pull && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE up -d --remove-orphans"
           
           # Sanitize Payload Migrations: Replace 'dev' push entries with proper migration names.
           # Without this, Payload prompts interactively for confirmation and blocks forever in Docker.