chore(ci): migrate docker registry from Gitea to standalone registry.infra.mintel.me

.gitea/workflows/deploy.yml

@@ -301,41 +301,9 @@ jobs:
           perl -pi -e 's/link:\.\.\/\.\.\/_at-mintel\/packages\/pdf"/link:..\/\.\.\/_at-mintel\/packages\/pdf-library"/g' apps/web/package.json
       - name: 🐳 Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: 🔐 Prepare Registry Token
+      - name: 🔐 Registry Login
-        id: prep_token
         run: |
-          TOKEN="${{ secrets.NPM_TOKEN }}"
+          echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin
-          if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.MINTEL_PRIVATE_TOKEN }}"; fi
-          if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.GITEA_PAT }}"; fi
-          if [ -z "$TOKEN" ]; then echo "Missing NPM_TOKEN secret! Add it to Gitea repo settings."; exit 1; fi
-          echo "token=$TOKEN" >> $GITHUB_OUTPUT
-
-      - name: 🔐 Discover Valid Registry Token
-        id: discover_token
-        run: |
-          echo "Testing available secrets against git.infra.mintel.me Docker registry..."
-          TOKENS="${{ secrets.GITHUB_TOKEN }} ${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
-          USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
-
-          for TOKEN_RAW in $TOKENS; do
-            if [ -n "$TOKEN_RAW" ]; then
-              TOKEN=$(echo "$TOKEN_RAW" | tr -d ' ' | tr -d '\n' | tr -d '\r')
-              for U in $USERS; do
-                if [ -n "$U" ]; then
-                  echo "Attempting docker login for a token with user $U..."
-                  if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
-                    echo "✅ Successfully authenticated with a token."
-                    echo "::add-mask::$TOKEN"
-                    echo "token=$TOKEN" >> $GITHUB_OUTPUT
-                    echo "user=$U" >> $GITHUB_OUTPUT
-                    exit 0
-                  fi
-                fi
-              done
-            fi
-          done
-          echo "❌ All available tokens (GITEA_PAT, MINTEL_PRIVATE_TOKEN, NPM_TOKEN) failed to authenticate!"
-          exit 1
 
       - name: 🏗️ Build and Push
         uses: docker/build-push-action@v5
@@ -349,11 +317,11 @@ jobs:
             NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
             DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }}
             NPM_TOKEN=${{ secrets.NPM_TOKEN }}
-          tags: git.infra.mintel.me/mmintel/mintel.me:${{ needs.prepare.outputs.image_tag }}
+          tags: registry.infra.mintel.me/mintel/mintel.me:${{ needs.prepare.outputs.image_tag }}
-          cache-from: type=registry,ref=git.infra.mintel.me/mmintel/mintel.me:buildcache
+          cache-from: type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache
-          cache-to: type=registry,ref=git.infra.mintel.me/mmintel/mintel.me:buildcache,mode=max
+          cache-to: type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache,mode=max
           secrets: |
-            NPM_TOKEN=${{ steps.discover_token.outputs.token }}
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
 
       - name: 🚨 Extract Build Error Logs
         if: failure()
@@ -557,19 +525,13 @@ jobs:
           if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
           TOKEN="$VALID_TOKEN"
 
-          DB_CONTAINER="${{ needs.prepare.outputs.project_name }}-postgres-db-1"
+          # Deploy — alpha is pre-logged into registry.infra.mintel.me, no credential passing needed
-          # Write docker credentials to a temp file locally, scp to remote, use it for docker auth
-          B64_AUTH=$(printf '%s:%s' "$VALID_USER" "$TOKEN" | base64 | tr -d '\n')
-          printf '{"auths":{"git.infra.mintel.me":{"auth":"%s"}}}' "$B64_AUTH" > /tmp/docker_creds.json
-          scp /tmp/docker_creds.json root@alpha.mintel.me:/tmp/docker_creds.json
-          rm /tmp/docker_creds.json
           ssh root@alpha.mintel.me "
-            mkdir -p ~/.docker && cp /tmp/docker_creds.json ~/.docker/config.json && rm /tmp/docker_creds.json
             docker network create '${{ needs.prepare.outputs.project_name }}-internal' || true
             docker volume create 'mintel-me_payload-db-data' || true
             cd $SITE_DIR
-            docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file \"$ENV_FILE\" pull
+            docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE pull
-            docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file \"$ENV_FILE\" up -d --remove-orphans
+            docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file $ENV_FILE up -d --remove-orphans
           "
 
       - name: 🧹 Post-Deploy Cleanup (Runner)

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   mintel-me-app:
-    image: git.infra.mintel.me/mmintel/mintel.me:${IMAGE_TAG:-latest}
+    image: registry.infra.mintel.me/mintel/mintel.me:${IMAGE_TAG:-latest}
     restart: always
     networks:
       - default
@@ -55,8 +55,8 @@ services:
       - "traefik.http.middlewares.${PROJECT_NAME}-forward.headers.customrequestheaders.X-Forwarded-Ssl=on"
 
   gatekeeper:
-    profiles: [ "gatekeeper" ]
+    profiles: ["gatekeeper"]
-    image: git.infra.mintel.me/mmintel/gatekeeper:v1.7.12
+    image: registry.infra.mintel.me/mintel/gatekeeper:v1.7.12
     container_name: ${PROJECT_NAME:-mintel-me}-gatekeeper
     restart: always
     networks: