The Gitea container registry token service scopes tokens to ROOT_URL
(git.schick-web.site). Pushing to the internal hostname (git.kimchi)
causes auth failures because the token domain doesn't match.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
buildah login succeeds but push doesn't pick up the stored auth.
Skip login and pass --creds directly to each push command instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove unnecessary registries.conf write (host already has it).
Add set -ex and echo markers between commands to pinpoint the hang.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
--tls-verify=false on login/push alone was not sufficient to prevent
the deploy from hanging. Register git.kimchi as an insecure registry
via registries.conf and add --tls-verify=false to buildah bud as well.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move the WASM build into a multi-stage Containerfile so the emscripten
compilation happens inside the Docker build. This eliminates the separate
container action step, enables Docker layer caching for faster rebuilds,
and makes the Containerfile self-contained.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
