From b918ca451fa83b9f3fccc36d99bf732c767db415 Mon Sep 17 00:00:00 2001
From: Le Serjant <leserjant@proton.me>
Date: Mon, 16 Mar 2026 11:23:47 +0000
Subject: [PATCH] Add insecure registry config and --tls-verify=false to
 buildah bud

The previous --tls-verify=false on login/push wasn't sufficient.
Register git.kimchi as an insecure registry and also skip TLS
verification during the image build step.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 0967b9b..87c2180 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -21,10 +21,13 @@ jobs:
 
       - name: Build and push container image
         run: |
+          mkdir -p /etc/containers
+          printf '[registries.insecure]\nregistries = ["git.kimchi"]\n' > /etc/containers/registries.conf
+
           IMAGE_TAG="${{ env.IMAGE }}:sha-${GITHUB_SHA::8}"
           IMAGE_LATEST="${{ env.IMAGE }}:latest"
 
-          buildah bud -f Containerfile -t "$IMAGE_TAG" -t "$IMAGE_LATEST" .
+          buildah bud --tls-verify=false -f Containerfile -t "$IMAGE_TAG" -t "$IMAGE_LATEST" .
           buildah login --tls-verify=false "${{ env.REGISTRY }}" -u "${{ secrets.REGISTRY_USER }}" -p "${{ secrets.REGISTRY_PASSWORD }}"
           buildah push --tls-verify=false "$IMAGE_TAG"
           buildah push --tls-verify=false "$IMAGE_LATEST"