From d6de131a9bfe82de22e1a743bba3ecf4c211bbe8 Mon Sep 17 00:00:00 2001
From: Gabriel Sancho <gabriel.sancho13@gmail.com>
Date: Fri, 27 Mar 2026 16:18:25 -0300
Subject: [PATCH] feat: update build workflow to create and publish all-in-one
 Docker image on approved PRs

---
 .gitea/workflows/build.yml    | 22 +++++++++++++++++++---
 .github/agents/infra.agent.md |  6 +++---
 CLAUDE.md                     | 12 ++++++------
 docker-compose.prod.yml       |  2 +-
 4 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index e8d47b9..4fd0dd2 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -1,4 +1,4 @@
-name: Build Production Image
+name: Build And Publish Production Image
 
 on:
   pull_request_review:
@@ -6,9 +6,12 @@ on:
 
 jobs:
   build:
-    name: Build Production Image
+    name: Build And Publish Production Image
     if: github.event.review.state == 'approved' && github.event.pull_request.base.ref == 'main'
     runs-on: ubuntu-latest
+    env:
+      REGISTRY: gitea.lab
+      IMAGE_NAME: sancho41/condado-newsletter
     steps:
       - uses: actions/checkout@v4
         with:
@@ -19,4 +22,17 @@ jobs:
         run: docker version
 
       - name: Build all-in-one image
-        run: docker build -t condado-newsletter:latest -f Dockerfile.allinone .
\ No newline at end of file
+        run: docker build -t condado-newsletter:latest -f Dockerfile.allinone .
+
+      - name: Log in to Gitea container registry
+        run: echo "${{ secrets.GITEA_REGISTRY_PASSWORD }}" | docker login ${REGISTRY} -u "${{ secrets.GITEA_REGISTRY_USERNAME }}" --password-stdin
+
+      - name: Tag registry images
+        run: |
+          docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:latest
+          docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
+
+      - name: Push registry images
+        run: |
+          docker push ${REGISTRY}/${IMAGE_NAME}:latest
+          docker push ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
\ No newline at end of file
diff --git a/.github/agents/infra.agent.md b/.github/agents/infra.agent.md
index ea5883e..02ca393 100644
--- a/.github/agents/infra.agent.md
+++ b/.github/agents/infra.agent.md
@@ -22,7 +22,7 @@ You are a senior DevOps / infrastructure engineer and software architect for the
 | `docker/supervisord.conf` | Supervisor config (manages postgres + java + nginx inside allinone) |
 | `docker/entrypoint.sh` | Allinone container entrypoint (DB init, env wiring, supervisord start) |
 | `.gitea/workflows/ci.yml` | CI: backend tests + frontend tests on pull requests to `develop` |
-| `.gitea/workflows/build.yml` | Build: create the local all-in-one image on approved PRs to `main` |
+| `.gitea/workflows/build.yml` | Build: create and publish the all-in-one image on approved PRs to `main` |
 | `.env.example` | Template for all environment variables |
 
 ## System Topology
@@ -81,9 +81,9 @@ All injected at runtime — never hardcoded in images.
 | Workflow | Trigger | What it does |
 |---|---|---|
 | `ci.yml` | Pull request to `develop` | Backend `./gradlew test` + Frontend `npm run test` |
-| `build.yml` | Approved PR review to `main` | Builds `condado-newsletter` on the target Docker host |
+| `build.yml` | Approved PR review to `main` | Builds `condado-newsletter` on the target Docker host, then pushes `latest` and `${github.sha}` tags to Gitea container registry |
 
-The runner shares the target Docker host, so this workflow produces the local `condado-newsletter` image directly on that host. `docker-compose.prod.yml` must reference that image and not local build directives.
+The runner shares the target Docker host, so this workflow builds the image locally, tags it for `gitea.lab/sancho41/condado-newsletter`, and pushes it to Gitea container registry. `docker-compose.prod.yml` must reference that published image and not local build directives.
 
 ## Implementation Rules
 
diff --git a/CLAUDE.md b/CLAUDE.md
index cafcdb3..0773977 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -83,8 +83,8 @@ The cycle for every step is:
 | Reverse Proxy     | Nginx (serves frontend + proxies `/api` to backend)          |
 | Dev Mail          | Mailhog (SMTP trap + web UI)                                 |
 | All-in-one image  | Single Docker image: Nginx + Spring Boot + PostgreSQL + Supervisor |
-| Image registry    | Local Docker image on the deployment host (`condado-newsletter`) |
-| CI/CD             | Gitea Actions — test PRs to `develop`, deploy approved PRs targeting `main` |
+| Image registry    | Gitea container registry (`gitea.lab/sancho41/condado-newsletter`) |
+| CI/CD             | Gitea Actions — test PRs to `develop`, build and publish the production image on approved PRs targeting `main` |
 
 ## Deployment Flavours
 
@@ -104,7 +104,7 @@ The all-in-one image (`Dockerfile.allinone`) bundles **everything** into a singl
 - **PostgreSQL** — embedded database
 - **Supervisor** — process manager that starts and supervises all three processes
 
-The all-in-one image is built locally or in external pipelines as needed (no default registry publish workflow in-repo).
+The all-in-one image is built on the runner host and then published to the Gitea container registry.
 
 **Minimal `docker run` command:**
 ```bash
@@ -121,7 +121,7 @@ docker run -d \
   -e IMAP_PORT=993 \
   -e APP_RECIPIENTS=friend1@example.com,friend2@example.com \
   -v condado-data:/var/lib/postgresql/data \
-  <registry-or-local-image>/condado-newsletter:latest
+  gitea.lab/sancho41/condado-newsletter:latest
 ```
 
 The app is then available at `http://localhost`.
@@ -575,9 +575,9 @@ Good examples:
 | Workflow file              | Trigger                    | What it does                                              |
 |----------------------------|----------------------------|-----------------------------------------------------------|
 | `.gitea/workflows/ci.yml`  | PR to `develop`            | Backend tests (`./gradlew test`) + Frontend tests (`npm run test`) |
-| `.gitea/workflows/build.yml` | Approved PR review on `main` | Build `condado-newsletter` locally on the runner host |
+| `.gitea/workflows/build.yml` | Approved PR review on `main` | Build `condado-newsletter`, then publish `latest` and `${github.sha}` tags to Gitea container registry |
 
-Build policy: the runner shares the target Docker host, so the build workflow produces the local `condado-newsletter` image directly on that host. `docker-compose.prod.yml` is image-based and can be started separately without build directives.
+Build policy: the runner shares the target Docker host, so the build workflow produces the image locally, tags it for `gitea.lab/sancho41/condado-newsletter`, and pushes it to Gitea container registry. `docker-compose.prod.yml` references that published image.
 
 ---
 
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 9a85feb..1391c39 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -1,6 +1,6 @@
 services:
   condado-newsletter:
-    image: condado-newsletter:latest
+    image: gitea.lab/sancho41/condado-newsletter:latest
     container_name: condado-newsletter
     restart: unless-stopped
     environment: