ci: add image-build workflow + document required runner label and RELEASE_TOKEN

Pushes :dev on every dev push; pushes :main and :latest on main.
Uses RELEASE_TOKEN (a broader-scoped Forgejo PAT covering write:package,
read:package, write:release, write:issue) so the same secret can serve
future release-cutting and issue-management workflows.

README now documents the fabledcurator-ci runner label and the required
RELEASE_TOKEN scopes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-14 07:52:55 -04:00
parent 8cbe963b37
commit edb3fafd4d
2 changed files with 82 additions and 0 deletions
+12
View File
@@ -21,6 +21,18 @@ docker compose up -d
FabledCurator is designed to run inside a self-hosted homelab environment over plain HTTP. If you want TLS, terminate it at your reverse proxy. The app does not generate certificates, redirect to HTTPS, or set HSTS.
## CI / Forgejo setup
The repo's workflows expect:
- **Runner label `fabledcurator-ci`** — a Forgejo runner with Python 3.14, ruff, and Node 22 pre-installed. Both `ci.yml` and `build.yml` use this label.
- **Repo secret `RELEASE_TOKEN`** — a Forgejo PAT with the following scopes:
- `write:package` + `read:package` — for `docker push` to `git.fabledsword.com`
- `write:release` — for future release-cutting workflows
- `write:issue` — for future issue-management automation
Generate at https://git.fabledsword.com/user/settings/applications. The injected `GITHUB_TOKEN` cannot be used because it lacks `write:package`.
## License
Personal project; use at your own discretion.