The default GITHUB_TOKEN provided by Forgejo Actions lacks write:package
scope, so docker buildx push failed with 401 reqPackageAccess. Swap in
the repo-level REGISTRY_TOKEN secret (a PAT scoped write:package) for
docker login; github.actor still supplies the username.
Also drops the transient Docker environment diagnostics step — the
registry was the issue, the socket/buildx setup is fine.
Adds a manual-trigger hook so we don't need a fresh commit to re-run
this pipeline, and dumps docker/buildx state before the build so CI
failures are diagnosable without docker.sock guesswork.
Revive's `exported` check forced doc comments on every exported symbol —
that conflicts with the project's policy of only writing comments when
the "why" is non-obvious. Keep `var-naming`, `unused-parameter`, and
`early-return` for signal that doesn't mandate prose.
Builder uses golang:1.23-bookworm (matches runner-base:go-ci).
Runtime is debian:bookworm-slim with ffmpeg (server spec §3) plus a
non-root minstrel user. Release workflow builds from this Dockerfile.
Establishes the embed.FS and migrations/ layout up front. Migrate()
returns ErrNotConfigured intentionally — the real goose runner lands in
M2 alongside Postgres work, avoiding a toolchain bump to Go 1.24/1.25
through goose's transitive modernc.org/libc dependency chain.
Parses --config / SMARTMUSIC_CONFIG, loads YAML config with env overlay,
initializes slog, starts the chi HTTP server, and shuts down cleanly on
SIGINT/SIGTERM.
Initial module at git.fabledsword.com/bvandeusen/minstrel pinned to go
1.23.0 to match the runner-base:go-ci image. Dependencies kept minimal
(chi router, yaml.v3) so CI's first run is fast and contained.