.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -45,7 +45,7 @@ jobs:
         run: |
           tea login add \
             --name gitea-rinoa \
-            --url "${{ secrets.RINOA_GITEA_URL }}" \
+            --url "${{ secrets.TREZ_GITEA_URL }}" \
             --user gitea-sonarqube-bot \
             --password "${{ secrets.BOT_GITEA_PASSWORD }}" \
             --token ${{ secrets.BOT_GITEA_TOKEN }}
@@ -164,18 +164,25 @@ jobs:
       #   run: |
       #     docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
 
-      - name: Login to registries
+      - name: Login to Docker Hub
         uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
-          registry-auth: |
-            - username: ${{ secrets.DOCKERHUB_USER }}
-              password: ${{ secrets.DOCKERHUB_PASSWORD }}
-            - registry: ghcr.io
-              username: ${{ secrets.GHCR_USER }}
-              password: ${{ secrets.GHCR_LOGIN_TOKEN }}
-            - registry: git.trez.wtf
-              username: ${{ secrets.BOT_GITEA_USER }}
-              password: ${{ secrets.BOT_GITEA_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USER }}
+          password: ${{ secrets.GHCR_LOGIN_TOKEN }}
+
+      - name: Login to Private Gitea Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: git.trez.wtf
+          username: ${{ secrets.BOT_GITEA_USER }}
+          password: ${{ secrets.BOT_GITEA_PASSWORD }}
 
       - name: Install Vault (only if not cached)
         uses: cpanato/vault-installer@main
@@ -360,7 +367,7 @@ jobs:
         run: |
           tea login add \
             --name gitea-rinoa \
-            --url "${{ secrets.RINOA_GITEA_URL }}" \
+            --url "${{ secrets.TREZ_GITEA_URL }}" \
             --user gitea-sonarqube-bot \
             --password "${{ secrets.BOT_GITEA_PASSWORD }}" \
             --token ${{ secrets.BOT_GITEA_TOKEN }}
@@ -417,18 +424,25 @@ jobs:
       #       -p ${RINOA_REGISTRY_PASSWORD} \
       #       git.trez.wtf
 
-      - name: Login to registries
+      - name: Login to Docker Hub
         uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
-          registry-auth: |
-            - username: ${{ secrets.DOCKERHUB_USER }}
-              password: ${{ secrets.DOCKERHUB_PASSWORD }}
-            - registry: ghcr.io
-              username: ${{ secrets.GHCR_USER }}
-              password: ${{ secrets.GHCR_LOGIN_TOKEN }}
-            - registry: git.trez.wtf
-              username: ${{ secrets.BOT_GITEA_USER }}
-              password: ${{ secrets.BOT_GITEA_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USER }}
+          password: ${{ secrets.GHCR_LOGIN_TOKEN }}
+
+      - name: Login to Private Gitea Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: git.trez.wtf
+          username: ${{ secrets.BOT_GITEA_USER }}
+          password: ${{ secrets.BOT_GITEA_PASSWORD }}
 
       - name: Gotify Notification
         uses: eikendev/gotify-action@master

.gitea/workflows/renovate-pr-deploy.yml

@@ -98,18 +98,25 @@ jobs:
           notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
           notification_message: "Starting Docker Compose run..."
 
-      - name: Login to registries
+      - name: Login to Docker Hub
         uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
-          registry-auth: |
-            - username: ${{ secrets.DOCKERHUB_USER }}
-              password: ${{ secrets.DOCKERHUB_PASSWORD }}
-            - registry: ghcr.io
-              username: ${{ secrets.GHCR_USER }}
-              password: ${{ secrets.GHCR_LOGIN_TOKEN }}
-            - registry: git.trez.wtf
-              username: ${{ secrets.BOT_GITEA_USER }}
-              password: ${{ secrets.BOT_GITEA_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USER }}
+          password: ${{ secrets.GHCR_LOGIN_TOKEN }}
+
+      - name: Login to Private Gitea Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: git.trez.wtf
+          username: ${{ secrets.BOT_GITEA_USER }}
+          password: ${{ secrets.BOT_GITEA_PASSWORD }}
 
       - name: Docker Compose Deployment
         uses: hoverkraft-tech/compose-action@40041ff1b97dbf152cd2361138c2b03fa29139df # v2.3.0

docker-compose.yml

@@ -5540,44 +5540,6 @@ services:
     security_opt:
       - no-new-privileges=true
     user: nobody
-  renovate:
-    container_name: renovate
-    environment:
-      # --- Authentication & platform ---
-      RENOVATE_TOKEN: "${RENOVATE_GITEA_TOKEN}" # Gitea personal access token for renovate-bot
-      RENOVATE_PLATFORM: "gitea"
-      RENOVATE_ENDPOINT: "https://git.${MY_TLD}/api/v1" # your Gitea URL
-      RENOVATE_USERNAME: "renovate-bot"
-      RENOVATE_GIT_AUTHOR: "Renovate Bot <it-services@trez.wtf>"
-      RENOVATE_GITHUB_COM_TOKEN: ${LIBRECHAT_GITHUB_TOKEN}
-
-      # --- Behavior ---
-      RENOVATE_AUTODISCOVER: "true" # discover all repos renovate-bot has access to
-      RENOVATE_ONBOARDING: "true" # create onboarding PR if repo not configured
-      RENOVATE_REQUIRE_CONFIG: "optional" # run even if no renovate config exists
-      RENOVATE_REDIS_URL: redis://renovate-valkey:6379
-      LOG_LEVEL: "info"
-
-      # --- Enable dependency dashboard ---
-      RENOVATE_EXTENDS: "config:base,:dependencyDashboard"
-
-      # --- Example package rules ---
-      RENOVATE_PRUNE_BRANCH_AFTER_AUTOMERG: false
-      RENOVATE_PRUNE_STALE_BRANCHES: true
-
-      # --- Scheduling ---
-      # Renovate will only process PRs/updates in this time window
-      RENOVATE_SCHEDULE: '["after 2am and before 6am"]'
-      OTEL_EXPORTER_OTLP_ENDPOINT: http://signoz-otel-collector:4318
-      OTEL_SERVICE_NAME: renovate
-      OTEL_SERVICE_NAMESPACE: renovate.${MY_TLD}
-    image: renovate/renovate:41.97.12-full@sha256:e20639264151d9dce8f0fc3b1219748f4844a76cc157263551d8e7e061daa60e
-    restart: unless-stopped
-  renovate-valkey:
-    container_name: renovate-valkey
-    <<: *valkey-params
-    volumes:
-      - renovate-valkey-data:/data/valkey
   rocketchat:
     container_name: rocketchat
     depends_on:
@@ -7360,8 +7322,6 @@ volumes:
     name: protonmail-data
   reactive-resume-pg:
     name: reactive-resume-pg
-  renovate-valkey-data:
-    name: renovate-valkey-data
   romm_resources:
     name: romm_resources
   romm-valkey-data: