From 5df4c35fbd23cdbbd126b6f357acd7ee0ef42e6d Mon Sep 17 00:00:00 2001
From: Tomas Mihalicka <tomas@mihalicka.com>
Date: Wed, 7 Jan 2026 23:57:56 +0100
Subject: [PATCH 1/2] ci(backend): add Scaleway registry push with prod
 environment

Add push-registry job to CI workflow that:
- Runs only on push to main branch
- Uses 'prod' GitHub environment for secrets
- Pushes Docker image to Scaleway Container Registry
- Tags with commit SHA and 'latest'
---
 .github/workflows/ci-backend.yml | 44 ++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/.github/workflows/ci-backend.yml b/.github/workflows/ci-backend.yml
index ad36146..0ae5a8a 100644
--- a/.github/workflows/ci-backend.yml
+++ b/.github/workflows/ci-backend.yml
@@ -149,3 +149,47 @@ jobs:
           tags: ash-backend:${{ github.sha }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  push-registry:
+    name: Push to Scaleway Registry
+    runs-on: ubuntu-latest
+    needs: [test, clippy, docker]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment: prod
+
+    env:
+      REGISTRY: rg.fr-par.scw.cloud
+      IMAGE_NAME: ash-backend
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Scaleway Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: nologin
+          password: ${{ secrets.SCW_SECRET_KEY }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ secrets.SCW_PROJECT_ID }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=
+            type=raw,value=latest
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64

From acb87fdf8457d900dc8f309c8a59fa46d0cea424 Mon Sep 17 00:00:00 2001
From: Tomas Mihalicka <tomas@mihalicka.com>
Date: Thu, 8 Jan 2026 00:09:17 +0100
Subject: [PATCH 2/2] fix(backend): update Rust to 1.83 for cargo-chef
 compatibility

cargo-chef v0.1.73 uses Cargo.lock version 4 which requires Rust 1.78+.
Updated from 1.75 to 1.83 to resolve the lock file parsing error.
---
 backend/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index 8693b72..c75fd39 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -15,7 +15,7 @@
 # -----------------------------------------------------------------------------
 # Stage 1: Chef - Install cargo-chef for dependency caching
 # -----------------------------------------------------------------------------
-FROM rust:1.75-slim-bookworm AS chef
+FROM rust:1.83-slim-bookworm AS chef
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
     pkg-config \