From 5df4c35fbd23cdbbd126b6f357acd7ee0ef42e6d Mon Sep 17 00:00:00 2001
From: Tomas Mihalicka <tomas@mihalicka.com>
Date: Wed, 7 Jan 2026 23:57:56 +0100
Subject: [PATCH 1/3] ci(backend): add Scaleway registry push with prod
 environment

Add push-registry job to CI workflow that:
- Runs only on push to main branch
- Uses 'prod' GitHub environment for secrets
- Pushes Docker image to Scaleway Container Registry
- Tags with commit SHA and 'latest'
---
 .github/workflows/ci-backend.yml | 44 ++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/.github/workflows/ci-backend.yml b/.github/workflows/ci-backend.yml
index ad36146..0ae5a8a 100644
--- a/.github/workflows/ci-backend.yml
+++ b/.github/workflows/ci-backend.yml
@@ -149,3 +149,47 @@ jobs:
           tags: ash-backend:${{ github.sha }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  push-registry:
+    name: Push to Scaleway Registry
+    runs-on: ubuntu-latest
+    needs: [test, clippy, docker]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment: prod
+
+    env:
+      REGISTRY: rg.fr-par.scw.cloud
+      IMAGE_NAME: ash-backend
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Scaleway Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: nologin
+          password: ${{ secrets.SCW_SECRET_KEY }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ secrets.SCW_PROJECT_ID }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=
+            type=raw,value=latest
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64

From acb87fdf8457d900dc8f309c8a59fa46d0cea424 Mon Sep 17 00:00:00 2001
From: Tomas Mihalicka <tomas@mihalicka.com>
Date: Thu, 8 Jan 2026 00:09:17 +0100
Subject: [PATCH 2/3] fix(backend): update Rust to 1.83 for cargo-chef
 compatibility

cargo-chef v0.1.73 uses Cargo.lock version 4 which requires Rust 1.78+.
Updated from 1.75 to 1.83 to resolve the lock file parsing error.
---
 backend/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index 8693b72..c75fd39 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -15,7 +15,7 @@
 # -----------------------------------------------------------------------------
 # Stage 1: Chef - Install cargo-chef for dependency caching
 # -----------------------------------------------------------------------------
-FROM rust:1.75-slim-bookworm AS chef
+FROM rust:1.83-slim-bookworm AS chef
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
     pkg-config \

From 6fc56b261e82d244bdd555845acb99d91a990394 Mon Sep 17 00:00:00 2001
From: Tomas Mihalicka <tomas@mihalicka.com>
Date: Thu, 8 Jan 2026 00:19:07 +0100
Subject: [PATCH 3/3] fix(ci): rename SCW_PROJECT_ID to SCW_REGISTRY_NAMESPACE
 and add tags

- Rename secret from SCW_PROJECT_ID to SCW_REGISTRY_NAMESPACE (more accurate)
- Add tags: short SHA, long SHA, branch name, semver patterns
- Pass VERSION and COMMIT_SHA as build args
- Fix double-slash issue in registry path

Required secret: SCW_REGISTRY_NAMESPACE (your Scaleway registry namespace)
---
 .github/workflows/ci-backend.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci-backend.yml b/.github/workflows/ci-backend.yml
index 0ae5a8a..d6698e5 100644
--- a/.github/workflows/ci-backend.yml
+++ b/.github/workflows/ci-backend.yml
@@ -178,10 +178,16 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.REGISTRY }}/${{ secrets.SCW_PROJECT_ID }}/${{ env.IMAGE_NAME }}
+          # SCW_REGISTRY_NAMESPACE should be set to your Scaleway registry namespace
+          # e.g., "ash-registry" or "monadial/ash"
+          images: ${{ env.REGISTRY }}/${{ secrets.SCW_REGISTRY_NAMESPACE }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=sha,prefix=
-            type=raw,value=latest
+            type=sha,format=short
+            type=sha,format=long
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
 
       - name: Build and push
         uses: docker/build-push-action@v6
@@ -193,3 +199,6 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           platforms: linux/amd64
+          build-args: |
+            VERSION=${{ github.ref_name }}
+            COMMIT_SHA=${{ github.sha }}