From d3f1a1841a0ccbf68f5f7adc1f3b9abab2091068 Mon Sep 17 00:00:00 2001
From: Jeremie Fraeys <jfaeys@gmail.com>
Date: Thu, 12 Feb 2026 13:18:59 -0500
Subject: [PATCH] ci: fix invalid secrets syntax in job-level if

---
 .forgejo/workflows/ci.yml | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
index 2e6b1b1..3d1cf71 100644
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@@ -21,7 +21,7 @@ env:
 jobs:
   test:
     name: Test
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     timeout-minutes: 30
 
     services:
@@ -109,7 +109,7 @@ jobs:
 
   dev-smoke:
     name: Dev Compose Smoke Test
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     needs: test
     timeout-minutes: 20
 
@@ -122,7 +122,7 @@ jobs:
 
   build:
     name: Build
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     needs: test
     timeout-minutes: 15
 
@@ -184,7 +184,7 @@ jobs:
 
   test-scripts:
     name: Test Scripts
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     needs: test
     timeout-minutes: 15
 
@@ -209,7 +209,7 @@ jobs:
 
   security-scan:
     name: Security Scan
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     timeout-minutes: 20
 
     steps:
@@ -239,12 +239,19 @@ jobs:
 
   docker-build:
     name: Docker Build
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     needs: [test, build, test-scripts]
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main' && secrets.GHCR_TOKEN != ''
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     timeout-minutes: 30
 
     steps:
+    - name: Check Docker registry secret
+      run: |
+        if [ -z "${{ secrets.GHCR_TOKEN }}" ]; then
+          echo "GHCR_TOKEN not set, skipping Docker build"
+          exit 0
+        fi
+
     - name: Checkout code
       uses: actions/checkout@v5