From e4b6c1cfe209dee2e570b09e1ba9685c3862b092 Mon Sep 17 00:00:00 2001
From: Timo Behrendt <t.behrendt@t00n.de>
Date: Sun, 25 Jan 2026 17:06:39 +0100
Subject: [PATCH] feat: add docker hub registry token

---
 .gitea/workflows/deploy.yaml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 567e7b2..12472af 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -136,3 +136,30 @@ jobs:
         with:
           helmfile-args: apply
           helmfile-workdirectory: "crowdsec"
+
+  deploy-docker-registry-secret:
+    runs-on: ubuntu-latest
+    needs: check-changes
+    steps:
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
+      - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4
+      - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+      - name: Set docker registry credentials
+        uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5
+        with:
+          namespace: default
+          secret-name: regcred-dockerhub
+          secret-type: generic
+          data: |
+            {
+              "docker-server": "https://hub.docker.com"
+              "docker-username": "${{ secrets.DOCKER_USERNAME }}"
+              "docker-password": "${{ secrets.DOCKER_PASSWORD }}"
+              "docker-email": "${{ secrets.DOCKER_EMAIL }}"
+            }
+      - name: Configure image pull secret globally
+        run: |
+          kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred-dockerhub"}]}'
-- 
2.49.1