From ebb2d9a2c58021ef875837ab926262e3cb408cef Mon Sep 17 00:00:00 2001
From: Kevin Riehl <kevinriehl@gmail.com>
Date: Wed, 13 May 2026 11:28:01 -0700
Subject: [PATCH] fix(ci): drop flaky GHA cache and merge image-scan into build

Mirrors the backend fix. The Gitea runner times out reaching the
GHA artifact cache backend during cache-to export, so drop type=gha
cache-from/cache-to entirely and fold trivy image scan into the
build job to avoid a wasted rebuild.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 8fe25c6..3a3038b 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -78,23 +78,6 @@ jobs:
           target: production
           tags: movieloop-frontend:ci-${{ github.sha }}
           load: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-  image-scan:
-    runs-on: ubuntu-latest
-    needs: [build]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile
-          target: production
-          tags: movieloop-frontend:ci-${{ github.sha }}
-          load: true
-          cache-from: type=gha
       - name: Install and run Trivy (image)
         run: |
           TRIVY_VERSION=0.70.0
@@ -105,7 +88,7 @@ jobs:
 
   push:
     runs-on: ubuntu-latest
-    needs: [build, image-scan, secrets-scan, sast, fs-scan]
+    needs: [build, secrets-scan, sast, fs-scan]
     if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')
     steps:
       - uses: actions/checkout@v4
@@ -132,4 +115,3 @@ jobs:
           target: production
           push: true
           tags: ${{ steps.meta.outputs.tags }}
-          cache-from: type=gha