From 9abf0c908f9740c2d2b76bcd380e4507e8d1a4e4 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Wed, 3 Dec 2025 14:22:26 +0000
Subject: [PATCH 1/2] fix: replace CHARON_TOKEN with GITHUB_TOKEN for registry
 authentication

---
 .github/workflows/docker-publish.yml | 33 +++-------------------------
 1 file changed, 3 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 7ab2bf44..cdcdc388 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -83,27 +83,13 @@ jobs:
           DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' caddy:2-alpine)
           echo "image=$DIGEST" >> $GITHUB_OUTPUT
 
-      - name: Choose Registry Token
-        id: choose-registry-token
-        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
-        run: |
-          if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
-            echo "Using CHARON_TOKEN" >&2
-            echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_OUTPUT
-            echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
-          else
-            echo "Using CPMP_TOKEN fallback" >&2
-            echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_OUTPUT
-            echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
-          fi
-
       - name: Log in to Container Registry
         if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
-          password: ${{ steps.choose-registry-token.outputs.REGISTRY_PASSWORD }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels)
         if: steps.skip.outputs.skip_build != 'true'
@@ -172,7 +158,7 @@ jobs:
         uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
           sarif_file: 'trivy-results.sarif'
-          token: ${{ secrets.CHARON_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create summary
         if: steps.skip.outputs.skip_build != 'true'
@@ -215,25 +201,12 @@ jobs:
             echo "tag=sha-$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
           fi
 
-      - name: Choose Registry Token
-        id: choose-registry-token
-        run: |
-          if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
-            echo "Using CHARON_TOKEN" >&2
-            echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_OUTPUT
-            echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
-          else
-            echo "Using CPMP_TOKEN fallback" >&2
-            echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_OUTPUT
-            echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
-          fi
-
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ steps.choose-registry-token.outputs.REGISTRY_PASSWORD }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Pull Docker image
         run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}

From ff7c00e93193b6636eed2de9154ccc9d7a348cee Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Wed, 3 Dec 2025 14:29:35 +0000
Subject: [PATCH 2/2] fix: update Go version from 1.25.4 to 1.25.5

---
 go.work | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.work b/go.work
index c0216d1f..49e522aa 100644
--- a/go.work
+++ b/go.work
@@ -1,3 +1,3 @@
-go 1.25.4
+go 1.25.5
 
 use ./backend