Fix act_runner auth: short-form local actions + full GitHub URLs

DEFAULT_ACTIONS_URL=self requires local actions use short form
(cal/gitea-actions/...) so the runner passes its auth token, and
GitHub actions use full URLs (https://github.com/...) to bypass
local resolution.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitea/workflows/build.yml

@@ -22,81 +22,56 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: https://github.com/actions/checkout@v4
         with:
           fetch-depth: 0  # Full history for tag counting
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: https://github.com/docker/setup-buildx-action@v3
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: https://github.com/docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      # Generate CalVer: YYYY.MM.BUILD
-      # BUILD = count of tags matching current month + 1
       - name: Generate CalVer version
-        id: meta
+        id: calver
-        run: |
+        uses: cal/gitea-actions/calver@main
-          YEAR=$(date -u +%Y)
-          MONTH=$(date -u +%-m)
-          PREFIX="${YEAR}.${MONTH}."
-
-          # Count existing tags for this month
-          git fetch --tags
-          BUILD=$(git tag -l "${PREFIX}*" | wc -l)
-          BUILD=$((BUILD + 1))
-
-          VERSION="${PREFIX}${BUILD}"
-          SHA_SHORT=$(echo ${{ github.sha }} | cut -c1-7)
-
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
-          echo "sha_short=${SHA_SHORT}" >> $GITHUB_OUTPUT
-          echo "version_sha=${VERSION}-${SHA_SHORT}" >> $GITHUB_OUTPUT
-          echo "branch=${{ github.ref_name }}" >> $GITHUB_OUTPUT
-          echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
-
-          echo "CalVer version: ${VERSION}"
 
       # Dev build: push with dev + dev-SHA tags (PR/feature branches)
       - name: Build Docker image (dev)
         if: github.ref != 'refs/heads/main'
-        uses: docker/build-push-action@v5
+        uses: https://github.com/docker/build-push-action@v5
         with:
           context: .
           push: true
           tags: |
             manticorum67/paper-dynasty-database:dev
-            manticorum67/paper-dynasty-database:dev-${{ steps.meta.outputs.sha_short }}
+            manticorum67/paper-dynasty-database:dev-${{ steps.calver.outputs.sha_short }}
           cache-from: type=registry,ref=manticorum67/paper-dynasty-database:buildcache
           cache-to: type=registry,ref=manticorum67/paper-dynasty-database:buildcache,mode=max
 
       # Production build: push with latest + CalVer tags (main only)
       - name: Build Docker image (production)
         if: github.ref == 'refs/heads/main'
-        uses: docker/build-push-action@v5
+        uses: https://github.com/docker/build-push-action@v5
         with:
           context: .
           push: true
           tags: |
             manticorum67/paper-dynasty-database:latest
-            manticorum67/paper-dynasty-database:${{ steps.meta.outputs.version }}
+            manticorum67/paper-dynasty-database:${{ steps.calver.outputs.version }}
-            manticorum67/paper-dynasty-database:${{ steps.meta.outputs.version_sha }}
+            manticorum67/paper-dynasty-database:${{ steps.calver.outputs.version_sha }}
           cache-from: type=registry,ref=manticorum67/paper-dynasty-database:buildcache
           cache-to: type=registry,ref=manticorum67/paper-dynasty-database:buildcache,mode=max
 
-      # Create git tag via Gitea API (avoids branch protection issues)
       - name: Tag release
         if: success() && github.ref == 'refs/heads/main'
-        run: |
+        uses: cal/gitea-actions/gitea-tag@main
-          curl -s -X POST \
+        with:
-            -H "Authorization: token ${{ github.token }}" \
+          version: ${{ steps.calver.outputs.version }}
-            -H "Content-Type: application/json" \
+          token: ${{ github.token }}
-            -d "{\"tag_name\": \"${{ steps.meta.outputs.version }}\", \"target\": \"${{ github.sha }}\", \"name\": \"${{ steps.meta.outputs.version }}\"}" \
-            "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/tags"
-          echo "Created tag ${{ steps.meta.outputs.version }}"
 
       - name: Build Summary
         run: |
@@ -104,13 +79,13 @@ jobs:
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "**Image Tags:**" >> $GITHUB_STEP_SUMMARY
           echo "- \`manticorum67/paper-dynasty-database:latest\`" >> $GITHUB_STEP_SUMMARY
-          echo "- \`manticorum67/paper-dynasty-database:${{ steps.meta.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "- \`manticorum67/paper-dynasty-database:${{ steps.calver.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
-          echo "- \`manticorum67/paper-dynasty-database:${{ steps.meta.outputs.version_sha }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "- \`manticorum67/paper-dynasty-database:${{ steps.calver.outputs.version_sha }}\`" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "**Build Details:**" >> $GITHUB_STEP_SUMMARY
-          echo "- Branch: \`${{ steps.meta.outputs.branch }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "- Branch: \`${{ steps.calver.outputs.branch }}\`" >> $GITHUB_STEP_SUMMARY
           echo "- Commit: \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
-          echo "- Timestamp: \`${{ steps.meta.outputs.timestamp }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "- Timestamp: \`${{ steps.calver.outputs.timestamp }}\`" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           if [ "${{ github.ref }}" == "refs/heads/main" ]; then
             echo "Pushed to Docker Hub!" >> $GITHUB_STEP_SUMMARY
@@ -122,78 +97,20 @@ jobs:
 
       - name: Discord Notification - Success
         if: success() && github.ref == 'refs/heads/main'
-        run: |
+        uses: cal/gitea-actions/discord-notify@main
-          curl -H "Content-Type: application/json" \
+        with:
-            -d '{
+          webhook_url: ${{ secrets.DISCORD_WEBHOOK }}
-              "embeds": [{
+          title: "Paper Dynasty Database"
-                "title": "Paper Dynasty Database - Build Successful",
+          status: success
-                "description": "Docker image built and pushed to Docker Hub",
+          version: ${{ steps.calver.outputs.version }}
-                "color": 3066993,
+          image_tag: ${{ steps.calver.outputs.version_sha }}
-                "fields": [
+          commit_sha: ${{ steps.calver.outputs.sha_short }}
-                  {
+          timestamp: ${{ steps.calver.outputs.timestamp }}
-                    "name": "Version",
-                    "value": "`${{ steps.meta.outputs.version }}`",
-                    "inline": true
-                  },
-                  {
-                    "name": "Image Tag",
-                    "value": "`${{ steps.meta.outputs.version_sha }}`",
-                    "inline": true
-                  },
-                  {
-                    "name": "Commit",
-                    "value": "`${{ steps.meta.outputs.sha_short }}`",
-                    "inline": true
-                  },
-                  {
-                    "name": "Author",
-                    "value": "${{ github.actor }}",
-                    "inline": true
-                  },
-                  {
-                    "name": "View Run",
-                    "value": "[Click here](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})",
-                    "inline": false
-                  }
-                ],
-                "timestamp": "${{ steps.meta.outputs.timestamp }}"
-              }]
-            }' \
-            ${{ secrets.DISCORD_WEBHOOK }}
 
       - name: Discord Notification - Failure
         if: failure() && github.ref == 'refs/heads/main'
-        run: |
+        uses: cal/gitea-actions/discord-notify@main
-          TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+        with:
-          curl -H "Content-Type: application/json" \
+          webhook_url: ${{ secrets.DISCORD_WEBHOOK }}
-            -d '{
+          title: "Paper Dynasty Database"
-              "embeds": [{
+          status: failure
-                "title": "Paper Dynasty Database - Build Failed",
-                "description": "Docker build encountered an error.",
-                "color": 15158332,
-                "fields": [
-                  {
-                    "name": "Branch",
-                    "value": "`${{ github.ref_name }}`",
-                    "inline": true
-                  },
-                  {
-                    "name": "Commit",
-                    "value": "`${{ github.sha }}`",
-                    "inline": true
-                  },
-                  {
-                    "name": "Author",
-                    "value": "${{ github.actor }}",
-                    "inline": true
-                  },
-                  {
-                    "name": "View Logs",
-                    "value": "[Click here](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})",
-                    "inline": false
-                  }
-                ],
-                "timestamp": "'"$TIMESTAMP"'"
-              }]
-            }' \
-            ${{ secrets.DISCORD_WEBHOOK }}