From 3c0dff07a861ad86369f28581981249c039889a0 Mon Sep 17 00:00:00 2001
From: Oleksandr Bezdieniezhnykh <oleksandr.bezdieniezhnykh@pwc.com>
Date: Mon, 20 Apr 2026 04:10:42 +0300
Subject: [PATCH] [AZ-205] Authenticate to Harbor before pushing build images

Add HARBOR_USER/HARBOR_TOKEN from Woodpecker secrets and a docker login
step before the existing build/push, so pipelines can push to the new
TLS-authenticated Harbor registry.
---
 .woodpecker/build-arm.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.woodpecker/build-arm.yml b/.woodpecker/build-arm.yml
index c905712..5b8e040 100644
--- a/.woodpecker/build-arm.yml
+++ b/.woodpecker/build-arm.yml
@@ -11,7 +11,12 @@ steps:
     environment:
       REGISTRY_HOST:
         from_secret: registry_host
+      HARBOR_USER:
+        from_secret: harbor_user
+      HARBOR_TOKEN:
+        from_secret: harbor_token
     commands:
+      - echo "$HARBOR_TOKEN" | docker login "$REGISTRY_HOST" -u "$HARBOR_USER" --password-stdin
       - if [ "$CI_COMMIT_BRANCH" = "main" ]; then export TAG=arm; else export TAG=${CI_COMMIT_BRANCH}-arm; fi
       - export BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)
       - |