Use lightweight container images for CI/CD

.forgejo/workflows/build.yml

@@ -3,6 +3,7 @@
 # =============================================================================
 # Triggers on push to main branch and pull requests
 # Builds: backend, frontend, chat-service, openresty
+# Uses docker:27-git (~50MB) instead of catthehacker/ubuntu (~1.5GB)
 # =============================================================================
 
 name: Build and Push
@@ -24,9 +25,12 @@ jobs:
   # ===========================================================================
   build-backend:
     runs-on: ubuntu-latest
+    container:
+      image: docker:27-git
+      options: --privileged
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: https://code.forgejo.org/actions/checkout@v4
 
       - name: Login to Forgejo Registry
         if: github.event_name == 'push'
@@ -51,9 +55,12 @@ jobs:
   # ===========================================================================
   build-frontend:
     runs-on: ubuntu-latest
+    container:
+      image: docker:27-git
+      options: --privileged
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: https://code.forgejo.org/actions/checkout@v4
 
       - name: Login to Forgejo Registry
         if: github.event_name == 'push'
@@ -78,9 +85,12 @@ jobs:
   # ===========================================================================
   build-chat:
     runs-on: ubuntu-latest
+    container:
+      image: docker:27-git
+      options: --privileged
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: https://code.forgejo.org/actions/checkout@v4
 
       - name: Login to Forgejo Registry
         if: github.event_name == 'push'
@@ -105,9 +115,12 @@ jobs:
   # ===========================================================================
   build-openresty:
     runs-on: ubuntu-latest
+    container:
+      image: docker:27-git
+      options: --privileged
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: https://code.forgejo.org/actions/checkout@v4
 
       - name: Login to Forgejo Registry
         if: github.event_name == 'push'

.forgejo/workflows/deploy.yml

@@ -3,6 +3,7 @@
 # =============================================================================
 # Triggers after successful build on main/master branch
 # SSHs to production server and updates containers
+# Uses alpine:3.19 (~7MB) instead of catthehacker/ubuntu (~1.5GB)
 # =============================================================================
 
 name: Deploy to Production
@@ -23,10 +24,15 @@ jobs:
     # Only deploy if build succeeded OR manual trigger
     if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
     runs-on: ubuntu-latest
+    container:
+      image: alpine:3.19
 
     steps:
+      - name: Install dependencies
+        run: apk add --no-cache openssh-client curl git
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: https://code.forgejo.org/actions/checkout@v4
 
       - name: Setup SSH key
         run: |