feat: adopt cameleer build images for CI pipeline

Use cameleer-build:1 (Maven 3.9 + Temurin 21) container instead of
setup-java. Use cameleer-docker-builder:1 for Docker image builds
with registry push. Aligns with cameleer3-server CI pattern.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/ci.yml

@@ -1,15 +1,22 @@
-# .gitea/workflows/ci.yml
 name: CI
 
 on:
   push:
-    branches: [main]
+    branches: [main, 'feature/**', 'fix/**', 'feat/**']
+    tags-ignore:
+      - 'v*'
   pull_request:
     branches: [main]
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.event_name != 'delete'
+    container:
+      image: gitea.siegeln.net/cameleer/cameleer-build:1
+      credentials:
+        username: cameleer
+        password: ${{ secrets.REGISTRY_TOKEN }}
     services:
       postgres:
         image: postgres:16-alpine
@@ -17,29 +24,75 @@ jobs:
           POSTGRES_DB: cameleer_saas_test
           POSTGRES_USER: test
           POSTGRES_PASSWORD: test
-        ports:
-          - 5432:5432
         options: >-
           --health-cmd pg_isready
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
-
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-java@v4
+      - name: Cache Maven dependencies
+        uses: actions/cache@v4
         with:
-          distribution: temurin
+          path: ~/.m2/repository
-          java-version: 21
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          cache: maven
+          restore-keys: ${{ runner.os }}-maven-
 
-      - name: Run tests
+      - name: Build and Test
-        run: ./mvnw verify -B
+        run: mvn clean verify -B
         env:
-          SPRING_DATASOURCE_URL: jdbc:postgresql://localhost:5432/cameleer_saas_test
+          SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/cameleer_saas_test
           SPRING_DATASOURCE_USERNAME: test
           SPRING_DATASOURCE_PASSWORD: test
 
-      - name: Build Docker image
+  docker:
-        run: docker build -t cameleer-saas:${{ github.sha }} .
+    needs: build
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+    container:
+      image: gitea.siegeln.net/cameleer/cameleer-docker-builder:1
+      credentials:
+        username: cameleer
+        password: ${{ secrets.REGISTRY_TOKEN }}
+    steps:
+      - name: Checkout
+        run: |
+          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Login to registry
+        run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Compute image tags
+        run: |
+          sanitize_branch() {
+            echo "$1" | sed -E 's#^(feature|fix|feat|hotfix)/##' \
+              | tr '[:upper:]' '[:lower:]' \
+              | sed 's/[^a-z0-9-]/-/g' \
+              | sed 's/--*/-/g; s/^-//; s/-$//' \
+              | cut -c1-20 \
+              | sed 's/-$//'
+          }
+          if [ "$GITHUB_REF_NAME" = "main" ]; then
+            echo "IMAGE_TAGS=latest" >> "$GITHUB_ENV"
+          else
+            SLUG=$(sanitize_branch "$GITHUB_REF_NAME")
+            echo "IMAGE_TAGS=branch-$SLUG" >> "$GITHUB_ENV"
+          fi
+
+      - name: Build and push
+        run: |
+          TAGS="-t gitea.siegeln.net/cameleer/cameleer-saas:${{ github.sha }}"
+          for TAG in $IMAGE_TAGS; do
+            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-saas:$TAG"
+          done
+          docker build $TAGS --provenance=false .
+          for TAG in $IMAGE_TAGS ${{ github.sha }}; do
+            docker push gitea.siegeln.net/cameleer/cameleer-saas:$TAG
+          done
+        env:
+          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}