Migrate CI/CD from Docker Hub to GitHub Container Registry

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: cmyui

.github/workflows/production-deploy.yml

@@ -12,22 +12,26 @@ concurrency:
 jobs:
   production-deploy:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
 
     steps:
       - name: Check out latest commit
         uses: actions/checkout@v4
 
-      - name: Log in to Docker Hub
+      - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: osuakatsuki/beatmaps-service
+          images: ghcr.io/osuakatsuki/beatmaps-service
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
@@ -36,8 +40,8 @@ jobs:
           file: ./Dockerfile
           push: true
           tags: |
-            ${{ secrets.DOCKERHUB_USERNAME }}/beatmaps-service:latest
-            ${{ secrets.DOCKERHUB_USERNAME }}/beatmaps-service:${{ github.sha }}
+            ghcr.io/osuakatsuki/beatmaps-service:latest
+            ghcr.io/osuakatsuki/beatmaps-service:${{ github.sha }}
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Deploy to production
@@ -46,7 +50,11 @@ jobs:
           host: ${{ secrets.SERVER_HOST }}
           username: root
           key: ${{ secrets.SERVER_SSH_KEY }}
+          envs: GHCR_TOKEN
           script: |
+            echo "$GHCR_TOKEN" | docker login ghcr.io -u github-actions --password-stdin
             cd /opt/akatsuki
             docker compose pull beatmaps-service
             docker compose up -d beatmaps-service
+        env:
+          GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}