fix(cd): configure buildx for HTTP-only insecure registry

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

.gitea/workflows/cd-bootstrap.yml

@@ -88,37 +88,38 @@ jobs:
           echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_HOST }} \
             --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
       
-      - name: Build backend image
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          config-inline: |
+            [registry."192.168.241.13:8080"]
+              http = true
+              insecure = true
+      
+      - name: Build and push backend multi-arch image
         working-directory: ./backend
         run: |
-          docker build \
-            -t ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --tag ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
+            --tag ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }} \
+            --push \
             -f Dockerfile \
             .
       
-      - name: Tag with commit SHA
-        run: |
-          docker tag \
-            ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
-            ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
-      
-      - name: Push images to registry
-        run: |
-          docker push ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}
-          docker push ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
-      
-      - name: Capture push evidence
+      - name: Capture push evidence (multi-arch)
         run: |
           mkdir -p .sisyphus/evidence
           cat > .sisyphus/evidence/task-31-backend-push.json <<EOF
            {
-             "scenario": "backend_image_push",
+             "scenario": "backend_image_push_multiarch",
              "result": "success",
              "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
              "details": {
                "image": "${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}",
                "version_tag": "${{ needs.prepare.outputs.image_tag }}",
                "sha_tag": "sha-${{ needs.prepare.outputs.image_sha }}",
+               "platforms": "linux/amd64,linux/arm64",
                "registry": "${{ env.REGISTRY_HOST }}"
              }
            }
@@ -147,37 +148,38 @@ jobs:
           echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_HOST }} \
             --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
       
-      - name: Build frontend image
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          config-inline: |
+            [registry."192.168.241.13:8080"]
+              http = true
+              insecure = true
+      
+      - name: Build and push frontend multi-arch image
         working-directory: ./frontend
         run: |
-          docker build \
-            -t ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --tag ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
+            --tag ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }} \
+            --push \
             -f Dockerfile \
             .
       
-      - name: Tag with commit SHA
-        run: |
-          docker tag \
-            ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
-            ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
-      
-      - name: Push images to registry
-        run: |
-          docker push ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}
-          docker push ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
-      
-      - name: Capture push evidence
+      - name: Capture push evidence (multi-arch)
         run: |
           mkdir -p .sisyphus/evidence
           cat > .sisyphus/evidence/task-32-frontend-push.json <<EOF
            {
-             "scenario": "frontend_image_push",
+             "scenario": "frontend_image_push_multiarch",
              "result": "success",
              "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
              "details": {
                "image": "${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}",
                "version_tag": "${{ needs.prepare.outputs.image_tag }}",
                "sha_tag": "sha-${{ needs.prepare.outputs.image_sha }}",
+               "platforms": "linux/amd64,linux/arm64",
                "registry": "${{ env.REGISTRY_HOST }}"
              }
            }
@@ -210,6 +212,7 @@ jobs:
             "frontend_image": "${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}",
             "backend_job_conclusion": "${{ needs.backend-image.result }}",
             "frontend_job_conclusion": "${{ needs.frontend-image.result }}",
+            "build_platforms": "linux/amd64,linux/arm64",
             "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
           }
           EOF
@@ -228,10 +231,10 @@ jobs:
           echo "**Release Tag:** ${{ needs.prepare.outputs.image_tag }}" >> $GITHUB_STEP_SUMMARY
           echo "**Commit SHA:** ${{ needs.prepare.outputs.image_sha }}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          echo "### Published Images" >> $GITHUB_STEP_SUMMARY
-          echo "- **Backend:** \`${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "### Published Multi-Arch Images" >> $GITHUB_STEP_SUMMARY
+          echo "- **Backend:** \`${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\` (linux/amd64, linux/arm64)" >> $GITHUB_STEP_SUMMARY
           echo "- **Backend SHA:** \`${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}\`" >> $GITHUB_STEP_SUMMARY
-          echo "- **Frontend:** \`${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "- **Frontend:** \`${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\` (linux/amd64, linux/arm64)" >> $GITHUB_STEP_SUMMARY
           echo "- **Frontend SHA:** \`${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}\`" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "### Job Results" >> $GITHUB_STEP_SUMMARY