# ECP-0081: CI Boot Image Deployment to Forgejo Releases

Status: Implemented

## Context

Runner boot artifacts (netboot/ISO/SD) are currently built by hand from local Linux/Nix environments. That slows repeatable infra rollout and weakens traceability from commit to runnable images.

The constitution requires infrastructure definitions to live in-repo and stay independently operable. Boot image publication should follow the same Forgejo-primary CI model used for web deploys, while mirror hosts remain distribution-only.

## Decision

1. Add a dedicated Forgejo Actions workflow to build runner boot images from flake outputs in CI.
2. Trigger this workflow on:
   - manual dispatch (`workflow_dispatch`), and
   - release-style tags (`boot-v*`).
3. Publish built artifacts to Forgejo Releases on the primary host using repository-scoped API calls and the workflow token.
4. Exclude Codeberg mirror runs using the existing server guard (`github.server_url != 'https://codeberg.org'`).
5. Start with x86_64 image targets in CI (`netboot`, `iso`) to keep runtime/runner requirements explicit and reversible.

## Alternatives considered

- Keep boot image builds fully manual. Rejected because operator discipline alone does not provide consistent provenance.
- Push images to external object storage first. Rejected for now because Forgejo Releases are already part of the controlled primary platform.
- Build all architectures in one CI pass immediately. Rejected because runner architecture availability is not guaranteed and would make initial rollout brittle.

## Rollout / teardown plan

- Rollout:
  - merge workflow + docs,
  - run a manual dispatch to verify artifact publication,
  - optionally create `boot-v*` tags for versioned image drops.
- Teardown:
  - disable or delete the boot-image workflow,
  - continue using local/manual `nix build` paths from `docs/RUNNER_IMAGES.md`.