Problem
`Dockerfile.dev` is the source for `ghcr.io/guettli/sharedinbox-dev` but the image was pushed manually. There is no CI workflow that rebuilds and republishes the image when the Dockerfile changes, so the published image can silently drift from its source.
Plan
1. Add `.devcontainer/devcontainer.json`
Create `.devcontainer/devcontainer.json` referencing `../Dockerfile.dev` as the build source. This:
- Makes the relationship between the Dockerfile and the published image explicit and machine-readable
- Enables VS Code / Codespaces / any devcontainer-aware tool to build the environment directly from source
- Serves as the canonical definition that the CI workflow reads
2. Add `.forgejo/workflows/publish-dev-container.yml`
Trigger on push to `main` when `Dockerfile.dev` changes. Build and push the image to the Codeberg container registry (`codeberg.org/guettli/sharedinbox-dev`) using the built-in `FORGEJO_TOKEN` — no extra secrets needed.
Steps:
- `docker build -t codeberg.org/guettli/sharedinbox-dev:latest -f Dockerfile.dev .`
- Tag with the short commit SHA for pinnable references
- `docker push` both tags
3. Update image reference
Update any references from the manually-pushed `ghcr.io/guettli/sharedinbox-dev` to `codeberg.org/guettli/sharedinbox-dev`.
Alternative: Keep GHCR and push from CI using a `GITHUB_PAT_PACKAGES` secret (`write:packages` scope). Codeberg's own registry is simpler since `FORGEJO_TOKEN` works out of the box.
Acceptance criteria
- `.devcontainer/devcontainer.json` present and valid
- CI workflow triggers on `Dockerfile.dev` changes and pushes a new image
- Image tagged with both `latest` and the commit SHA
- No manual push step required to keep the image in sync
Agentloop runs
| # | Started (UTC) | Ended (UTC) | Status | Tokens in | Tokens out |
|---|---|---|---|---|---|
| 1 | 2026年06月09日 14:22:05 | 2026年06月09日 14:27:03 | success | 57 | 11 119 |