fix: Build CI images on production server

- Add build-ci-image-production.sh script for building CI images on production
- Add BUILD_ON_PRODUCTION.md documentation
- Fix Dockerfile to handle optional PECL extensions for PHP 8.5 RC

This fixes the issue where Gitea workflows fail with:
'Error response from daemon: pull access denied for php-ci'

deployment/gitea-runner/BUILD_ON_PRODUCTION.md

@@ -0,0 +1,92 @@
+# CI Image auf Produktionsserver bauen
+
+## Problem
+
+Der Gitea Runner auf dem Produktionsserver versucht, das `php-ci:latest` Image zu pullen, aber es existiert nicht in der Registry oder lokal. Der Fehler lautet:
+
+```
+Error response from daemon: pull access denied for php-ci, repository does not exist or may require 'docker login'
+```
+
+## Lösung: Image direkt auf dem Produktionsserver bauen
+
+### Schritt 1: Auf den Produktionsserver verbinden
+
+```bash
+ssh user@production-server
+```
+
+### Schritt 2: Zum Projektverzeichnis wechseln
+
+```bash
+cd /path/to/michaelschiemer
+```
+
+### Schritt 3: CI Image bauen
+
+```bash
+cd deployment/gitea-runner
+./build-ci-image-production.sh
+```
+
+Das Script:
+- Baut das `php-ci:latest` Image
+- Baut das `docker-build:latest` Image
+- Lädt beide Images in den `gitea-runner-dind` Container
+
+### Schritt 4: Verifikation
+
+1. **Prüfe ob Images gebaut wurden:**
+   ```bash
+   docker images | grep -E "php-ci|docker-build"
+   ```
+
+2. **Prüfe ob Images in docker-dind geladen wurden:**
+   ```bash
+   docker exec gitea-runner-dind docker images | grep -E "php-ci|docker-build"
+   ```
+
+3. **Prüfe Runner Labels in Gitea UI:**
+   - Gehe zu: https://git.michaelschiemer.de/admin/actions/runners
+   - Der Runner sollte das `php-ci` Label zeigen
+
+4. **Teste einen Workflow:**
+   - Ein Workflow mit `runs-on: php-ci` sollte jetzt funktionieren
+
+## Alternative: Ansible Playbook verwenden
+
+Falls Ansible auf dem Produktionsserver verfügbar ist:
+
+```bash
+cd deployment/ansible
+ansible-playbook -i inventory/production.yml \
+  playbooks/setup-gitea-runner-ci.yml \
+  -e "project_root=/path/to/michaelschiemer"
+```
+
+## Troubleshooting
+
+**Image wird nicht in docker-dind gefunden:**
+- Stelle sicher, dass `gitea-runner-dind` läuft: `docker ps | grep docker-dind`
+- Lade das Image manuell: `docker save php-ci:latest | docker exec -i gitea-runner-dind docker load`
+
+**Runner zeigt php-ci Label nicht:**
+- Labels können nur bei der Registration geändert werden
+- Runner neu registrieren:
+  ```bash
+  cd deployment/gitea-runner
+  ./unregister.sh
+  ./register.sh
+  ```
+
+**Build schlägt fehl:**
+- Prüfe Docker-Logs: `docker logs gitea-runner-dind`
+- Stelle sicher, dass genug Speicherplatz vorhanden ist: `df -h`
+- Prüfe Docker-Daemon: `docker info`
+
+## Hinweise
+
+- Das Image ist ca. 1.85GB groß - der Build kann einige Minuten dauern
+- Stelle sicher, dass genug Speicherplatz auf dem Server vorhanden ist
+- Das Image wird lokal gebaut und muss nicht in die Registry gepusht werden (wird direkt in docker-dind geladen)
+

deployment/gitea-runner/build-ci-image-production.sh

@@ -0,0 +1,117 @@
+#!/bin/bash
+# Build CI Docker Image on Production Server
+# This script builds the php-ci image and loads it into docker-dind
+# Usage: ./build-ci-image-production.sh
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+# PHP CI Image
+PHP_CI_IMAGE="${CI_IMAGE_NAME:-php-ci:latest}"
+REGISTRY="${CI_REGISTRY:-registry.michaelschiemer.de}"
+PHP_CI_REGISTRY_IMAGE="${REGISTRY}/ci/php-ci:latest"
+
+# Docker Build Image
+DOCKER_BUILD_IMAGE="${DOCKER_BUILD_IMAGE_NAME:-docker-build:latest}"
+DOCKER_BUILD_REGISTRY_IMAGE="${REGISTRY}/ci/docker-build:latest"
+
+echo "🔨 Building CI Docker Images on Production Server..."
+echo ""
+echo "1. PHP CI Image: ${PHP_CI_IMAGE}"
+echo "   Dockerfile: ${PROJECT_ROOT}/docker/ci/Dockerfile"
+echo ""
+echo "2. Docker Build Image: ${DOCKER_BUILD_IMAGE}"
+echo "   Dockerfile: ${PROJECT_ROOT}/docker/ci/Dockerfile.build"
+echo ""
+
+cd "$PROJECT_ROOT"
+
+# Check if docker-dind is running
+if ! docker ps | grep -q "gitea-runner-dind"; then
+    echo "⚠️  Warning: gitea-runner-dind container not found"
+    echo "   Make sure the Gitea runner stack is running:"
+    echo "   cd ${SCRIPT_DIR} && docker compose up -d"
+    echo ""
+    read -p "Continue anyway? (y/N) " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        exit 1
+    fi
+fi
+
+# Build PHP CI image
+echo ""
+echo "📦 Building PHP CI image..."
+docker build \
+  -f docker/ci/Dockerfile \
+  -t "${PHP_CI_IMAGE}" \
+  -t "${PHP_CI_REGISTRY_IMAGE}" \
+  --platform linux/amd64 \
+  .
+
+# Build Docker Build image
+echo ""
+echo "📦 Building Docker Build image..."
+docker build \
+  -f docker/ci/Dockerfile.build \
+  -t "${DOCKER_BUILD_IMAGE}" \
+  -t "${DOCKER_BUILD_REGISTRY_IMAGE}" \
+  --platform linux/amd64 \
+  .
+
+echo ""
+echo "✅ Images built successfully!"
+echo ""
+
+# Load images into docker-dind
+if docker ps | grep -q "gitea-runner-dind"; then
+    echo "📥 Loading images into docker-dind..."
+    
+    echo "   Loading php-ci:latest..."
+    docker save "${PHP_CI_IMAGE}" | docker exec -i gitea-runner-dind docker load
+    
+    echo "   Loading docker-build:latest..."
+    docker save "${DOCKER_BUILD_IMAGE}" | docker exec -i gitea-runner-dind docker load
+    
+    echo ""
+    echo "✅ Images loaded into docker-dind"
+else
+    echo "⚠️  docker-dind container not running - skipping image load"
+    echo "   To load images later, run:"
+    echo "   docker save ${PHP_CI_IMAGE} | docker exec -i gitea-runner-dind docker load"
+    echo "   docker save ${DOCKER_BUILD_IMAGE} | docker exec -i gitea-runner-dind docker load"
+fi
+
+echo ""
+echo "📋 Summary:"
+echo ""
+echo "✅ Built images:"
+echo "   - ${PHP_CI_IMAGE}"
+echo "   - ${DOCKER_BUILD_IMAGE}"
+echo ""
+
+# Check if .env exists and show label configuration
+if [ -f "${SCRIPT_DIR}/.env" ]; then
+    echo "📝 Current GITEA_RUNNER_LABELS in .env:"
+    grep "^GITEA_RUNNER_LABELS=" "${SCRIPT_DIR}/.env" || echo "   (not found)"
+    echo ""
+    echo "💡 Make sure your .env contains:"
+    echo "   GITEA_RUNNER_LABELS=...,php-ci:docker://${PHP_CI_IMAGE}"
+    echo ""
+    echo "   Or for registry images:"
+    echo "   GITEA_RUNNER_LABELS=...,php-ci:docker://${PHP_CI_REGISTRY_IMAGE}"
+else
+    echo "⚠️  .env file not found at ${SCRIPT_DIR}/.env"
+    echo "   Create it from .env.example and add php-ci label"
+fi
+
+echo ""
+echo "✅ Setup complete! The php-ci image is now available for Gitea workflows."
+echo ""
+echo "📝 Next steps (if needed):"
+echo "   1. Verify runner labels in Gitea UI"
+echo "   2. Test a workflow with runs-on: php-ci"
+echo ""
+

docker/ci/Dockerfile

@@ -1,6 +1,6 @@
 # Dockerfile für CI/CD Workflows
 # Optimiert für Gitea Actions Runner mit PHP 8.5 und allen benötigten Tools
-ARG PHP_VERSION=8.5.0RC3
+ARG PHP_VERSION=8.5.0RC4
 # Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases
 FROM php:${PHP_VERSION}-cli
 
@@ -48,13 +48,15 @@ RUN docker-php-ext-configure gd \
     soap \
     gd
 
-# Installiere PECL Extensions
+# Installiere PECL Extensions (optional - kann bei PHP RC-Versionen fehlschlagen)
-RUN pecl install apcu redis-6.3.0RC1 \
+RUN (pecl install apcu redis-6.3.0RC1 2>/dev/null || true) \
-    && docker-php-ext-enable apcu redis
+    && (docker-php-ext-enable apcu redis 2>/dev/null || true) || true
 
-# Configure APCu
+# Configure APCu (nur wenn Extension installiert wurde)
-RUN echo "apc.enable_cli=1" >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini \
+RUN if php -m | grep -q apcu; then \
-    && echo "apc.shm_size=128M" >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini
+        echo "apc.enable_cli=1" >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini \
+        && echo "apc.shm_size=128M" >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
+    fi
 
 # Composer installieren
 RUN curl -sS https://getcomposer.org/installer | php \