diff --git a/.gitea/workflows/container-image.yml b/.gitea/workflows/container-image.yml
index 6c01562..7ec892f 100644
--- a/.gitea/workflows/container-image.yml
+++ b/.gitea/workflows/container-image.yml
@@ -24,7 +24,8 @@ jobs:
       IMAGE_NAME: odysseus
       FALLBACK_OWNER: mrsphay
       REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
-      GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+      ACTIONS_TOKEN: ${{ gitea.token }}
+      SECRET_GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
     steps:
       - name: Checkout
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
@@ -37,21 +38,34 @@ jobs:
         run: |
           set -euo pipefail
 
-          registry_token="${REGISTRY_TOKEN:-${GITEA_TOKEN:-}}"
-          if [ -z "${registry_token}" ]; then
-            echo "REGISTRY_TOKEN or GITEA_TOKEN is required to publish ${REGISTRY}/${FALLBACK_OWNER}/${IMAGE_NAME}."
-            exit 1
-          fi
-
-          owner="${GITHUB_REPOSITORY_OWNER:-${FALLBACK_OWNER}}"
-          owner="$(printf '%s' "${owner}" | tr '[:upper:]' '[:lower:]')"
-          registry_user="${GITHUB_ACTOR:-${owner}}"
-          image="${REGISTRY}/${owner}/${IMAGE_NAME}"
+          owner="${GITHUB_REPOSITORY_OWNER:-MrSphay}"
+          registry_user="${REGISTRY_USER:-${owner}}"
+          image_owner="$(printf '%s' "${owner:-${FALLBACK_OWNER}}" | tr '[:upper:]' '[:lower:]')"
+          image="${REGISTRY}/${image_owner}/${IMAGE_NAME}"
           short_sha="$(printf '%s' "${GITHUB_SHA}" | cut -c1-7)"
           ref_name="${GITHUB_REF_NAME:-dev}"
           ref_tag="$(printf '%s' "${ref_name}" | tr '[:upper:]' '[:lower:]' | tr -cs 'a-z0-9._-' '-' | sed 's/^-//; s/-$//')"
 
-          echo "${registry_token}" | docker login "${REGISTRY}" --username "${registry_user}" --password-stdin
+          login_ok=false
+          for token_name in REGISTRY_TOKEN ACTIONS_TOKEN SECRET_GITEA_TOKEN; do
+            token_value="${!token_name:-}"
+            if [ -z "${token_value}" ]; then
+              continue
+            fi
+
+            echo "Trying registry login with ${token_name} as ${registry_user}."
+            if echo "${token_value}" | docker login "${REGISTRY}" --username "${registry_user}" --password-stdin; then
+              login_ok=true
+              break
+            fi
+
+            docker logout "${REGISTRY}" >/dev/null 2>&1 || true
+          done
+
+          if [ "${login_ok}" != "true" ]; then
+            echo "Registry login failed. Configure REGISTRY_TOKEN with package read/write access, or allow packages: write for the repository GITEA_TOKEN."
+            exit 1
+          fi
 
           docker build --pull \
             --tag "${image}:sha-${short_sha}" \