fix: handle fork PR permissions in Docker workflow

- Only push to registry for internal PRs (same repository)
- Build-only for fork PRs to test Docker compatibility
- Separate comments and summaries for different PR types
- Fixes permission issues with fork contributions

.github/workflows/auto-version.yml

@@ -31,6 +31,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
+        if: github.event.pull_request.head.repo.full_name == github.repository
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -47,7 +48,8 @@ jobs:
             type=raw,value=pr-${{ github.event.number }}-${{ github.sha }}
             type=raw,value=pr-${{ github.event.number }}
 
-      - name: Build and push Docker image
+      - name: Build and push Docker image (internal PRs)
+        if: github.event.pull_request.head.repo.full_name == github.repository
         uses: docker/build-push-action@v5
         with:
           context: .
@@ -58,7 +60,20 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      - name: Comment on PR with Docker info
+      - name: Build Docker image (fork PRs)
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Comment on PR with Docker info (internal PRs)
+        if: github.event.pull_request.head.repo.full_name == github.repository
         uses: actions/github-script@v7
         with:
           script: |
@@ -108,7 +123,33 @@ jobs:
               body: comment
             });
 
-      - name: Create deployment summary
+      - name: Comment on PR with Docker info (fork PRs)
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const prNumber = context.payload.pull_request.number;
+            const sha = context.sha.substring(0, 7);
+            
+            const comment = `🐳 **Docker Build Complete (Build Only)**
+            
+            **PR**: #${prNumber} | **Commit**: \`${sha}\`
+            
+            ✅ **Docker build successful** - Multi-platform image built and tested
+            
+            **Note**: Fork PRs only build (no push) for security. Images will be available once PR is merged.
+            
+            The Docker build confirms your changes are compatible with the containerized deployment.`;
+            
+            github.rest.issues.createComment({
+              issue_number: prNumber,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: comment
+            });
+
+      - name: Create deployment summary (internal PRs)
+        if: github.event.pull_request.head.repo.full_name == github.repository
         run: |
           echo "## 🐳 PR Docker Build Complete" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
@@ -118,3 +159,12 @@ jobs:
           echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
           echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
           echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+
+      - name: Create deployment summary (fork PRs)
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        run: |
+          echo "## 🐳 Docker Build Complete (Build Only)" >> $GITHUB_STEP_SUMMARY
+          echo "** PR**: #${{ github.event.number }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Commit**: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
+          echo "✅ Multi-platform Docker build successful" >> $GITHUB_STEP_SUMMARY
+          echo "Note: Fork PRs only build (no push) for security" >> $GITHUB_STEP_SUMMARY