From 73b5d831ede2394defa6458464871fe7ef56e60e Mon Sep 17 00:00:00 2001
From: Ryan Kegel <ryan.kegel@gmail.com>
Date: Tue, 10 Feb 2026 23:00:20 -0500
Subject: [PATCH] Modifying gitea actions.

---
 .gitea/workflows/build.yaml |  1 +
 backend/scripts/README.md   | 42 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index 3f5d791..2e0e4fb 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -21,6 +21,7 @@ jobs:
           else
             echo "tag=next" >> $GITHUB_OUTPUT
           fi
+          echo "Image tag is ${{ steps.vars.outputs.tag }}"
 
       - name: Resolve Gitea Server IP
         id: gitea_ip
diff --git a/backend/scripts/README.md b/backend/scripts/README.md
index 8a3ce62..b58d021 100644
--- a/backend/scripts/README.md
+++ b/backend/scripts/README.md
@@ -45,9 +45,49 @@ Create admin user 'admin@example.com'? (yes/no): yes
   Role: admin
 ```
 
+## hash_passwords.py
+
+Migrates existing plain text passwords in the database to secure hashed passwords.
+
+### Usage
+
+```bash
+cd backend
+python scripts/hash_passwords.py
+```
+
+### Description
+
+This script should be run once after deploying password hashing to convert any existing plain text passwords to secure hashes. It:
+
+- Reads all users from the database
+- Identifies plain text passwords (those not starting with hash prefixes)
+- Hashes plain text passwords using werkzeug's secure algorithm
+- Updates user records in the database
+- Skips already-hashed passwords
+- Reports the number of users updated
+
+### Security Notes
+
+- Run this script only once after password hashing deployment
+- Execute in a secure environment (admin access only)
+- Verify a few users can log in after migration
+- Delete or secure the script after use to prevent accidental re-execution
+- The script is idempotent - running it multiple times is safe but unnecessary
+
+### Example
+
+```bash
+$ python scripts/hash_passwords.py
+Password already hashed for user admin@example.com
+Hashed password for user user1@example.com
+Hashed password for user user2@example.com
+Migration complete. Updated 2 users.
+```
+
 ## Requirements
 
-The script requires the backend virtual environment to be activated:
+These scripts require the backend virtual environment to be activated:
 
 ```bash
 # Windows