Add managed registry provisioning, pruning, and readiness tracking

app/Actions/Registries/CreateRegistryAuthOperation.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Actions\Registries;
+
+use App\Enums\OperationKind;
+use App\Enums\OperationStatus;
+use App\Models\Operation;
+use App\Models\Registry;
+use App\Models\Server;
+use App\Services\Registries\RegistryDockerAuthScript;
+use InvalidArgumentException;
+
+class CreateRegistryAuthOperation
+{
+    public function __construct(
+        private readonly RegistryDockerAuthScript $registryDockerAuthScript,
+    ) {}
+
+    public function execute(Registry $registry, Server $server, string $scope): Operation
+    {
+        $auth = match ($scope) {
+            'build' => $this->registryDockerAuthScript->forBuild($registry, 'root'),
+            'runtime' => $this->registryDockerAuthScript->forRuntime($registry, 'root'),
+            default => throw new InvalidArgumentException('Registry auth scope must be build or runtime.'),
+        };
+
+        $operation = $server->operations()->create([
+            'kind' => OperationKind::CREDENTIAL_ROTATION,
+            'status' => OperationStatus::PENDING,
+        ]);
+
+        $operation->steps()->create([
+            'name' => 'Configure '.$scope.' registry auth',
+            'order' => 1,
+            'status' => OperationStatus::PENDING,
+            'script' => $auth['script'],
+            'secrets' => $auth['secrets'],
+        ]);
+
+        return $operation->refresh();
+    }
+}