Barcode Betty
4035e7d3c0
CI / lint (pull_request) Successful in 22s
CI / e2e (pull_request) Successful in 58s
CI / test (pull_request) Successful in 1m5s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / audit (pull_request) Failing after 1m4s
The deploy-dev and deploy-uat jobs were using secrets.GITEA_DEPLOY_KEY, which is a deploy key scoped only to cartsnitch/app and never had its public counterpart added to cartsnitch/infra. The empty secret resolved to an empty token, causing actions/checkout to fail with 'Input required and not supplied: token' and the job to surface as a 403 Forbidden on the cross-repo clone. Switch both jobs to use secrets.REGISTRY_TOKEN, the existing Gitea PAT already used in this workflow for the container registry login. As a Gitea PAT it carries the broader scope (write:repository, write:package) required for both the cross-repo checkout and the subsequent push back to cartsnitch/infra on main. Co-Authored-By: Paperclip <noreply@paperclip.ing>