Merge pull request 'fix(ci): use CI_GITEA_TOKEN for cross-repo infra access in deploy jobs (CAR-1270)' (#34) from betty/car-1270-ci-gitea-token-uat into uat

2026-06-05 05:12:38 +00:00
parent 3198b21683 d5c5d2b6ba
commit 8a49fc57f1
1 changed files with 10 additions and 10 deletions
@@ -82,7 +82,7 @@ jobs:
        uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
-          token: ${{ secrets.GITEA_TOKEN }}
+          token: ${{ secrets.CI_GITEA_TOKEN }}
          ref: main
          path: infra
@@ -116,7 +116,7 @@ jobs:
      - name: Commit and push to infra (via PR)
        if: needs.build-and-push.result == 'success'
        env:
-          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
        run: |
          set -euo pipefail
          cd infra
@@ -135,7 +135,7 @@ jobs:
          PR_BODY=$(jq -n --arg head "$BRANCH" --arg body "Bumps apps/overlays/dev/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \
            '{head: $head, base: "main", title: ("ci(dev): update auth image (" + env.GITHUB_SHA[:12] + ")"), body: $body}')
          PR_JSON=$(curl -sS -X POST \
-            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Authorization: token ${CI_GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "$PR_BODY" \
            "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls")
@@ -146,7 +146,7 @@ jobs:
          fi
          echo "Opened cartsnitch/infra PR #${PR_NUM}"
          REVIEW_HTTP=$(curl -sS -o /dev/null -w '%{http_code}' -X POST \
-            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Authorization: token ${CI_GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d '{"reviewers":["cs_savannah"]}' \
            "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/requested_reviewers")
@@ -154,7 +154,7 @@ jobs:
            echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing"
          fi
          MERGE_RESP=$(curl -sS -X POST \
-            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Authorization: token ${CI_GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d '{"Do":"merge","delete_branch_after_merge":true}' \
            "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")
@@ -181,7 +181,7 @@ jobs:
        uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
-          token: ${{ secrets.GITEA_TOKEN }}
+          token: ${{ secrets.CI_GITEA_TOKEN }}
          ref: main
          path: infra
@@ -215,7 +215,7 @@ jobs:
      - name: Commit and push to infra (via PR)
        if: needs.build-and-push.result == 'success'
        env:
-          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
        run: |
          set -euo pipefail
          cd infra
@@ -234,7 +234,7 @@ jobs:
          PR_BODY=$(jq -n --arg head "$BRANCH" --arg body "Bumps apps/overlays/uat/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \
            '{head: $head, base: "main", title: ("ci(uat): update auth image (" + env.GITHUB_SHA[:12] + ")"), body: $body}')
          PR_JSON=$(curl -sS -X POST \
-            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Authorization: token ${CI_GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "$PR_BODY" \
            "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls")
@@ -245,7 +245,7 @@ jobs:
          fi
          echo "Opened cartsnitch/infra PR #${PR_NUM}"
          REVIEW_HTTP=$(curl -sS -o /dev/null -w '%{http_code}' -X POST \
-            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Authorization: token ${CI_GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d '{"reviewers":["cs_savannah"]}' \
            "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/requested_reviewers")
@@ -253,7 +253,7 @@ jobs:
            echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing"
          fi
          MERGE_RESP=$(curl -sS -X POST \
-            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Authorization: token ${CI_GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d '{"Do":"merge","delete_branch_after_merge":true}' \
            "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")