The dev→uat 3-way merge of ci.yml conflicts on:
- CalVer logic (dev is the multi-line readable form)
- ref: main vs parameterized expression (dev wins, per CAR-1374)
- PR body base/head: dev wins (per CAR-1371 + acceptance criteria)
- CAR-1216 comment: dev added, uat didn't have it
Resolution: take dev's version of ci.yml (the corrected form per CAR-1373).
cc @cpfarhood
Migrates auth .gitea/workflows/ci.yml deploy-dev and deploy-uat
jobs from direct 'git push origin main' to cartsnitch/infra to the
CAR-1195 PR-bump pattern. Brings auth in line with cartsnitch/cartsnitch
and stops the red deploy-dev/deploy-uat jobs on main pushes.
Also fixes the registry-login password to use REGISTRY_TOKEN (CAR-1009
standard) instead of GITEA_TOKEN — uat already had this fix (CAR-1237);
main was lagging.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Migrates auth .gitea/workflows/ci.yml deploy-dev and deploy-uat
jobs from direct 'git push origin main' to cartsnitch/infra to the
CAR-1195 PR-bump pattern (open + (attempt) auto-merge an infra PR;
never hard-fail on approval gate, per CAR-1216). Brings auth in line
with cartsnitch/cartsnitch and stops the red deploy-uat job on every
uat push.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
ci(uat): runner-native Docker build + fix deploy infra token (CAR-1237)
Reviewed and merged by Savannah (CTO). Byte-identical to proven main except the spec-mandated REGISTRY_TOKEN registry-login (CAR-1009 standard).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Change A: replace build-and-push with runner-native Docker (no DinD service container)
- Change B: deploy-dev/deploy-uat use secrets.GITEA_TOKEN for infra checkout
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaces CI_GITEA_TOKEN (which lacks cross-repo access) with REGISTRY_TOKEN
for checkout of cartsnitch/infra in deploy-uat/deploy-dev jobs.
Fixes CAR-1147
The REGISTRY_TOKEN secret has write:package scope for git.farh.net.
This fixes the unauthorized error at docker login.
Related: CAR-1023 (REGISTRY_TOKEN setup), CAR-1009 (CI registry token standardization)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The github.token (automatic workflow token) in Gitea Actions
doesn't inherit packages:write permission for container registry.
Use the GITEA_TOKEN secret instead with direct docker login.
Ref: CAR-973, CAR-1009
docker/login-action@v3 fails with Gitea's automatic token.
Use direct docker login with github.token instead, which has
the necessary write:package scope for the container registry.
Related: CAR-1009 (CI registry token standardization)
echo "::notice::Refusing to push directly to protected branch — falling back to contents API"
exit 0
fi
PR_BODY=$(jq -n --arg head "cartsnitch:${BRANCH}" --arg base dev --arg title ("ci(dev): update auth image (" + env.GITHUB_SHA[:12] + ")") --arg body "Bumps apps/overlays/dev/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \
PR_BODY=$(jq -n --arg head "cartsnitch:${BRANCH}" --arg base dev --arg title "$TITLE" --arg body "Bumps apps/overlays/dev/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \
echo "::notice::Refusing to push directly to protected branch — falling back to contents API"
exit 0
fi
PR_BODY=$(jq -n --arg head "cartsnitch:${BRANCH}" --arg base uat --arg title ("ci(uat): update auth image (" + env.GITHUB_SHA[:12] + ")") --arg body "Bumps apps/overlays/uat/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \
PR_BODY=$(jq -n --arg head "cartsnitch:${BRANCH}" --arg base uat --arg title "$TITLE" --arg body "Bumps apps/overlays/uat/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Barcode Betty
Barcode Betty
Savannah Savings