forked from cartsnitch/cartsnitch
fix(ci): bind deploy PR API to secrets.CI_GITEA_TOKEN (CAR-1195)
deploy-dev and deploy-uat had CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
which is the package-scoped container-registry token. PR creation and
auto-merge against cartsnitch/infra would 403 on the first real push.
Bind to secrets.CI_GITEA_TOKEN (the token the infra checkout already
uses for branch push) so the Gitea API calls have repo-write scope.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -544,7 +544,7 @@ jobs:
|
||||
|
||||
- name: Commit and push to infra (via PR)
|
||||
env:
|
||||
CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
|
||||
run: |
|
||||
cd infra
|
||||
git config user.name "cartsnitch-ci[bot]"
|
||||
@@ -670,7 +670,7 @@ jobs:
|
||||
|
||||
- name: Commit and push to infra (via PR)
|
||||
env:
|
||||
CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
|
||||
run: |
|
||||
cd infra
|
||||
git config user.name "cartsnitch-ci[bot]"
|
||||
|
||||
Reference in New Issue
Block a user