fix(ci): bind deploy PR API to secrets.CI_GITEA_TOKEN (CAR-1195)

deploy-dev and deploy-uat had CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
which is the package-scoped container-registry token. PR creation and
auto-merge against cartsnitch/infra would 403 on the first real push.
Bind to secrets.CI_GITEA_TOKEN (the token the infra checkout already
uses for branch push) so the Gitea API calls have repo-write scope.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
2026-06-03 20:39:21 +00:00
parent 2573de86d5
commit 3a69ec29b5
+2 -2
View File
@@ -544,7 +544,7 @@ jobs:
- name: Commit and push to infra (via PR)
env:
CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
run: |
cd infra
git config user.name "cartsnitch-ci[bot]"
@@ -670,7 +670,7 @@ jobs:
- name: Commit and push to infra (via PR)
env:
CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
run: |
cd infra
git config user.name "cartsnitch-ci[bot]"