From 3a69ec29b5e225288f17e8c431bfe7f71a55ec85 Mon Sep 17 00:00:00 2001 From: Barcode Betty <32+cs_betty@noreply.git.farh.net> Date: Wed, 3 Jun 2026 20:39:21 +0000 Subject: [PATCH] fix(ci): bind deploy PR API to secrets.CI_GITEA_TOKEN (CAR-1195) deploy-dev and deploy-uat had CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }} which is the package-scoped container-registry token. PR creation and auto-merge against cartsnitch/infra would 403 on the first real push. Bind to secrets.CI_GITEA_TOKEN (the token the infra checkout already uses for branch push) so the Gitea API calls have repo-write scope. Co-Authored-By: Paperclip --- .gitea/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 673f0a4..662dc7b 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -544,7 +544,7 @@ jobs: - name: Commit and push to infra (via PR) env: - CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }} run: | cd infra git config user.name "cartsnitch-ci[bot]" @@ -670,7 +670,7 @@ jobs: - name: Commit and push to infra (via PR) env: - CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }} run: | cd infra git config user.name "cartsnitch-ci[bot]"