forked from cartsnitch/cartsnitch
fix(ci): bind deploy PR API to secrets.CI_GITEA_TOKEN (CAR-1195)
deploy-dev and deploy-uat had CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
which is the package-scoped container-registry token. PR creation and
auto-merge against cartsnitch/infra would 403 on the first real push.
Bind to secrets.CI_GITEA_TOKEN (the token the infra checkout already
uses for branch push) so the Gitea API calls have repo-write scope.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -544,7 +544,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Commit and push to infra (via PR)
|
- name: Commit and push to infra (via PR)
|
||||||
env:
|
env:
|
||||||
CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
cd infra
|
cd infra
|
||||||
git config user.name "cartsnitch-ci[bot]"
|
git config user.name "cartsnitch-ci[bot]"
|
||||||
@@ -670,7 +670,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Commit and push to infra (via PR)
|
- name: Commit and push to infra (via PR)
|
||||||
env:
|
env:
|
||||||
CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
CI_GITEA_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
cd infra
|
cd infra
|
||||||
git config user.name "cartsnitch-ci[bot]"
|
git config user.name "cartsnitch-ci[bot]"
|
||||||
|
|||||||
Reference in New Issue
Block a user