ci: use REGISTRY_TOKEN PAT for container registry auth
The auto-provided GITEA_TOKEN doesn't grant write:package scope in Gitea 1.25 even when permissions.packages: write is declared. Switch registry logins to a dedicated PAT stored as REGISTRY_TOKEN. Keep GITEA_TOKEN for semantic-release-gitea API calls. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -60,7 +60,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push worker image
|
- name: Build and push worker image
|
||||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||||
@@ -92,7 +92,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push API image
|
- name: Build and push API image
|
||||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Log in to Gitea OCI registry
|
- name: Log in to Gitea OCI registry
|
||||||
run: |
|
run: |
|
||||||
echo "${{ secrets.GITEA_TOKEN }}" | helm registry login git.farh.net \
|
echo "${{ secrets.REGISTRY_TOKEN }}" | helm registry login git.farh.net \
|
||||||
--username "${{ github.actor }}" \
|
--username "${{ github.actor }}" \
|
||||||
--password-stdin
|
--password-stdin
|
||||||
|
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push worker image
|
- name: Build and push worker image
|
||||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||||
@@ -94,7 +94,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push API image
|
- name: Build and push API image
|
||||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||||
@@ -126,7 +126,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Inspect worker image
|
- name: Inspect worker image
|
||||||
id: inspect-worker
|
id: inspect-worker
|
||||||
|
|||||||
@@ -78,7 +78,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push worker image
|
- name: Build and push worker image
|
||||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||||
@@ -112,7 +112,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push API image
|
- name: Build and push API image
|
||||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||||
@@ -146,7 +146,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Inspect worker image
|
- name: Inspect worker image
|
||||||
id: inspect-worker
|
id: inspect-worker
|
||||||
|
|||||||
@@ -79,7 +79,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: git.farh.net
|
registry: git.farh.net
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITEA_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Verify Docker image tag exists
|
- name: Verify Docker image tag exists
|
||||||
run: docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
|
run: docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
|
||||||
|
|||||||
Reference in New Issue
Block a user