space/evil-wordle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use explicit Gitea registry credentials
Some checks are pending
test-build-publish / docker (push) Has started running
Details

Browse Source
This commit is contained in:
Space-Banane
2026-05-14 18:35:41 +02:00
parent 5b442b09f5
commit 76e6ced205
2 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.gitea/workflows/ci.yml
View File

@@ -53,12 +53,12 @@ jobs:
SECRET_IMAGE: ${{ secrets.REGISTRY_IMAGE }} SECRET_IMAGE: ${{ secrets.REGISTRY_IMAGE }}
run: | run: |
set -euo pipefail set -euo pipefail
username="${SECRET_USERNAME:-${GITHUB_ACTOR}}" username="${SECRET_USERNAME:-}"
password="${SECRET_PASSWORD:-${SECRET_TOKEN:-}}" password="${SECRET_PASSWORD:-${SECRET_TOKEN:-}}"
image="${SECRET_IMAGE:-gitea.reversed.dev/space/evil-wordle}" image="${SECRET_IMAGE:-gitea.reversed.dev/space/evil-wordle}"
if [ -z "$username" ]; then if [ -z "$username" ]; then
echo "::error::Registry username is empty. Set REGISTRY_USERNAME or ensure GITHUB_ACTOR is available." echo "::error::Registry username is empty. Set REGISTRY_USERNAME to the Gitea user that owns the token."
exit 1 exit 1
fi fi
@@ -73,14 +73,18 @@ jobs:
} >> "$GITHUB_OUTPUT" } >> "$GITHUB_OUTPUT"
echo "::add-mask::$password" echo "::add-mask::$password"
echo "password=$password" >> "$GITHUB_OUTPUT"
- name: Log in to Gitea registry - name: Log in to Gitea registry
uses: docker/login-action@v3 shell: bash
with: env:
registry: gitea.reversed.dev REGISTRY_USERNAME: ${{ steps.registry.outputs.username }}
username: ${{ steps.registry.outputs.username }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
password: ${{ steps.registry.outputs.password }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
run: |
set -euo pipefail
password="${REGISTRY_PASSWORD:-${REGISTRY_TOKEN:-}}"
echo "::add-mask::$password"
echo "$password" | docker login gitea.reversed.dev -u "$REGISTRY_USERNAME" --password-stdin
- name: Compute image tags - name: Compute image tags
id: meta id: meta
@@ -116,6 +120,8 @@ jobs:
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
token="${REGISTRY_PASSWORD:-${REGISTRY_TOKEN:-}}"
export REGISTRY_PASSWORD="$token"
python3 - <<'PY' python3 - <<'PY'
import json import json
import os import os
@@ -160,4 +166,5 @@ jobs:
raise raise
PY PY
env: env:
REGISTRY_PASSWORD: ${{ steps.registry.outputs.password }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}

4
README.md
View File

@@ -37,11 +37,13 @@ Gitea Actions workflow: `.gitea/workflows/ci.yml`
Required repository or organization secrets: Required repository or organization secrets:
- `REGISTRY_PASSWORD`: Gitea personal access token with package read/write access - `REGISTRY_PASSWORD`: Gitea personal access token with package read/write access
- `REGISTRY_USERNAME`: optional; defaults to the Gitea Actions actor - `REGISTRY_USERNAME`: Gitea username that owns the token
- `REGISTRY_IMAGE`: optional; defaults to `gitea.reversed.dev/space/evil-wordle` - `REGISTRY_IMAGE`: optional; defaults to `gitea.reversed.dev/space/evil-wordle`
The workflow also accepts `REGISTRY_TOKEN` as a fallback for `REGISTRY_PASSWORD`. The workflow also accepts `REGISTRY_TOKEN` as a fallback for `REGISTRY_PASSWORD`.
For organization packages such as `space/evil-wordle`, the username is still the actual Gitea user account for the token, not the organization name. That user needs permission to publish packages under `space`.
The workflow uses `catthehacker/ubuntu:act-latest`, Docker Buildx, and links the published package back to the `space/evil-wordle` repository through the Gitea API. The workflow uses `catthehacker/ubuntu:act-latest`, Docker Buildx, and links the published package back to the `space/evil-wordle` repository through the Gitea API.
On pushes to `main`, CI publishes: On pushes to `main`, CI publishes: