Use explicit Gitea registry credentials
Some checks are pending
test-build-publish / docker (push) Has started running
Some checks are pending
test-build-publish / docker (push) Has started running
This commit is contained in:
Space-Banane
@@ -53,12 +53,12 @@ jobs:
|
||||
SECRET_IMAGE: ${{ secrets.REGISTRY_IMAGE }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
username="${SECRET_USERNAME:-${GITHUB_ACTOR}}"
|
||||
username="${SECRET_USERNAME:-}"
|
||||
password="${SECRET_PASSWORD:-${SECRET_TOKEN:-}}"
|
||||
image="${SECRET_IMAGE:-gitea.reversed.dev/space/evil-wordle}"
|
||||
|
||||
if [ -z "$username" ]; then
|
||||
echo "::error::Registry username is empty. Set REGISTRY_USERNAME or ensure GITHUB_ACTOR is available."
|
||||
echo "::error::Registry username is empty. Set REGISTRY_USERNAME to the Gitea user that owns the token."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -73,14 +73,18 @@ jobs:
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
echo "::add-mask::$password"
|
||||
echo "password=$password" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Log in to Gitea registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: gitea.reversed.dev
|
||||
username: ${{ steps.registry.outputs.username }}
|
||||
password: ${{ steps.registry.outputs.password }}
|
||||
shell: bash
|
||||
env:
|
||||
REGISTRY_USERNAME: ${{ steps.registry.outputs.username }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
password="${REGISTRY_PASSWORD:-${REGISTRY_TOKEN:-}}"
|
||||
echo "::add-mask::$password"
|
||||
echo "$password" | docker login gitea.reversed.dev -u "$REGISTRY_USERNAME" --password-stdin
|
||||
|
||||
- name: Compute image tags
|
||||
id: meta
|
||||
@@ -116,6 +120,8 @@ jobs:
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
token="${REGISTRY_PASSWORD:-${REGISTRY_TOKEN:-}}"
|
||||
export REGISTRY_PASSWORD="$token"
|
||||
python3 - <<'PY'
|
||||
import json
|
||||
import os
|
||||
@@ -160,4 +166,5 @@ jobs:
|
||||
raise
|
||||
PY
|
||||
env:
|
||||
REGISTRY_PASSWORD: ${{ steps.registry.outputs.password }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
@@ -37,11 +37,13 @@ Gitea Actions workflow: `.gitea/workflows/ci.yml`
|
||||
Required repository or organization secrets:
|
||||
|
||||
- `REGISTRY_PASSWORD`: Gitea personal access token with package read/write access
|
||||
- `REGISTRY_USERNAME`: optional; defaults to the Gitea Actions actor
|
||||
- `REGISTRY_USERNAME`: Gitea username that owns the token
|
||||
- `REGISTRY_IMAGE`: optional; defaults to `gitea.reversed.dev/space/evil-wordle`
|
||||
|
||||
The workflow also accepts `REGISTRY_TOKEN` as a fallback for `REGISTRY_PASSWORD`.
|
||||
|
||||
For organization packages such as `space/evil-wordle`, the username is still the actual Gitea user account for the token, not the organization name. That user needs permission to publish packages under `space`.
|
||||
|
||||
The workflow uses `catthehacker/ubuntu:act-latest`, Docker Buildx, and links the published package back to the `space/evil-wordle` repository through the Gitea API.
|
||||
|
||||
On pushes to `main`, CI publishes:
|
||||
|
||||
Reference in New Issue
Block a user