r/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: use PACKAGE_TOKEN for the registry login

Browse Source 
GITEA_TOKEN is not set in these repos — the registry login sent a blank
password and Gitea's /v2/ endpoint returned unauthorized. Switch the
image-build login, the app template, and the README to PACKAGE_TOKEN, the
PAT the other repos already use (Syrinx pairs gitea.actor + PACKAGE_TOKEN
successfully). The PAT needs write:package here and read:package in app
repos.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Robert Helewka
2026-06-16 08:53:31 -04:00
parent 44064b6364
commit 2e6cac3d5d
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/builder-image.yml
View File

@@ -38,7 +38,7 @@ jobs:
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ gitea.actor }} username: ${{ gitea.actor }}
password: ${{ secrets.GITEA_TOKEN }} password: ${{ secrets.PACKAGE_TOKEN }}
- name: Set up Buildx - name: Set up Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3

9
README.md
View File

@@ -66,7 +66,7 @@ jobs:
image: git.helu.ca/r/android:2026.06 image: git.helu.ca/r/android:2026.06
credentials: credentials:
username: ${{ gitea.actor }} username: ${{ gitea.actor }}
password: ${{ secrets.GITEA_TOKEN }} password: ${{ secrets.PACKAGE_TOKEN }}
``` ```
The build task is selectable: `assembleRelease` (APK, the default) or The build task is selectable: `assembleRelease` (APK, the default) or
@@ -83,9 +83,10 @@ Signing happens at job time; nothing sensitive lives in the repo or the image.
| `KEY_ALIAS` | signing key alias | | `KEY_ALIAS` | signing key alias |
| `KEY_PASSWORD` | key password | | `KEY_PASSWORD` | key password |
`GITEA_TOKEN` needs `write:package` here (to push) and `read:package` in app `PACKAGE_TOKEN` (a PAT, the same secret the other repos here use) needs
repos (to pull). The built-in token usually covers this; if your instance `write:package` in this repo (to push the image) and `read:package` in app
scopes it tightly, use a PAT. repos (to pull it). Set it as a repo or org-level Actions secret. The
built-in `gitea.token` is not used because it isn't scoped for the registry.
## First-run sequencing ## First-run sequencing

2
templates/build.yml
View File

@@ -29,7 +29,7 @@ jobs:
image: git.helu.ca/r/android:2026.06 image: git.helu.ca/r/android:2026.06
credentials: credentials:
username: ${{ gitea.actor }} username: ${{ gitea.actor }}
password: ${{ secrets.GITEA_TOKEN }} password: ${{ secrets.PACKAGE_TOKEN }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4