From 6c50458aca2c52ed060c5d86d3d7ba095f9d004e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 21 Jun 2026 02:03:33 -0400 Subject: [PATCH] Use dedicated REGISTRY_TOKEN with packages scope instead of built-in GITEA_TOKEN The built-in GITEA_TOKEN lacks read:packages/write:packages scopes, causing 403 Forbidden when authenticating with the Gitea container registry. --- .gitea/workflows/build-and-deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml index 68b2dd3..a450e43 100644 --- a/.gitea/workflows/build-and-deploy.yml +++ b/.gitea/workflows/build-and-deploy.yml @@ -45,7 +45,7 @@ jobs: - name: Check Docker registry credentials id: registry-check run: | - if [ -n "${{ secrets.GITEA_TOKEN }}" ]; then + if [ -n "${{ secrets.REGISTRY_TOKEN }}" ]; then echo "available=true" >> "$GITHUB_OUTPUT" else echo "available=false" >> "$GITHUB_OUTPUT" @@ -60,7 +60,7 @@ jobs: - name: Log in to Gitea Container Registry if: steps.registry-check.outputs.available == 'true' run: | - echo "${{ secrets.GITEA_TOKEN }}" | \ + echo "${{ secrets.REGISTRY_TOKEN }}" | \ docker login "$REGISTRY_HOST" \ -u "${{ gitea.actor }}" \ --password-stdin @@ -143,7 +143,7 @@ jobs: - name: Run deploy script on VPS if: steps.check-creds.outputs.skip == 'false' run: | - REGISTRY_PASSWORD_B64="$(printf '%s' "${{ secrets.GITEA_TOKEN }}" | base64 | tr -d '\n')" + REGISTRY_PASSWORD_B64="$(printf '%s' "${{ secrets.REGISTRY_TOKEN }}" | base64 | tr -d '\n')" ssh "${{ secrets.VPS_USER }}@${{ secrets.VPS_IP }}" " set -e cd '$DEPLOY_ROOT'