use REGISTRY_TOKEN (PAT) for registry push

This commit is contained in:
root 2026-07-01 10:07:27 +00:00
parent 7b96837154
commit f6726af445

View file

@ -3,7 +3,9 @@
# unknowns with no host-deploy setup. Copy to .forgejo/workflows/build.yml in a # unknowns with no host-deploy setup. Copy to .forgejo/workflows/build.yml in a
# throwaway Forgejo repo. Requires: # throwaway Forgejo repo. Requires:
# - repo Variable: FORGEJO_REGISTRY (e.g. forge.currentbits.net) # - repo Variable: FORGEJO_REGISTRY (e.g. forge.currentbits.net)
# - repo Secrets: COSIGN_PRIVATE_KEY, COSIGN_PASSWORD, COSIGN_PUBLIC_KEY # - repo Secrets: COSIGN_PRIVATE_KEY, COSIGN_PASSWORD, COSIGN_PUBLIC_KEY,
# REGISTRY_TOKEN (a Forgejo PAT with write:package — the
# automatic Actions token lacks package-write scope)
name: spike-build name: spike-build
on: [push, workflow_dispatch] on: [push, workflow_dispatch]
permissions: permissions:
@ -21,7 +23,8 @@ jobs:
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} # Forgejo's automatic token can't push packages — use a PAT (write:package).
password: ${{ secrets.REGISTRY_TOKEN }}
- id: push - id: push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with: