diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index fdf0602..154da56 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -3,7 +3,9 @@ # unknowns with no host-deploy setup. Copy to .forgejo/workflows/build.yml in a # throwaway Forgejo repo. Requires: # - repo Variable: FORGEJO_REGISTRY (e.g. forge.currentbits.net) -# - repo Secrets: COSIGN_PRIVATE_KEY, COSIGN_PASSWORD, COSIGN_PUBLIC_KEY +# - repo Secrets: COSIGN_PRIVATE_KEY, COSIGN_PASSWORD, COSIGN_PUBLIC_KEY, +# REGISTRY_TOKEN (a Forgejo PAT with write:package — the +# automatic Actions token lacks package-write scope) name: spike-build on: [push, workflow_dispatch] permissions: @@ -21,7 +23,8 @@ jobs: with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + # Forgejo's automatic token can't push packages — use a PAT (write:package). + password: ${{ secrets.REGISTRY_TOKEN }} - id: push uses: docker/build-push-action@v6 with: