From f6726af4456151d41a39331d92b117b4409e5d05 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 Jul 2026 10:07:27 +0000 Subject: [PATCH 1/2] use REGISTRY_TOKEN (PAT) for registry push --- .forgejo/workflows/build.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index fdf0602..154da56 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -3,7 +3,9 @@ # unknowns with no host-deploy setup. Copy to .forgejo/workflows/build.yml in a # throwaway Forgejo repo. Requires: # - repo Variable: FORGEJO_REGISTRY (e.g. forge.currentbits.net) -# - repo Secrets: COSIGN_PRIVATE_KEY, COSIGN_PASSWORD, COSIGN_PUBLIC_KEY +# - repo Secrets: COSIGN_PRIVATE_KEY, COSIGN_PASSWORD, COSIGN_PUBLIC_KEY, +# REGISTRY_TOKEN (a Forgejo PAT with write:package — the +# automatic Actions token lacks package-write scope) name: spike-build on: [push, workflow_dispatch] permissions: @@ -21,7 +23,8 @@ jobs: with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + # Forgejo's automatic token can't push packages — use a PAT (write:package). + password: ${{ secrets.REGISTRY_TOKEN }} - id: push uses: docker/build-push-action@v6 with: From e77ad25e7cbd9849394268c217a2a3b9274edf3b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 Jul 2026 10:12:22 +0000 Subject: [PATCH 2/2] trigger run