From eca0891f7486e824929f668a188a973b99f43df0 Mon Sep 17 00:00:00 2001 From: Elmar Kresse Date: Thu, 4 Sep 2025 17:33:25 +0200 Subject: [PATCH] refactor: enhance git clone and registry login steps with improved token handling --- .gitea/workflows/docker-build-push.yml | 30 +++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/docker-build-push.yml b/.gitea/workflows/docker-build-push.yml index 0b4c092..62d5198 100644 --- a/.gitea/workflows/docker-build-push.yml +++ b/.gitea/workflows/docker-build-push.yml @@ -28,19 +28,33 @@ jobs: - name: Checkout (git) env: GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} run: | set -eu apk add --no-cache git ca-certificates + TOKEN="${GITEA_TOKEN:-${REGISTRY_TOKEN:-}}" REF="$GITHUB_REF" REPO_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" if echo "$REF" | grep -q '^refs/heads/'; then NAME=${REF#refs/heads/} - git -c http.extraHeader="Authorization: Bearer $GITEA_TOKEN" clone --depth 1 --branch "$NAME" "$REPO_URL" . + if [ -n "$TOKEN" ]; then + git -c http.extraHeader="Authorization: Bearer $TOKEN" clone --depth 1 --branch "$NAME" "$REPO_URL" . + else + git clone --depth 1 --branch "$NAME" "$REPO_URL" . + fi elif echo "$REF" | grep -q '^refs/tags/'; then NAME=${REF#refs/tags/} - git -c http.extraHeader="Authorization: Bearer $GITEA_TOKEN" clone --depth 1 --branch "$NAME" "$REPO_URL" . + if [ -n "$TOKEN" ]; then + git -c http.extraHeader="Authorization: Bearer $TOKEN" clone --depth 1 --branch "$NAME" "$REPO_URL" . + else + git clone --depth 1 --branch "$NAME" "$REPO_URL" . + fi else - git -c http.extraHeader="Authorization: Bearer $GITEA_TOKEN" clone --depth 1 "$REPO_URL" . + if [ -n "$TOKEN" ]; then + git -c http.extraHeader="Authorization: Bearer $TOKEN" clone --depth 1 "$REPO_URL" . + else + git clone --depth 1 "$REPO_URL" . + fi git fetch --depth 1 origin "$GITHUB_SHA" git checkout --detach "$GITHUB_SHA" fi @@ -138,22 +152,28 @@ jobs: env: REGISTRY: ${{ steps.vars.outputs.registry }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} run: | set -eu apk add --no-cache curl >/dev/null 2>&1 || true USER_NAME="${REGISTRY_USERNAME:-$GITHUB_ACTOR}" - CODE=$(curl -sS -u "$USER_NAME:${{ secrets.GITEA_TOKEN }}" -o /dev/null -w "%{http_code}" "https://$REGISTRY/v2/") || CODE=000 + CODE=$(curl -sS -u "$USER_NAME:${REGISTRY_TOKEN}" -o /dev/null -w "%{http_code}" "https://$REGISTRY/v2/") || CODE=000 echo "Basic auth probe to https://$REGISTRY/v2/ returned HTTP $CODE" - name: Log in to Gitea Registry env: REGISTRY: ${{ steps.vars.outputs.registry }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} run: | set -eu USER_NAME="${REGISTRY_USERNAME:-$GITHUB_ACTOR}" echo "Logging into $REGISTRY as $USER_NAME" - echo "${{ secrets.GITEA_TOKEN }}" | docker login "$REGISTRY" -u "$USER_NAME" --password-stdin + if echo "$REGISTRY" | grep -q '^https\?://'; then REG_HOST="$REGISTRY"; else REG_HOST="$REGISTRY"; fi + if ! echo "$REGISTRY_TOKEN" | docker login "$REG_HOST" -u "$USER_NAME" --password-stdin; then + echo "First login attempt failed, trying with explicit /v2/ endpoint" + echo "$REGISTRY_TOKEN" | docker login "https://$REGISTRY/v2/" -u "$USER_NAME" --password-stdin + fi - name: Ensure buildx builder run: |