root/drover-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 10 Wiki Activity

workflows: surface GITHUB_TOKEN via env, use it in clone URL
Build / test (push) Successful in 19s
Details
Build / build-windows (push) Successful in 6s
Details
Release / release (push) Failing after 1m3s
Details

Browse Source 
Root cause of the earlier "Failed to authenticate" / "could not read
Username" failures: shell scripts in Gitea Actions don't automatically
inherit secrets — \${GITHUB_TOKEN} expanded to an empty string, so the
URL became "https://forgejo-runner:@..." (empty password) and Gitea's
auth layer rejected it.

Fix: explicit env: block on the Checkout step pulls the token in,
then the URL uses it via x-access-token (canonical token-as-password
username, accepted by Gitea, GitHub, Forgejo alike).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
root
2026-05-01 02:39:42 +03:00
parent 8c70640bfd
commit 804e32a418
2 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/build.yml
+10 -10
View File
@@ -28,12 +28,12 @@ jobs:
runs-on: go runs-on: go
steps: steps:
- name: Checkout - name: Checkout
env:
# Gitea Actions doesn't auto-export GITHUB_TOKEN to the shell;
# we have to read it from secrets and surface it explicitly.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
# Public repo — clone without auth. Both Gitea and Forgejo git clone --no-checkout "https://x-access-token:${GITHUB_TOKEN}@git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
# rejected hardcoded "forgejo-runner"/"x-access-token" basic-auth
# formulas; for an unauthenticated read on public repos plain
# https works on every server.
git clone --no-checkout "https://git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
git -C /tmp/src checkout "$GITHUB_SHA" git -C /tmp/src checkout "$GITHUB_SHA"
cp -a /tmp/src/. . cp -a /tmp/src/. .
- name: Vet - name: Vet
@@ -51,12 +51,12 @@ jobs:
needs: test needs: test
steps: steps:
- name: Checkout - name: Checkout
env:
# Gitea Actions doesn't auto-export GITHUB_TOKEN to the shell;
# we have to read it from secrets and surface it explicitly.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
# Public repo — clone without auth. Both Gitea and Forgejo git clone --no-checkout "https://x-access-token:${GITHUB_TOKEN}@git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
# rejected hardcoded "forgejo-runner"/"x-access-token" basic-auth
# formulas; for an unauthenticated read on public repos plain
# https works on every server.
git clone --no-checkout "https://git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
git -C /tmp/src checkout "$GITHUB_SHA" git -C /tmp/src checkout "$GITHUB_SHA"
cp -a /tmp/src/. . cp -a /tmp/src/. .
- name: Cross-compile drover.exe (windows/amd64) - name: Cross-compile drover.exe (windows/amd64)
.gitea/workflows/release.yml
+3 -2
View File
@@ -17,9 +17,10 @@ jobs:
runs-on: go runs-on: go
steps: steps:
- name: Checkout - name: Checkout
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
# Public repo — clone without auth (see build.yml for rationale). git clone --no-checkout "https://x-access-token:${GITHUB_TOKEN}@git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
git clone --no-checkout "https://git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
git -C /tmp/src checkout "$GITHUB_SHA" git -C /tmp/src checkout "$GITHUB_SHA"
cp -a /tmp/src/. . cp -a /tmp/src/. .