fix: authenticate to container registry with a package-scoped PAT
Build and publish container / build (pull_request) Successful in 2m7s
Build and publish container / build (pull_request) Successful in 2m7s
The auto-provided GITEA_TOKEN does not carry container registry write permission on most Gitea instances, causing docker login to fail with "unauthorized". Use a Personal Access Token supplied via the PACKAGES_TOKEN secret, with the package namespace owner as the username. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
@@ -46,9 +46,14 @@ docker run --rm -p 8080:8080 dlr
|
||||
|
||||
`.gitea/workflows/build-and-publish.yml` builds the container with Gitea Actions
|
||||
and publishes it to this Gitea instance's container registry on pushes to `main`
|
||||
and on `v*` tags. Pull requests build the image but do not push. Authentication
|
||||
uses the automatically provided `GITEA_TOKEN`; the registry host is derived from
|
||||
the Gitea server URL.
|
||||
and on `v*` tags. Pull requests build the image but do not push. The registry
|
||||
host is derived from the Gitea server URL.
|
||||
|
||||
Authentication requires a Personal Access Token with package read/write scope,
|
||||
because the automatically provided `GITEA_TOKEN` does not carry container
|
||||
registry write permission on most Gitea instances. Create the token under an
|
||||
account with write access to the target package namespace, then store it as a
|
||||
repository Actions secret named `PACKAGES_TOKEN`.
|
||||
|
||||
The published image is `<gitea-host>/<owner>/<repo>`, tagged by branch, semver
|
||||
(for `v*` tags), commit SHA, and `latest` on the default branch.
|
||||
|
||||
Reference in New Issue
Block a user