From 985200691d433950c10c0bf12a1f2f6324a93d1b Mon Sep 17 00:00:00 2001 From: "dolgolyov.alexei" Date: Wed, 25 Mar 2026 14:37:26 +0300 Subject: [PATCH] fix: rename GITEA_TOKEN to DEPLOY_TOKEN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GITEA_TOKEN is a reserved name in Gitea — the UI and API reject it when creating secrets. Use DEPLOY_TOKEN instead. --- gitea-python-ci-cd.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/gitea-python-ci-cd.md b/gitea-python-ci-cd.md index 36a5e48..0e7052f 100644 --- a/gitea-python-ci-cd.md +++ b/gitea-python-ci-cd.md @@ -6,7 +6,7 @@ A reusable reference for building CI pipelines, release automation, and installe - Gitea instance with Actions enabled - Runner(s) tagged `ubuntu-latest` (e.g., TrueNAS-hosted Gitea runners) -- `GITEA_TOKEN` secret configured in the repository (Settings > Secrets) +- `DEPLOY_TOKEN` secret configured in the repository (Settings > Secrets). **Do NOT use `DEPLOY_TOKEN`** — it is a reserved name in Gitea and will be rejected by the UI and API. ## Pipeline Architecture @@ -91,7 +91,7 @@ create-release: - name: Create Gitea release id: create env: - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }} run: | TAG="${{ gitea.ref_name }}" BASE_URL="${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}" @@ -117,7 +117,7 @@ create-release: ") RELEASE=$(curl -s -X POST "\$BASE_URL/releases" \ - -H "Authorization: token \$GITEA_TOKEN" \ + -H "Authorization: token \$DEPLOY_TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"tag_name\": \"\$TAG\", @@ -132,7 +132,7 @@ create-release: if [ -z "\$RELEASE_ID" ]; then echo "::warning::Release already exists for tag \$TAG — reusing existing release" RELEASE=$(curl -s "\$BASE_URL/releases/tags/\$TAG" \ - -H "Authorization: token \$GITEA_TOKEN") + -H "Authorization: token \$DEPLOY_TOKEN") RELEASE_ID=$(echo "\$RELEASE" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])") fi echo "release_id=\$RELEASE_ID" >> "\$GITHUB_OUTPUT" @@ -173,7 +173,7 @@ build-docker: ```yaml - name: Attach assets to release env: - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }} run: | RELEASE_ID="${{ needs.create-release.outputs.release_id }}" BASE_URL="${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}" @@ -184,18 +184,18 @@ build-docker: # Delete existing asset with the same name (prevents duplicates on re-run) EXISTING_ID=$(curl -s "$BASE_URL/releases/$RELEASE_ID/assets" \ - -H "Authorization: token $GITEA_TOKEN" \ + -H "Authorization: token $DEPLOY_TOKEN" \ | python3 -c "import sys,json; assets=json.load(sys.stdin); print(next((str(a['id']) for a in assets if a['name']=='$NAME'),''))" 2>/dev/null) if [ -n "$EXISTING_ID" ]; then curl -s -X DELETE "$BASE_URL/releases/$RELEASE_ID/assets/$EXISTING_ID" \ - -H "Authorization: token $GITEA_TOKEN" + -H "Authorization: token $DEPLOY_TOKEN" echo "Replaced existing asset: $NAME" fi curl -s -X POST \ "$BASE_URL/releases/$RELEASE_ID/assets?name=$NAME" \ - -H "Authorization: token $GITEA_TOKEN" \ + -H "Authorization: token $DEPLOY_TOKEN" \ -H "Content-Type: application/octet-stream" \ --data-binary "@$FILE" echo "Uploaded: $NAME" @@ -532,7 +532,7 @@ CMD ["uvicorn", "your_package.main:app", "--host", "0.0.0.0", "--port", "8080"] id: docker-login continue-on-error: true # Graceful degradation if registry unavailable run: | - echo "${{ secrets.GITEA_TOKEN }}" | docker login \ + echo "${{ secrets.DEPLOY_TOKEN }}" | docker login \ "$SERVER_HOST" -u "${{ gitea.actor }}" --password-stdin - name: Build and tag @@ -822,7 +822,7 @@ cd "$APP_ROOT" && exec ./run.sh - [ ] Create `.gitea/workflows/test.yml` — lint + test on push/PR - [ ] Create `.gitea/workflows/release.yml` — build + release on `v*` tag -- [ ] Add `GITEA_TOKEN` secret to repository +- [ ] Add `DEPLOY_TOKEN` secret to repository - [ ] Set up version detection in build scripts (tag → env → source) - [ ] Set up `importlib.metadata` version in `__init__.py` (section 10.1) - [ ] Add `sed` version stamp step in build scripts (section 10.2)