From eecc9e295cd6b01c267bb8a0ad7c3381bd1c40a9 Mon Sep 17 00:00:00 2001
From: "alexei.dolgolyov" <dolgolyov.alexei@gmail.com>
Date: Tue, 21 Apr 2026 19:35:50 +0300
Subject: [PATCH] ci: consolidate release tokens to single DEPLOY_TOKEN, rename
 redeploy step
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Use one DEPLOY_TOKEN for both registry login and Gitea release API,
  matching the claude-code-facts convention.
- Rename "Trigger Portainer redeploy" to "Trigger redeploy webhook" —
  the step calls a generic DOCKER_REDEPLOY_WEBHOOK_URL, not a
  Portainer-specific endpoint.
- Add .facts-sync.json to pin this project to the facts repo commit.
---
 .facts-sync.json             |  8 ++++++++
 .gitea/workflows/release.yml | 14 +++++++-------
 2 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 .facts-sync.json

diff --git a/.facts-sync.json b/.facts-sync.json
new file mode 100644
index 0000000..842c2e4
--- /dev/null
+++ b/.facts-sync.json
@@ -0,0 +1,8 @@
+{
+  "last_commit": "a31b1cba2a41229f6f6af9701477d24d15efbe9a",
+  "last_sync": "2026-04-21T00:00:00Z",
+  "tracked_files": {
+    "gitea-python-ci-cd.md": "sha256:61968058ec30cac954a3b7f9bde2a7db620618482d34e17568d432f680a3b333",
+    "gitea-release-workflow.md": "sha256:5eb64789fca062b2138ca7661b942c9fc9c304f63326844ff6f6724e7e05b08c"
+  }
+}
diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 66db31d..a76c86b 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -41,7 +41,7 @@ jobs:
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ gitea.actor }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+          password: ${{ secrets.DEPLOY_TOKEN }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -58,14 +58,14 @@ jobs:
           cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
           cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
 
-      - name: Trigger Portainer redeploy
+      - name: Trigger redeploy webhook
         if: steps.version.outputs.is_pre == 'false'
         continue-on-error: true
         run: |
           if [ -n "${{ secrets.DOCKER_REDEPLOY_WEBHOOK_URL }}" ]; then
-            echo "Triggering Portainer redeploy..."
+            echo "Triggering redeploy webhook..."
             curl -sf -X POST "${{ secrets.DOCKER_REDEPLOY_WEBHOOK_URL }}" \
-              --max-time 30 || echo "::warning::Portainer webhook failed"
+              --max-time 30 || echo "::warning::Redeploy webhook failed"
           else
             echo "DOCKER_REDEPLOY_WEBHOOK_URL not set — skipping auto-deploy"
           fi
@@ -83,7 +83,7 @@ jobs:
 
       - name: Create Gitea Release
         env:
-          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+          DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
         run: |
           TAG="${{ steps.version.outputs.tag }}"
           VERSION="${{ steps.version.outputs.version }}"
@@ -114,7 +114,7 @@ jobs:
           ")
 
           RELEASE=$(curl -s -X POST "$BASE_URL/releases" \
-            -H "Authorization: token $RELEASE_TOKEN" \
+            -H "Authorization: token $DEPLOY_TOKEN" \
             -H "Content-Type: application/json" \
             -d "{
               \"tag_name\": \"$TAG\",
@@ -129,7 +129,7 @@ jobs:
           if [ -z "$RELEASE_ID" ]; then
             echo "::warning::Release already exists for tag $TAG — reusing existing release"
             RELEASE=$(curl -s "$BASE_URL/releases/tags/$TAG" \
-              -H "Authorization: token $RELEASE_TOKEN")
+              -H "Authorization: token $DEPLOY_TOKEN")
             RELEASE_ID=$(echo "$RELEASE" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])")
           fi
           echo "Created release $RELEASE_ID for $TAG"