ci(release): use REGISTRY_TOKEN secret for Forgejo registry push

The default GITHUB_TOKEN provided by Forgejo Actions lacks write:package
scope, so docker buildx push failed with 401 reqPackageAccess. Swap in
the repo-level REGISTRY_TOKEN secret (a PAT scoped write:package) for
docker login; github.actor still supplies the username.

Also drops the transient Docker environment diagnostics step — the
registry was the issue, the socket/buildx setup is fine.
This commit is contained in:
2026-04-18 23:29:15 +00:00
parent 0f9efed50c
commit aa7599f91d
+1 -16
View File
@@ -34,21 +34,6 @@ jobs:
echo "::notice::No Dockerfile + go.mod yet — release build skipped"
fi
- name: Docker environment diagnostics
if: steps.guard.outputs.ready == 'true'
shell: bash
run: |
echo "--- whoami + env ---"
id
echo "DOCKER_HOST=${DOCKER_HOST:-<unset>}"
ls -la /var/run/docker.sock || echo "NO socket at /var/run/docker.sock"
echo "--- docker info ---"
docker version || true
docker info || true
echo "--- buildx ---"
docker buildx version || true
docker buildx ls || true
- name: Compute image tags
id: tags
if: steps.guard.outputs.ready == 'true'
@@ -67,7 +52,7 @@ jobs:
if: steps.guard.outputs.ready == 'true'
shell: bash
run: |
echo "${{ secrets.GITHUB_TOKEN }}" \
echo "${{ secrets.REGISTRY_TOKEN }}" \
| docker login git.fabledsword.com -u "${{ github.actor }}" --password-stdin
- name: Build and push