From aa7599f91dc26f8581d37dc9b24d17d4b22a349d Mon Sep 17 00:00:00 2001 From: bvandeusen Date: Sat, 18 Apr 2026 23:29:15 +0000 Subject: [PATCH] ci(release): use REGISTRY_TOKEN secret for Forgejo registry push MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The default GITHUB_TOKEN provided by Forgejo Actions lacks write:package scope, so docker buildx push failed with 401 reqPackageAccess. Swap in the repo-level REGISTRY_TOKEN secret (a PAT scoped write:package) for docker login; github.actor still supplies the username. Also drops the transient Docker environment diagnostics step — the registry was the issue, the socket/buildx setup is fine. --- .forgejo/workflows/release.yml | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/.forgejo/workflows/release.yml b/.forgejo/workflows/release.yml index cf0fd6f6..abf2c715 100644 --- a/.forgejo/workflows/release.yml +++ b/.forgejo/workflows/release.yml @@ -34,21 +34,6 @@ jobs: echo "::notice::No Dockerfile + go.mod yet — release build skipped" fi - - name: Docker environment diagnostics - if: steps.guard.outputs.ready == 'true' - shell: bash - run: | - echo "--- whoami + env ---" - id - echo "DOCKER_HOST=${DOCKER_HOST:-}" - ls -la /var/run/docker.sock || echo "NO socket at /var/run/docker.sock" - echo "--- docker info ---" - docker version || true - docker info || true - echo "--- buildx ---" - docker buildx version || true - docker buildx ls || true - - name: Compute image tags id: tags if: steps.guard.outputs.ready == 'true' @@ -67,7 +52,7 @@ jobs: if: steps.guard.outputs.ready == 'true' shell: bash run: | - echo "${{ secrets.GITHUB_TOKEN }}" \ + echo "${{ secrets.REGISTRY_TOKEN }}" \ | docker login git.fabledsword.com -u "${{ github.actor }}" --password-stdin - name: Build and push