e4578593d1
Both prior secrets did related work (one for registry push, one for release asset I/O) and required separate Forgejo PATs to manage. Replacing with a single CI_TOKEN keyed off a single PAT with the union of scopes (write:repository + write:package). - flutter.yml: APK attach step → CI_TOKEN - release.yml: docker login → CI_TOKEN; APK fetch step → CI_TOKEN No behavior change — same calls, single secret name. Operator needs to set CI_TOKEN in repo settings (Actions → Secrets) with a PAT that has write:repository + write:package; the prior REGISTRY_TOKEN / RELEASE_TOKEN secrets can be removed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>