ci: use CHECKOUT_TOKEN repo secret for cross-repo engram-lang checkout
Deploy marketing to Cloud Run / deploy (push) Failing after 6s
Deploy marketing to Cloud Run / deploy (push) Failing after 6s
The auto-issued GITHUB_TOKEN is scoped to the current repo only, so cross-repo actions/checkout needs an explicit token. CHECKOUT_TOKEN holds an admin-scoped Gitea API token; long-term we should switch to a dedicated read-only PAT.
This commit is contained in:
Will Anderson
@@ -42,10 +42,12 @@ jobs:
|
||||
repository: neuron-technologies/engram-lang
|
||||
path: engram-lang
|
||||
fetch-depth: 1
|
||||
# Gitea Actions auto-issues GITHUB_TOKEN scoped to the workflow run.
|
||||
# That token has read access to other repos in the same org by
|
||||
# default, so cross-repo checkout just works.
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
# Gitea-issued GITHUB_TOKEN is workflow-scoped to the current repo
|
||||
# only. Cross-repo checkout needs a token with read access to
|
||||
# neuron-technologies/engram-lang. CHECKOUT_TOKEN holds Will's
|
||||
# admin API token (sourced from ~/Secrets/api-keys/gitea-api-token).
|
||||
# Long-term: provision a dedicated read-only PAT.
|
||||
token: ${{ secrets.CHECKOUT_TOKEN }}
|
||||
|
||||
- name: Stage engram-lang as foundation/el for build-stage.sh
|
||||
run: |
|
||||
|
||||
Reference in New Issue
Block a user