fix: source GITEA_TOKEN from github.token (auto) under explicit secret forwarding
The first attempt failed at entrypoint.sh:61 'GITEA_TOKEN required' — with explicit secrets (no `inherit`), secrets.GITEA_TOKEN resolves empty in the reusable job. github.token comes from the github context (not a forwarded secret), so it's present regardless. The forwarded provider/findings secrets arrived correctly; only the auto-token sourcing was wrong. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -80,7 +80,11 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
# --- event context (from the CALLER's github.*) -------------------
|
# --- event context (from the CALLER's github.*) -------------------
|
||||||
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
|
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
|
||||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
# github.token is the auto job token from the github CONTEXT (not a
|
||||||
|
# secret), so it's present even without `secrets: inherit`. Using
|
||||||
|
# secrets.GITEA_TOKEN here would be empty under explicit secret
|
||||||
|
# forwarding, since the auto token isn't a forwarded workflow_call secret.
|
||||||
|
GITEA_TOKEN: ${{ github.token }}
|
||||||
EVENT_NAME: ${{ github.event_name }}
|
EVENT_NAME: ${{ github.event_name }}
|
||||||
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
|
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
|
||||||
PR_BRANCH: ${{ github.head_ref }}
|
PR_BRANCH: ${{ github.head_ref }}
|
||||||
|
|||||||
Reference in New Issue
Block a user