fix: add trailing slash to registry URL in registry-auth.sh
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 41s
Build & Deploy / 🧪 QA (push) Failing after 1m0s
Build & Deploy / 🏗️ Build (push) Has been skipped
Build & Deploy / 🚀 Deploy (push) Has been skipped
Build & Deploy / 🧪 Post-Deploy Verification (push) Has been skipped
Build & Deploy / 🔔 Notify (push) Successful in 1s
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 41s
Build & Deploy / 🧪 QA (push) Failing after 1m0s
Build & Deploy / 🏗️ Build (push) Has been skipped
Build & Deploy / 🚀 Deploy (push) Has been skipped
Build & Deploy / 🧪 Post-Deploy Verification (push) Has been skipped
Build & Deploy / 🔔 Notify (push) Successful in 1s
This commit is contained in:
@@ -1,35 +1,32 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Robust Registry Authentication Script
|
||||
# Following Mintel CI/CD Hardening Standards
|
||||
|
||||
# 1. Discovery
|
||||
TOKENS="${NPM_TOKEN} ${GITEA_PAT} ${MINTEL_PRIVATE_TOKEN}"
|
||||
# Add more potential user aliases
|
||||
USERS="${GITHUB_REPOSITORY_OWNER} ${GITHUB_ACTOR} marcmintel mintel mmintel"
|
||||
|
||||
VALID_TOKEN=""
|
||||
VALID_USER=""
|
||||
|
||||
echo "🔍 Starting functional registry discovery..."
|
||||
|
||||
for T in $TOKENS; do
|
||||
[ -z "$T" ] && continue
|
||||
for U in $USERS; do
|
||||
[ -z "$U" ] && continue
|
||||
|
||||
T_MASKED="${T:0:4}..."
|
||||
# Use Gitea API to verify token
|
||||
STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $T" "https://git.infra.mintel.me/api/v1/user" || echo "500")
|
||||
|
||||
if [ "$STATUS" == "200" ]; then
|
||||
VALID_TOKEN="$T"
|
||||
VALID_USER="$U"
|
||||
echo "✅ Token verified via API (User: $U)"
|
||||
break 2
|
||||
fi
|
||||
done
|
||||
|
||||
T_START="${T:0:4}"
|
||||
T_END="${T: -4}"
|
||||
echo "Testing token starting with '$T_START...' and ending with '...$T_END'"
|
||||
|
||||
# Use Gitea API to verify token
|
||||
# We use -k (insecure) if needed, but infra.mintel.me should have valid certs
|
||||
STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $T" "https://git.infra.mintel.me/api/v1/user" || echo "500")
|
||||
|
||||
if [ "$STATUS" == "200" ]; then
|
||||
VALID_TOKEN="$T"
|
||||
echo "✅ Token verified via API"
|
||||
break
|
||||
else
|
||||
echo "❌ Token rejected by API (Status: $STATUS)"
|
||||
fi
|
||||
done
|
||||
|
||||
# Fallback: If API verification failed, try to use NPM_TOKEN if provided
|
||||
@@ -40,14 +37,13 @@ fi
|
||||
|
||||
if [ -z "$VALID_TOKEN" ]; then
|
||||
echo "❌ CRITICAL: No valid registry token found in environment."
|
||||
echo "Available env vars: NPM_TOKEN=${NPM_TOKEN:0:2}..., GITEA_PAT=${GITEA_PAT:0:2}..., MINTEL_PRIVATE_TOKEN=${MINTEL_PRIVATE_TOKEN:0:2}..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 2. Hardened .npmrc Generation
|
||||
# We use the pattern from klz-2026 which is known to work
|
||||
# Trailing slashes are CRITICAL for pnpm registry matching
|
||||
cat << EOF > .npmrc
|
||||
@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm
|
||||
@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm/
|
||||
//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${VALID_TOKEN}
|
||||
//git.infra.mintel.me/api/packages/mmintel/npm/:always-auth=true
|
||||
//registry.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${VALID_TOKEN}
|
||||
|
||||
Reference in New Issue
Block a user