diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 5b146529..93040b0d 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -114,18 +114,21 @@ jobs: if [[ -n "$UPSTREAM_VERSION" && "$UPSTREAM_VERSION" != "workspace:"* ]]; then echo "⏳ This release depends on @mintel v$UPSTREAM_VERSION. Waiting for upstream build..." # Fetch script from monorepo (main) + # Standard discovery (works without token for public at-mintel) + UPSTREAM_SHA=$(git ls-remote --tags https://git.infra.mintel.me/mmintel/at-mintel.git "$TAG_TO_WAIT" | grep "$TAG_TO_WAIT" | tail -n1 | awk '{print $1}') + if [[ -z "$UPSTREAM_SHA" ]]; then + echo "❌ Error: Tag $TAG_TO_WAIT not found in mmintel/at-mintel." + exit 1 + fi + echo "✅ Found upstream SHA $UPSTREAM_SHA for $TAG_TO_WAIT" + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ "https://git.infra.mintel.me/mmintel/at-mintel/raw/branch/main/packages/infra/scripts/wait-for-upstream.sh" > wait-for-upstream.sh chmod +x wait-for-upstream.sh - # Robust SHA discovery (bypasses restricted Gitea API) - UPSTREAM_SHA=$(git ls-remote --tags https://git.infra.mintel.me/mmintel/at-mintel.git "$TAG_TO_WAIT" | grep "$TAG_TO_WAIT" | tail -n1 | awk '{print $1}') - if [[ -n "$UPSTREAM_SHA" ]]; then - echo "✅ Found upstream SHA $UPSTREAM_SHA for $TAG_TO_WAIT (via git ls-remote)" - sed -i "s#TARGET_SHA=.*#TARGET_SHA=$UPSTREAM_SHA#g" wait-for-upstream.sh - fi - - GITEA_TOKEN=${{ secrets.GITHUB_TOKEN }} ./wait-for-upstream.sh "mmintel/at-mintel" "$TAG_TO_WAIT" + # Use dedicated PAT if available, otherwise fallback to GITHUB_TOKEN + POLL_TOKEN="${{ secrets.GITEA_PAT || secrets.MINTEL_PRIVATE_TOKEN || secrets.GITHUB_TOKEN }}" + GITEA_TOKEN="$POLL_TOKEN" ./wait-for-upstream.sh "mmintel/at-mintel" "$TAG_TO_WAIT" fi fi