From ce8829ece5df44bbcb1d0fd859b17199d38a02c9 Mon Sep 17 00:00:00 2001
From: Marc Mintel <marc@mintel.me>
Date: Wed, 4 Mar 2026 15:16:50 +0100
Subject: [PATCH] fix(build): eliminate string masking corruption by exposing
 NPM_TOKEN seamlessly via GITHUB_ENV for Docker Build

---
 .gitea/workflows/deploy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index b995aa70..ba1f2f3b 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -221,6 +221,7 @@ jobs:
                     echo "✅ Successfully authenticated with a token."
                     echo "::add-mask::$TOKEN"
                     echo "token=$TOKEN" >> $GITHUB_OUTPUT
+                    echo "NPM_TOKEN=$TOKEN" >> $GITHUB_ENV
                     echo "user=$U" >> $GITHUB_OUTPUT
                     exit 0
                   fi
@@ -242,10 +243,9 @@ jobs:
             NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
             UMAMI_WEBSITE_ID=${{ secrets.UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID }}
             UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }}
-            NPM_TOKEN=${{ steps.discover_token.outputs.token }}
           tags: git.infra.mintel.me/mmintel/klz-2026:${{ needs.prepare.outputs.image_tag }}
           secrets: |
-            NPM_TOKEN=${{ steps.discover_token.outputs.token }}
+            NPM_TOKEN
 
   # ──────────────────────────────────────────────────────────────────────────────
   # JOB 4: Deploy