fix(build): add token discovery to prevent secret redaction breaking pnpm install

2026-03-04 11:36:09 +01:00
parent 79bbf852a1
commit ee7a40d39b
1 changed files with 11 additions and 2 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -207,12 +207,20 @@ jobs:
        uses: actions/checkout@v4
      - name: 🐳 Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+      - name: 🕵️ Discover Token
+        id: discover_token
+        run: |
+          if [ -n "${{ secrets.NPM_TOKEN }}" ]; then
+            echo "token=${{ secrets.NPM_TOKEN }}" >> $GITHUB_OUTPUT
+          else
+            echo "token=${{ vars.NPM_TOKEN }}" >> $GITHUB_OUTPUT
+          fi
      - name: 🔐 Registry Login
        uses: docker/login-action@v3
        with:
          registry: git.infra.mintel.me
          username: ${{ github.repository_owner }}
-          password: ${{ secrets.NPM_TOKEN }}
+          password: ${{ steps.discover_token.outputs.token }}
      - name: 🏗️ Build and Push
        uses: docker/build-push-action@v5
        with:
@@ -225,9 +233,10 @@ jobs:
            NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
            UMAMI_WEBSITE_ID=${{ secrets.UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID }}
            UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }}
+            NPM_TOKEN=${{ steps.discover_token.outputs.token }}
          tags: git.infra.mintel.me/mmintel/klz-2026:${{ needs.prepare.outputs.image_tag }}
          secrets: |
-            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
+            NPM_TOKEN=${{ steps.discover_token.outputs.token }}

  # ──────────────────────────────────────────────────────────────────────────────
  # JOB 4: Deploy