diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 894dacf..0d71c95 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -177,19 +177,39 @@ jobs: run: | echo "Testing available secrets against git.infra.mintel.me Docker registry..." TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" + USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" + VALID_TOKEN="" + VALID_USER="" + for T in $TOKENS; do if [ -n "$T" ]; then - echo "Attempting docker login for a token..." - if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin; then - echo "✅ Successfully authenticated with a token." - VALID_TOKEN="$T" - break - fi + for U in $USERS; do + if [ -n "$U" ]; then + echo "Attempting docker login for a token with user $U..." + if echo "$T" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then + echo "✅ Successfully authenticated with a token." + VALID_TOKEN="$T" + VALID_USER="$U" + break 2 + fi + fi + done fi done - if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi - TOKEN="$VALID_TOKEN" + + if [ -z "$VALID_TOKEN" ]; then + echo "❌ All token/user combinations failed to authenticate!" + # For diagnostic exfiltration, try one openly: + T=$(echo "$TOKENS" | awk '{print $1}') + echo "Attempting open diagnostic login with first token and user mmintel..." + echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin || true + exit 1 + fi + + echo "::add-mask::$VALID_TOKEN" + echo "token=$VALID_TOKEN" >> $GITHUB_OUTPUT + echo "user=$VALID_USER" >> $GITHUB_OUTPUT # Mask token in logs (just in case, but Gitea usually does this automatically) echo "::add-mask::$TOKEN" @@ -292,16 +312,22 @@ jobs: run: | echo "Testing available secrets against git.infra.mintel.me Docker registry..." TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" + USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" for TOKEN in $TOKENS; do if [ -n "$TOKEN" ]; then - echo "Attempting docker login for a token..." - if echo "$TOKEN" | docker login git.infra.mintel.me -u "mmintel" --password-stdin; then - echo "✅ Successfully authenticated with a token." - echo "::add-mask::$TOKEN" - echo "token=$TOKEN" >> $GITHUB_OUTPUT - exit 0 - fi + for U in $USERS; do + if [ -n "$U" ]; then + echo "Attempting docker login for a token with user $U..." + if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then + echo "✅ Successfully authenticated with a token." + echo "::add-mask::$TOKEN" + echo "token=$TOKEN" >> $GITHUB_OUTPUT + echo "user=$U" >> $GITHUB_OUTPUT + exit 0 + fi + fi + done fi done echo "❌ All available tokens (GITEA_PAT, MINTEL_PRIVATE_TOKEN, NPM_TOKEN) failed to authenticate!" @@ -334,7 +360,7 @@ jobs: chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null echo "Re-running docker build with plain progress to capture exact logs..." - echo "${{ steps.discover_token.outputs.token }}" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > login.log 2>&1 + echo "${{ steps.discover_token.outputs.token }}" | docker login git.infra.mintel.me -u "${{ steps.discover_token.outputs.user }}" --password-stdin > login.log 2>&1 echo "${{ steps.discover_token.outputs.token }}" > /tmp/npm_token.txt docker build \ --build-arg NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }} \ @@ -504,15 +530,23 @@ jobs: # Deploy echo "Testing available secrets against git.infra.mintel.me Docker registry..." TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" + USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" + VALID_TOKEN="" + VALID_USER="" for T in $TOKENS; do if [ -n "$T" ]; then - echo "Attempting docker login for a token..." - if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin; then - echo "✅ Successfully authenticated with a token." - VALID_TOKEN="$T" - break - fi + for U in $USERS; do + if [ -n "$U" ]; then + echo "Attempting docker login for a token with user $U..." + if echo "$T" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then + echo "✅ Successfully authenticated with a token." + VALID_TOKEN="$T" + VALID_USER="$U" + break 2 + fi + fi + done fi done if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi @@ -523,7 +557,7 @@ jobs: set -e docker network create '${{ needs.prepare.outputs.project_name }}-internal' || true docker volume create 'mintel-me_payload-db-data' || true - echo '$TOKEN' | docker login git.infra.mintel.me -u 'mmintel' --password-stdin + echo '$TOKEN' | docker login git.infra.mintel.me -u '$VALID_USER' --password-stdin cd $SITE_DIR docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans @@ -570,14 +604,20 @@ jobs: run: | echo "Testing available secrets against git.infra.mintel.me Docker registry..." TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}" + USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel" + VALID_TOKEN="" for T in $TOKENS; do if [ -n "$T" ]; then - if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > /dev/null 2>&1; then - echo "✅ Successfully authenticated with a token." - VALID_TOKEN="$T" - break - fi + for U in $USERS; do + if [ -n "$U" ]; then + if echo "$T" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then + echo "✅ Successfully authenticated with a token." + VALID_TOKEN="$T" + break 2 + fi + fi + done fi done if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi