fix(ci): robust gitea registry auth token and username discovery
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 6s
Build & Deploy / 🧪 QA (push) Failing after 16s
Build & Deploy / 🏗️ Build (push) Has been skipped
Build & Deploy / 🚀 Deploy (push) Has been skipped
Build & Deploy / 🧪 Post-Deploy Verification (push) Has been skipped
Build & Deploy / 🔔 Notify (push) Successful in 1s
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 6s
Build & Deploy / 🧪 QA (push) Failing after 16s
Build & Deploy / 🏗️ Build (push) Has been skipped
Build & Deploy / 🚀 Deploy (push) Has been skipped
Build & Deploy / 🧪 Post-Deploy Verification (push) Has been skipped
Build & Deploy / 🔔 Notify (push) Successful in 1s
This commit is contained in:
@@ -177,19 +177,39 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||||
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
||||||
|
USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
|
||||||
|
|
||||||
VALID_TOKEN=""
|
VALID_TOKEN=""
|
||||||
|
VALID_USER=""
|
||||||
|
|
||||||
for T in $TOKENS; do
|
for T in $TOKENS; do
|
||||||
if [ -n "$T" ]; then
|
if [ -n "$T" ]; then
|
||||||
echo "Attempting docker login for a token..."
|
for U in $USERS; do
|
||||||
if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin; then
|
if [ -n "$U" ]; then
|
||||||
echo "✅ Successfully authenticated with a token."
|
echo "Attempting docker login for a token with user $U..."
|
||||||
VALID_TOKEN="$T"
|
if echo "$T" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
|
||||||
break
|
echo "✅ Successfully authenticated with a token."
|
||||||
fi
|
VALID_TOKEN="$T"
|
||||||
|
VALID_USER="$U"
|
||||||
|
break 2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
|
||||||
TOKEN="$VALID_TOKEN"
|
if [ -z "$VALID_TOKEN" ]; then
|
||||||
|
echo "❌ All token/user combinations failed to authenticate!"
|
||||||
|
# For diagnostic exfiltration, try one openly:
|
||||||
|
T=$(echo "$TOKENS" | awk '{print $1}')
|
||||||
|
echo "Attempting open diagnostic login with first token and user mmintel..."
|
||||||
|
echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin || true
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "::add-mask::$VALID_TOKEN"
|
||||||
|
echo "token=$VALID_TOKEN" >> $GITHUB_OUTPUT
|
||||||
|
echo "user=$VALID_USER" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
# Mask token in logs (just in case, but Gitea usually does this automatically)
|
# Mask token in logs (just in case, but Gitea usually does this automatically)
|
||||||
echo "::add-mask::$TOKEN"
|
echo "::add-mask::$TOKEN"
|
||||||
@@ -292,16 +312,22 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||||
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
||||||
|
USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
|
||||||
|
|
||||||
for TOKEN in $TOKENS; do
|
for TOKEN in $TOKENS; do
|
||||||
if [ -n "$TOKEN" ]; then
|
if [ -n "$TOKEN" ]; then
|
||||||
echo "Attempting docker login for a token..."
|
for U in $USERS; do
|
||||||
if echo "$TOKEN" | docker login git.infra.mintel.me -u "mmintel" --password-stdin; then
|
if [ -n "$U" ]; then
|
||||||
echo "✅ Successfully authenticated with a token."
|
echo "Attempting docker login for a token with user $U..."
|
||||||
echo "::add-mask::$TOKEN"
|
if echo "$TOKEN" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
|
||||||
echo "token=$TOKEN" >> $GITHUB_OUTPUT
|
echo "✅ Successfully authenticated with a token."
|
||||||
exit 0
|
echo "::add-mask::$TOKEN"
|
||||||
fi
|
echo "token=$TOKEN" >> $GITHUB_OUTPUT
|
||||||
|
echo "user=$U" >> $GITHUB_OUTPUT
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
echo "❌ All available tokens (GITEA_PAT, MINTEL_PRIVATE_TOKEN, NPM_TOKEN) failed to authenticate!"
|
echo "❌ All available tokens (GITEA_PAT, MINTEL_PRIVATE_TOKEN, NPM_TOKEN) failed to authenticate!"
|
||||||
@@ -334,7 +360,7 @@ jobs:
|
|||||||
chmod 600 ~/.ssh/id_ed25519
|
chmod 600 ~/.ssh/id_ed25519
|
||||||
ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
|
ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
|
||||||
echo "Re-running docker build with plain progress to capture exact logs..."
|
echo "Re-running docker build with plain progress to capture exact logs..."
|
||||||
echo "${{ steps.discover_token.outputs.token }}" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > login.log 2>&1
|
echo "${{ steps.discover_token.outputs.token }}" | docker login git.infra.mintel.me -u "${{ steps.discover_token.outputs.user }}" --password-stdin > login.log 2>&1
|
||||||
echo "${{ steps.discover_token.outputs.token }}" > /tmp/npm_token.txt
|
echo "${{ steps.discover_token.outputs.token }}" > /tmp/npm_token.txt
|
||||||
docker build \
|
docker build \
|
||||||
--build-arg NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }} \
|
--build-arg NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }} \
|
||||||
@@ -504,15 +530,23 @@ jobs:
|
|||||||
# Deploy
|
# Deploy
|
||||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||||
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
||||||
|
USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
|
||||||
|
|
||||||
VALID_TOKEN=""
|
VALID_TOKEN=""
|
||||||
|
VALID_USER=""
|
||||||
for T in $TOKENS; do
|
for T in $TOKENS; do
|
||||||
if [ -n "$T" ]; then
|
if [ -n "$T" ]; then
|
||||||
echo "Attempting docker login for a token..."
|
for U in $USERS; do
|
||||||
if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin; then
|
if [ -n "$U" ]; then
|
||||||
echo "✅ Successfully authenticated with a token."
|
echo "Attempting docker login for a token with user $U..."
|
||||||
VALID_TOKEN="$T"
|
if echo "$T" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
|
||||||
break
|
echo "✅ Successfully authenticated with a token."
|
||||||
fi
|
VALID_TOKEN="$T"
|
||||||
|
VALID_USER="$U"
|
||||||
|
break 2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
||||||
@@ -523,7 +557,7 @@ jobs:
|
|||||||
set -e
|
set -e
|
||||||
docker network create '${{ needs.prepare.outputs.project_name }}-internal' || true
|
docker network create '${{ needs.prepare.outputs.project_name }}-internal' || true
|
||||||
docker volume create 'mintel-me_payload-db-data' || true
|
docker volume create 'mintel-me_payload-db-data' || true
|
||||||
echo '$TOKEN' | docker login git.infra.mintel.me -u 'mmintel' --password-stdin
|
echo '$TOKEN' | docker login git.infra.mintel.me -u '$VALID_USER' --password-stdin
|
||||||
cd $SITE_DIR
|
cd $SITE_DIR
|
||||||
docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull
|
docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull
|
||||||
docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans
|
docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans
|
||||||
@@ -570,14 +604,20 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
echo "Testing available secrets against git.infra.mintel.me Docker registry..."
|
||||||
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
TOKENS="${{ secrets.GITEA_PAT }} ${{ secrets.MINTEL_PRIVATE_TOKEN }} ${{ secrets.NPM_TOKEN }}"
|
||||||
|
USERS="${{ github.repository_owner }} ${{ github.actor }} marcmintel mintel mmintel"
|
||||||
|
|
||||||
VALID_TOKEN=""
|
VALID_TOKEN=""
|
||||||
for T in $TOKENS; do
|
for T in $TOKENS; do
|
||||||
if [ -n "$T" ]; then
|
if [ -n "$T" ]; then
|
||||||
if echo "$T" | docker login git.infra.mintel.me -u "mmintel" --password-stdin > /dev/null 2>&1; then
|
for U in $USERS; do
|
||||||
echo "✅ Successfully authenticated with a token."
|
if [ -n "$U" ]; then
|
||||||
VALID_TOKEN="$T"
|
if echo "$T" | docker login git.infra.mintel.me -u "$U" --password-stdin > /dev/null 2>&1; then
|
||||||
break
|
echo "✅ Successfully authenticated with a token."
|
||||||
fi
|
VALID_TOKEN="$T"
|
||||||
|
break 2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
if [ -z "$VALID_TOKEN" ]; then echo "❌ All tokens failed to authenticate!"; exit 1; fi
|
||||||
|
|||||||
Reference in New Issue
Block a user