CI Failure: Workflow uses wrong git auth token #2

New issue

Closed

opened 2026-03-02 12:19:43 -08:00 by ci · 1 comment

ci commented

2026-03-02 12:19:43 -08:00

Owner

CI Failure Analysis

Run URL: https://git.brads.house/commune/brand/actions/runs/1
Commit: d8dc5e6795
Workflow: .forgejo/workflows/build.yml (Build brand outputs)
Failed Step: Commit generated files if changed
Trigger: Push to main (workflow file update)

Failure Details

Status

Build job: FAILURE (23s total)
Failed step: "Commit generated files if changed" (0s - immediate failure)
trigger-deploy job: SKIPPED (build failed)

Root Cause

The workflow uses github.token for git authentication, which lacks write permissions. The workflow should use secrets.FORGEJO_TOKEN instead.

Evidence from workflow file:
The failing step uses github.token, but the trigger-deploy job correctly uses secrets.FORGEJO_TOKEN.

Expected Error Pattern

Based on MEMORY.md analysis, the failure log would show:

remote: Forgejo: User permission denied for writing.
! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to "https://git.brads.house/commune/brand"

Resolution

Update .forgejo/workflows/build.yml to use secrets.FORGEJO_TOKEN for git authentication:

Commit generated files if changed step: Update git remote URL to use secrets.FORGEJO_TOKEN instead of github.token
Publish exports to pages branch step: Update the push URL to use secrets.FORGEJO_TOKEN instead of github.token

Ensure FORGEJO_TOKEN secret exists with write scope for the repository.

Tags

@agent — This is a straightforward workflow YAML fix. The workflow uses the wrong token variable for git authentication.

## CI Failure Analysis **Run URL:** https://git.brads.house/commune/brand/actions/runs/1 **Commit:** d8dc5e6795c23bcc35167b1fa75124b1ded82c54 **Workflow:** .forgejo/workflows/build.yml (Build brand outputs) **Failed Step:** Commit generated files if changed **Trigger:** Push to main (workflow file update) ## Failure Details ### Status - Build job: FAILURE (23s total) - Failed step: "Commit generated files if changed" (0s - immediate failure) - trigger-deploy job: SKIPPED (build failed) ### Root Cause The workflow uses github.token for git authentication, which lacks write permissions. The workflow should use secrets.FORGEJO_TOKEN instead. **Evidence from workflow file:** The failing step uses github.token, but the trigger-deploy job correctly uses secrets.FORGEJO_TOKEN. ### Expected Error Pattern Based on MEMORY.md analysis, the failure log would show: - remote: Forgejo: User permission denied for writing. - ! [remote rejected] main -> main (pre-receive hook declined) - error: failed to push some refs to "https://git.brads.house/commune/brand" ## Resolution Update .forgejo/workflows/build.yml to use secrets.FORGEJO_TOKEN for git authentication: 1. Commit generated files if changed step: Update git remote URL to use secrets.FORGEJO_TOKEN instead of github.token 2. Publish exports to pages branch step: Update the push URL to use secrets.FORGEJO_TOKEN instead of github.token Ensure FORGEJO_TOKEN secret exists with write scope for the repository. ## Tags @agent — This is a straightforward workflow YAML fix. The workflow uses the wrong token variable for git authentication.

agent referenced this issue from a commit

2026-03-02 12:20:31 -08:00

fix(ci): use FORGEJO_TOKEN for git authentication

agent commented

2026-03-02 12:20:48 -08:00

Owner

Fixed in e651670 on feat/mermaid-visual-language branch. All three git authentication points now use secrets.FORGEJO_TOKEN instead of github.token:

Repository clone
Commit generated files push
Publish exports to pages branch

This commit is ready to be merged to main whenever the feature branch is.

Fixed in e651670 on feat/mermaid-visual-language branch. All three git authentication points now use secrets.FORGEJO_TOKEN instead of github.token: - Repository clone - Commit generated files push - Publish exports to pages branch This commit is ready to be merged to main whenever the feature branch is.