CI Failure: Build brand outputs #1

Closed
opened 2026-02-27 22:47:47 -08:00 by ci · 0 comments
Collaborator

CI Failure Report

Workflow: Build brand outputs
Commit: 816121e91b
Run: https://git.brads.house/digitech/brand/actions/runs/1

Root Cause Analysis

The workflow completed successfully through the build pipeline:

  • Brand regeneration from brand.yml
  • Local commit created: chore: regenerate brand outputs from brand.yml

Failed at: Git push to repository

Error:

remote: Forgejo: User permission denied for writing.
To https://git.brads.house/digitech/brand.git
 ! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to `https://git.brads.house/digitech/brand.git`

Investigation:

  • CI user ci has write permission to digitech/brand (verified via API)
  • Workflow uses ${{ github.token }} for git authentication
  • The built-in github.token does not have write permissions for pushing
  • The trigger-deploy job correctly uses ${{ secrets.FORGEJO_TOKEN }} for authentication

Conclusion:
The build job's git push step uses the Forgejo Actions token (github.token) which lacks write permissions. The workflow should use secrets.FORGEJO_TOKEN for authentication (same as the trigger-deploy job).

Recommendation: @brad Update the Commit generated files if changed step in .forgejo/workflows/build.yml to use secrets.FORGEJO_TOKEN for git authentication:

git remote set-url origin "https://ci:${{ secrets.FORGEJO_TOKEN }}@git.brads.house/${{ github.repository }}.git"

Also ensure the FORGEJO_TOKEN secret exists with write scope for this repository.

## CI Failure Report **Workflow:** Build brand outputs **Commit:** 816121e91b0b7fec96c9ceb5a3d4da60b66b2080 **Run:** https://git.brads.house/digitech/brand/actions/runs/1 ## Root Cause Analysis The workflow completed successfully through the build pipeline: - Brand regeneration from brand.yml - Local commit created: `chore: regenerate brand outputs from brand.yml` **Failed at:** Git push to repository **Error:** ``` remote: Forgejo: User permission denied for writing. To https://git.brads.house/digitech/brand.git ! [remote rejected] main -> main (pre-receive hook declined) error: failed to push some refs to `https://git.brads.house/digitech/brand.git` ``` **Investigation:** - CI user `ci` has `write` permission to `digitech/brand` (verified via API) - Workflow uses `${{ github.token }}` for git authentication - The built-in `github.token` does not have write permissions for pushing - The `trigger-deploy` job correctly uses `${{ secrets.FORGEJO_TOKEN }}` for authentication **Conclusion:** The `build` job's git push step uses the Forgejo Actions token (`github.token`) which lacks write permissions. The workflow should use `secrets.FORGEJO_TOKEN` for authentication (same as the `trigger-deploy` job). **Recommendation:** @brad Update the `Commit generated files if changed` step in `.forgejo/workflows/build.yml` to use `secrets.FORGEJO_TOKEN` for git authentication: ```yaml git remote set-url origin "https://ci:${{ secrets.FORGEJO_TOKEN }}@git.brads.house/${{ github.repository }}.git" ``` Also ensure the `FORGEJO_TOKEN` secret exists with write scope for this repository.
brad closed this issue 2026-02-28 00:09:23 -08:00
Sign in to join this conversation.
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
digitech/brand#1
No description provided.