digitech/brand
digitech/brand
1
0
Fork 0
forked from brad/brand-guidelines
Code Issues Pull requests Activity Actions

CI Failure: Build brand outputs #1

New issue
Closed
opened 2026-02-27 22:47:47 -08:00 by ci · 0 comments
ci commented 2026-02-27 22:47:47 -08:00
Collaborator
Copy link

CI Failure Report

Workflow: Build brand outputs
Commit: 816121e91b
Run: https://git.brads.house/digitech/brand/actions/runs/1

Root Cause Analysis

The workflow completed successfully through the build pipeline:

  • Brand regeneration from brand.yml
  • Local commit created: chore: regenerate brand outputs from brand.yml

Failed at: Git push to repository

Error:

remote: Forgejo: User permission denied for writing.
To https://git.brads.house/digitech/brand.git
 ! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to `https://git.brads.house/digitech/brand.git`

Investigation:

  • CI user ci has write permission to digitech/brand (verified via API)
  • Workflow uses ${{ github.token }} for git authentication
  • The built-in github.token does not have write permissions for pushing
  • The trigger-deploy job correctly uses ${{ secrets.FORGEJO_TOKEN }} for authentication

Conclusion:
The build job's git push step uses the Forgejo Actions token (github.token) which lacks write permissions. The workflow should use secrets.FORGEJO_TOKEN for authentication (same as the trigger-deploy job).

Recommendation: @brad Update the Commit generated files if changed step in .forgejo/workflows/build.yml to use secrets.FORGEJO_TOKEN for git authentication:

git remote set-url origin "https://ci:${{ secrets.FORGEJO_TOKEN }}@git.brads.house/${{ github.repository }}.git"

Also ensure the FORGEJO_TOKEN secret exists with write scope for this repository.

## CI Failure Report **Workflow:** Build brand outputs **Commit:** 816121e91b0b7fec96c9ceb5a3d4da60b66b2080 **Run:** https://git.brads.house/digitech/brand/actions/runs/1 ## Root Cause Analysis The workflow completed successfully through the build pipeline: - Brand regeneration from brand.yml - Local commit created: `chore: regenerate brand outputs from brand.yml` **Failed at:** Git push to repository **Error:** ``` remote: Forgejo: User permission denied for writing. To https://git.brads.house/digitech/brand.git ! [remote rejected] main -> main (pre-receive hook declined) error: failed to push some refs to `https://git.brads.house/digitech/brand.git` ``` **Investigation:** - CI user `ci` has `write` permission to `digitech/brand` (verified via API) - Workflow uses `${{ github.token }}` for git authentication - The built-in `github.token` does not have write permissions for pushing - The `trigger-deploy` job correctly uses `${{ secrets.FORGEJO_TOKEN }}` for authentication **Conclusion:** The `build` job's git push step uses the Forgejo Actions token (`github.token`) which lacks write permissions. The workflow should use `secrets.FORGEJO_TOKEN` for authentication (same as the `trigger-deploy` job). **Recommendation:** @brad Update the `Commit generated files if changed` step in `.forgejo/workflows/build.yml` to use `secrets.FORGEJO_TOKEN` for git authentication: ```yaml git remote set-url origin "https://ci:${{ secrets.FORGEJO_TOKEN }}@git.brads.house/${{ github.repository }}.git" ``` Also ensure the `FORGEJO_TOKEN` secret exists with write scope for this repository.
brad closed this issue 2026-02-28 00:09:23 -08:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
pages
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
digitech/brand#1
No description provided.