From 0c23b0e261e01dda39e6baecededc8561b59e99c Mon Sep 17 00:00:00 2001 From: b3nw Date: Tue, 28 Apr 2026 01:40:42 +0000 Subject: [PATCH] fix(ci): use CRT_READ_ONLY for cross-repo clone actions/checkout@v3's Basic auth header pattern fails with 403 when accessing a different private repository. Switch to a plain git clone with the CRT_READ_ONLY token embedded in the HTTPS URL. --- .gitea/workflows/build.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 11fd3de..41034d3 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -15,12 +15,14 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Checkout schwab-scraper - uses: actions/checkout@v3 - with: - repository: b3nw/schwab-scraper - path: vendor/schwab-scraper - token: ${{ secrets.CR_PAT }} + - name: Clone schwab-scraper + env: + CLONE_TOKEN: ${{ secrets.CRT_READ_ONLY }} + run: | + mkdir -p vendor + git clone --depth=1 --branch main \ + "https://x-access-token:${CLONE_TOKEN}@gitea.ext.ben.io/b3nw/schwab-scraper.git" \ + vendor/schwab-scraper - name: Login to Gitea Container Registry uses: docker/login-action@v2