coulomb/kaizen-agentic
2
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases Wiki Activity

fix: Gitea Actions use haskelseed runner and PACKAGE_* secrets
Some checks failed
ci / test (3.12) (push) Has been cancelled
Details
ci / test (3.10) (push) Has been cancelled
Details

Browse Source 
ubuntu-latest never matched the self-hosted runner; Gitea also rejects
GITEA_-prefixed secret names. Wire publish workflow to PACKAGE_USER/TOKEN.
This commit is contained in:
Bernd Worsch
2026-06-16 03:13:01 +02:00
parent c004c3d4d7
commit 2a03eed012
4 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/ci.yml
View File

@@ -8,7 +8,7 @@ on:
jobs:
test:
runs-on: ubuntu-latest
runs-on: haskelseed
strategy:
matrix:
python-version: ["3.10", "3.12"]

6
.gitea/workflows/publish-python-package.yml
View File

@@ -8,7 +8,7 @@ on:
jobs:
publish:
runs-on: ubuntu-latest
runs-on: haskelseed
steps:
- name: Check out source
uses: actions/checkout@v4
@@ -29,8 +29,8 @@ jobs:
- name: Upload to Gitea PyPI
env:
TWINE_USERNAME: ${{ secrets.GITEA_PACKAGE_USER }}
TWINE_PASSWORD: ${{ secrets.GITEA_PACKAGE_TOKEN }}
TWINE_USERNAME: ${{ secrets.PACKAGE_USER }}
TWINE_PASSWORD: ${{ secrets.PACKAGE_TOKEN }}
run: >-
python -m twine upload
--repository-url https://gitea.coulomb.social/api/packages/coulomb/pypi

9
docs/PACKAGE_RELEASE.md
View File

@@ -60,8 +60,11 @@ Configure in Gitea: **Repository → Settings → Actions → Secrets**.
| Secret | Value |
|--------|-------|
| `GITEA_PACKAGE_USER` | Gitea username with package upload permission (e.g. `tegwick`) |
| `GITEA_PACKAGE_TOKEN` | Gitea API token with `write:package` scope |
| `PACKAGE_USER` | Gitea username with package upload permission (e.g. `tegwick`) |
| `PACKAGE_TOKEN` | Gitea API token with `write:package` scope |
Gitea rejects secret names prefixed with `GITEA_` — use `PACKAGE_USER` / `PACKAGE_TOKEN`
(not `GITEA_PACKAGE_USER`).
The publish workflow fails at the upload step when either secret is missing or
invalid. Do not commit tokens to the repository.
@@ -79,7 +82,7 @@ Before `git tag vX.Y.Z && git push origin vX.Y.Z`:
- [ ] `make release-check` passes (tests, flake8, version consistency, agent parity)
- [ ] `make package-check` builds and validates `dist/*`
- [ ] `CHANGELOG.md` has a dated `[X.Y.Z]` section matching `pyproject.toml`
- [ ] `GITEA_PACKAGE_USER` and `GITEA_PACKAGE_TOKEN` secrets are set
- [ ] `PACKAGE_USER` and `PACKAGE_TOKEN` secrets are set
- [ ] Publish workflow smoke-tested via `workflow_dispatch` (or prior tag release)
- [ ] `make agents-sync-package` run if `agents/` changed since last release

4
workplans/kaizen-agentic-WP-0005-adoption-parity.md
View File

@@ -37,8 +37,8 @@ Confirm tag-triggered publication works end-to-end before the v1.2.0 cut.
### Tasks
- [ ] T01 — Configure `GITEA_PACKAGE_USER` and `GITEA_PACKAGE_TOKEN` secrets in Gitea repo settings (document checklist in `docs/PACKAGE_RELEASE.md`)
- [ ] T02 — Smoke-test `.gitea/workflows/publish-python-package.yml` via `workflow_dispatch` (run #7 dispatched 2026-06-16; queued pending runner)
- [x] T01 — Configure `PACKAGE_USER` and `PACKAGE_TOKEN` secrets in Gitea (Gitea rejects `GITEA_*` secret names)
- [ ] T02 — Smoke-test `.gitea/workflows/publish-python-package.yml` via `workflow_dispatch`
- [x] T03 — Add pre-tag release checklist to `docs/PACKAGE_RELEASE.md` (secrets, `make package-check`, tag format)
### Definition of done