fix: Gitea Actions use haskelseed runner and PACKAGE_* secrets
Some checks failed
ci / test (3.12) (push) Has been cancelled
ci / test (3.10) (push) Has been cancelled

ubuntu-latest never matched the self-hosted runner; Gitea also rejects
GITEA_-prefixed secret names. Wire publish workflow to PACKAGE_USER/TOKEN.
This commit is contained in:
2026-06-16 03:13:01 +02:00
parent c004c3d4d7
commit 2a03eed012
4 changed files with 12 additions and 9 deletions

View File

@@ -8,7 +8,7 @@ on:
jobs: jobs:
test: test:
runs-on: ubuntu-latest runs-on: haskelseed
strategy: strategy:
matrix: matrix:
python-version: ["3.10", "3.12"] python-version: ["3.10", "3.12"]

View File

@@ -8,7 +8,7 @@ on:
jobs: jobs:
publish: publish:
runs-on: ubuntu-latest runs-on: haskelseed
steps: steps:
- name: Check out source - name: Check out source
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -29,8 +29,8 @@ jobs:
- name: Upload to Gitea PyPI - name: Upload to Gitea PyPI
env: env:
TWINE_USERNAME: ${{ secrets.GITEA_PACKAGE_USER }} TWINE_USERNAME: ${{ secrets.PACKAGE_USER }}
TWINE_PASSWORD: ${{ secrets.GITEA_PACKAGE_TOKEN }} TWINE_PASSWORD: ${{ secrets.PACKAGE_TOKEN }}
run: >- run: >-
python -m twine upload python -m twine upload
--repository-url https://gitea.coulomb.social/api/packages/coulomb/pypi --repository-url https://gitea.coulomb.social/api/packages/coulomb/pypi

View File

@@ -60,8 +60,11 @@ Configure in Gitea: **Repository → Settings → Actions → Secrets**.
| Secret | Value | | Secret | Value |
|--------|-------| |--------|-------|
| `GITEA_PACKAGE_USER` | Gitea username with package upload permission (e.g. `tegwick`) | | `PACKAGE_USER` | Gitea username with package upload permission (e.g. `tegwick`) |
| `GITEA_PACKAGE_TOKEN` | Gitea API token with `write:package` scope | | `PACKAGE_TOKEN` | Gitea API token with `write:package` scope |
Gitea rejects secret names prefixed with `GITEA_` — use `PACKAGE_USER` / `PACKAGE_TOKEN`
(not `GITEA_PACKAGE_USER`).
The publish workflow fails at the upload step when either secret is missing or The publish workflow fails at the upload step when either secret is missing or
invalid. Do not commit tokens to the repository. invalid. Do not commit tokens to the repository.
@@ -79,7 +82,7 @@ Before `git tag vX.Y.Z && git push origin vX.Y.Z`:
- [ ] `make release-check` passes (tests, flake8, version consistency, agent parity) - [ ] `make release-check` passes (tests, flake8, version consistency, agent parity)
- [ ] `make package-check` builds and validates `dist/*` - [ ] `make package-check` builds and validates `dist/*`
- [ ] `CHANGELOG.md` has a dated `[X.Y.Z]` section matching `pyproject.toml` - [ ] `CHANGELOG.md` has a dated `[X.Y.Z]` section matching `pyproject.toml`
- [ ] `GITEA_PACKAGE_USER` and `GITEA_PACKAGE_TOKEN` secrets are set - [ ] `PACKAGE_USER` and `PACKAGE_TOKEN` secrets are set
- [ ] Publish workflow smoke-tested via `workflow_dispatch` (or prior tag release) - [ ] Publish workflow smoke-tested via `workflow_dispatch` (or prior tag release)
- [ ] `make agents-sync-package` run if `agents/` changed since last release - [ ] `make agents-sync-package` run if `agents/` changed since last release

View File

@@ -37,8 +37,8 @@ Confirm tag-triggered publication works end-to-end before the v1.2.0 cut.
### Tasks ### Tasks
- [ ] T01 — Configure `GITEA_PACKAGE_USER` and `GITEA_PACKAGE_TOKEN` secrets in Gitea repo settings (document checklist in `docs/PACKAGE_RELEASE.md`) - [x] T01 — Configure `PACKAGE_USER` and `PACKAGE_TOKEN` secrets in Gitea (Gitea rejects `GITEA_*` secret names)
- [ ] T02 — Smoke-test `.gitea/workflows/publish-python-package.yml` via `workflow_dispatch` (run #7 dispatched 2026-06-16; queued pending runner) - [ ] T02 — Smoke-test `.gitea/workflows/publish-python-package.yml` via `workflow_dispatch`
- [x] T03 — Add pre-tag release checklist to `docs/PACKAGE_RELEASE.md` (secrets, `make package-check`, tag format) - [x] T03 — Add pre-tag release checklist to `docs/PACKAGE_RELEASE.md` (secrets, `make package-check`, tag format)
### Definition of done ### Definition of done