fix(ci): use PAT instead of GITHUB_TOKEN for tag push to trigger tag.yaml workflow
PR Checks / hadolint (pull_request) Successful in 6s
PR Checks / build-test (pull_request) Successful in 12s

GITHUB_TOKEN is the internal actions runner token — pushes made with it
don't trigger new workflow runs (by design, prevents infinite loops).
Using a real user PAT (SA_TOKEN_ACTION_PUSH_TAGS) makes the tag push
trigger the tag.yaml workflow correctly.

Fixes the issue where tag pushes from the 'tag' job didn't launch the
'Tag Release' pipeline (tag.yaml).
This commit is contained in:
2026-06-13 13:46:40 -04:00
parent d2c073b6d3
commit 594550dc6d
+8 -8
View File
@@ -15,18 +15,18 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - uses: docker/setup-buildx-action@d7f5e7f509e45cec5ec5cec76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- id: meta - id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 uses: docker/metadata-action@80c7e94dd9b9319bdbe7f3a1c0a1c2e23a2a2e9 # v6
with: with:
images: jcabillot/offlineimap images: jcabillot/offlineimap
tags: | tags: |
type=raw,value=latest type=raw,value=latest
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 - uses: docker/build-push-action@f9f3042f7e2788959588e958b3e2e3c5195bfaf # v7.2.0
with: with:
context: . context: .
push: true push: true
@@ -37,7 +37,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - uses: docker/setup-buildx-action@d7f5e7f509e45cec5ec5cec76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} . - run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }} - run: bash tests/test.sh ci-image:${{ github.sha }}
tag: tag:
@@ -48,11 +48,11 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Configure git auth - name: Configure git auth
run: | run: |
git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@scm.cabillot.eu/perso/offlineimap.git" git remote set-url origin "https://x-access-token:${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}@scm.cabillot.eu/perso/offlineimap.git"
- uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0 - uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16d04aec3cc312fd8 # v1.75.0
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}
DEFAULT_BUMP: patch DEFAULT_BULB: patch
RELEASE_BRANCHES: master RELEASE_BRANCHES: master
WITH_V: true WITH_V: true
GIT_API_TAGGING: false GIT_API_TAGGING: false