From 51e45d9327b4e4322f1cb4fda35c6683961c4277 Mon Sep 17 00:00:00 2001
From: Vladimir Zagainov <mrixs@mrixs.ru>
Date: Mon, 1 Jun 2026 17:16:47 +0300
Subject: [PATCH] fix: use PAT for Gitea Container Registry authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Gitea's GITHUB_TOKEN is read-only for packages (issue #23642).
Switch to PACKAGES_TOKEN Personal Access Token with write:package scope.

Setup required:
1. Gitea → User Settings → Applications → Generate Token (read:package, write:package)
2. Repo → Settings → Actions → Secrets → PACKAGES_TOKEN
---
 .gitea/workflows/ci.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index dcb1a04..ed28087 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -1,5 +1,11 @@
 name: CI
 
+# Required repo secret: PACKAGES_TOKEN
+# Generate at: Gitea → User Settings → Applications → Generate New Token
+# Scopes: read:package, write:package
+# Save as: Repository → Settings → Actions → Secrets → PACKAGES_TOKEN
+# Note: GITHUB_TOKEN is read-only for packages in Gitea (issue #23642).
+
 on:
   push:
     branches: ["**"]
@@ -113,8 +119,8 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: gitea.mrixs.me
-          username: ${{ gitea.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${{ gitea.repository_owner }}
+          password: ${{ secrets.PACKAGES_TOKEN }}
 
       - name: Build and push
         uses: docker/build-push-action@v5