From e70d035672efacbd1354ae3c1328bc45e7e76f58 Mon Sep 17 00:00:00 2001
From: Haylan <code@arthurerlich.ch>
Date: Fri, 29 May 2026 19:42:10 +0200
Subject: [PATCH] feat: change to use token

---
 .gitea/workflows/docker-publish.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/docker-publish.yml b/.gitea/workflows/docker-publish.yml
index 9f5fc27..7b63997 100644
--- a/.gitea/workflows/docker-publish.yml
+++ b/.gitea/workflows/docker-publish.yml
@@ -2,8 +2,9 @@
 # Triggered manually via workflow_dispatch — enter an existing semver tag (e.g. 1.2.3)
 # in the "Release tag" input. The workflow will fail early if the tag does not exist.
 #
-# No secrets required — the automatic gitea.token is used for registry login.
-# Gitea grants it package write access via the permissions block below.
+# Requires a repository secret REGISTRY_TOKEN — a Gitea PAT with write:package scope.
+# Create it at: Settings → Applications → Generate Token (scope: write:package)
+# Then add it: Repository → Settings → Secrets → Actions → REGISTRY_TOKEN
 #
 # After a successful run the image is available at:
 #   <your-gitea-host>/<owner>/<repo>:<version>
@@ -70,7 +71,7 @@ jobs:
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ gitea.actor }}
-          password: ${{ gitea.token }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
 
       - name: Build and push
         uses: docker/build-push-action@v5