From ef2010cb48a9d4389695c180f224eae6bf1b9f28 Mon Sep 17 00:00:00 2001
From: limitcool <initcoool@gmail.com>
Date: Tue, 31 Mar 2026 22:06:11 +0800
Subject: [PATCH] fix: allow docker workflow to fallback to gitea token

---
 .gitea/workflows/backend-docker.yml | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/backend-docker.yml b/.gitea/workflows/backend-docker.yml
index 1dfe842..e8c5e18 100644
--- a/.gitea/workflows/backend-docker.yml
+++ b/.gitea/workflows/backend-docker.yml
@@ -13,6 +13,10 @@ on:
       - .gitea/workflows/backend-docker.yml
   workflow_dispatch:
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
@@ -110,10 +114,26 @@ jobs:
           REGISTRY_HOST: ${{ steps.meta.outputs.registry_host }}
           REGISTRY_USER: ${{ secrets.REGISTRY_USERNAME }}
           REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+          BUILTIN_GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          GITHUB_ACTOR_NAME: ${{ github.actor }}
         run: |
           set -euo pipefail
+
+          CUSTOM_REGISTRY_USER="${REGISTRY_USER:-}"
+          CUSTOM_REGISTRY_TOKEN="${REGISTRY_TOKEN:-}"
+          BUILTIN_REGISTRY_TOKEN="${BUILTIN_GITEA_TOKEN:-}"
+          ACTOR_USER="${GITHUB_ACTOR_NAME:-}"
+
+          if [ -n "${CUSTOM_REGISTRY_TOKEN}" ]; then
+            REGISTRY_USER="${CUSTOM_REGISTRY_USER:-${ACTOR_USER}}"
+            REGISTRY_TOKEN="${CUSTOM_REGISTRY_TOKEN}"
+          else
+            REGISTRY_USER="${ACTOR_USER:-${CUSTOM_REGISTRY_USER}}"
+            REGISTRY_TOKEN="${BUILTIN_REGISTRY_TOKEN}"
+          fi
+
           if [ -z "${REGISTRY_USER}" ] || [ -z "${REGISTRY_TOKEN}" ]; then
-            echo "Missing secrets: REGISTRY_USERNAME / REGISTRY_TOKEN"
+            echo "Missing registry credentials: set REGISTRY_USERNAME/REGISTRY_TOKEN, or rely on the built-in GITEA_TOKEN with packages:write permission."
             exit 1
           fi