Document Gitea token status checks
This commit is contained in:
MrSphay
@@ -11,6 +11,7 @@ PROJECT_NAME: PROJECT_DESCRIPTION
|
||||
- Do not commit secrets, `.env` files, private keys, certificates, or tokens.
|
||||
- Do not rewrite history or run destructive git commands unless explicitly requested.
|
||||
- Do not create a release unless explicitly requested.
|
||||
- If `GITEA_TOKEN` is available locally, use it only for read-only Gitea API checks such as private repository metadata, package-read visibility, and Actions run status. Never print, commit, or store the token.
|
||||
|
||||
## Commands
|
||||
|
||||
@@ -45,4 +46,5 @@ ARTIFACT_NAME
|
||||
- Treat generated credentials and config files as sensitive.
|
||||
- Keep external network calls documented.
|
||||
- Prefer local processing for user data.
|
||||
- Keep CI publishing secrets in repository or organization secrets, not in tracked files. `REGISTRY_TOKEN` is the default package publishing secret name for the Gitea workflow template.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user