ci: clone fai/module-sdk anonymously, not with cross-org token
Some checks failed
CI / Linux x86_64 (Forgejo) (push) Failing after 2s

Initial CI run on commit cc72db04 failed in 2 seconds because
the workflow used the repo-scoped GITHUB_TOKEN to clone the
sibling fai/module-sdk repository. That token is scoped to the
current repo (fai-modules/text-extract) and could not read a
private repo in a different org (fai/), so git fetch returned
401 and aborted the run.

fai/module-sdk has been made public — the SDK is the
authoring-surface for module developers and contains nothing
that needs to stay private. With the SDK public, an anonymous
clone is sufficient and avoids the cross-org token-scope
friction entirely.

The text-extract repo itself stays private; only the
authoring-surface SDK is public.

Bumps the module patch version 0.1.0 -> 0.1.1 per the
per-commit policy.

Signed-off-by: flemming-it <sf@flemming.it>
This commit is contained in:
flemming-it 2026-05-01 17:14:53 +02:00
parent cc72db0421
commit c4119169af
3 changed files with 9 additions and 5 deletions

View file

@ -44,8 +44,12 @@ jobs:
mkdir -p "$sdk_dir"
cd "$sdk_dir"
git init -q
# The SDK lives in a different Forgejo org (fai/) and the
# repo-scoped GITHUB_TOKEN cannot read it. The SDK is
# public, so an anonymous clone is sufficient and avoids
# cross-org token-scope friction.
git remote add origin \
"https://x-access-token:${GITHUB_TOKEN}@git.flemming.ws/fai/module-sdk.git"
"https://git.flemming.ws/fai/module-sdk.git"
git fetch --depth=1 origin main
git checkout -q FETCH_HEAD
echo "module-sdk checked out at: $sdk_dir"