From d0c5beafce4ef91fb828fb6ac4cc9cb9fcd0371f Mon Sep 17 00:00:00 2001 From: niklascfw Date: Thu, 9 Apr 2026 23:28:14 +0200 Subject: [PATCH] fix(ci): read NX_Firmware releases without scoped job token Gitea Actions GITHUB_TOKEN often returns 404 on sibling repos. Try unauthenticated API first (public releases), then job token; optional FIRMWARE_API_TOKEN for private firmware repo. Made-with: Cursor --- .github/workflows/update-badge-data.yml | 2 ++ scripts/update-badge-data.py | 37 ++++++++++++++++++++++--- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/.github/workflows/update-badge-data.yml b/.github/workflows/update-badge-data.yml index 6be8e85..61c43c9 100644 --- a/.github/workflows/update-badge-data.yml +++ b/.github/workflows/update-badge-data.yml @@ -27,6 +27,8 @@ jobs: GITHUB_API_URL: ${{ github.api_url }} GITHUB_REPOSITORY: ${{ github.repository }} FIRMWARE_REPOSITORY: OmniNX/NX_Firmware + # Optional: PAT with read access if NX_Firmware is private (job token often 404s on other repos). + FIRMWARE_API_TOKEN: ${{ secrets.FIRMWARE_API_TOKEN }} run: python3 scripts/update-badge-data.py - name: Commit and push if changed diff --git a/scripts/update-badge-data.py b/scripts/update-badge-data.py index 54cff84..4f25c48 100644 --- a/scripts/update-badge-data.py +++ b/scripts/update-badge-data.py @@ -36,6 +36,35 @@ def fetch_releases(api_base: str, repo: str, token: str) -> list: return out +def _token_attempt_order(pack_token: str) -> list[str]: + """Repos/branches the job token cannot see on Gitea often return 404; public /releases works without auth.""" + pat = os.environ.get("FIRMWARE_API_TOKEN", "").strip() + order = [pat, "", pack_token] if pat else ["", pack_token] + seen: set[str] = set() + out: list[str] = [] + for t in order: + if t in seen: + continue + seen.add(t) + out.append(t) + return out + + +def fetch_releases_with_token_fallback( + api_base: str, repo: str, pack_token: str +) -> tuple[list | None, urllib.error.HTTPError | None]: + last_err: urllib.error.HTTPError | None = None + for t in _token_attempt_order(pack_token): + try: + return fetch_releases(api_base, repo, t), None + except urllib.error.HTTPError as e: + last_err = e + if e.code in (401, 403, 404): + continue + raise + return None, last_err + + def sum_zip_downloads(releases: list) -> int: total = 0 for rel in releases: @@ -92,11 +121,11 @@ def main() -> int: return 1 fw: str | None = None - try: - fw_releases = fetch_releases(api_base, fw_repo, token) + fw_releases, fw_err = fetch_releases_with_token_fallback(api_base, fw_repo, token) + if fw_releases is not None: fw = first_non_draft_tag(fw_releases) - except urllib.error.HTTPError as e: - print(f"Firmware-Repo ({fw_repo}): HTTP {e.code} — {e.reason}", file=sys.stderr) + elif fw_err is not None: + print(f"Firmware-Repo ({fw_repo}): HTTP {fw_err.code} — {fw_err.reason}", file=sys.stderr) if not fw: fw = load_existing_firmware() or "unknown"