tomtomx3/OmniNX
1
0
Fork 0
forked from Mirrors/OmniNX
Code Pull requests Activity

fix(ci): read NX_Firmware releases without scoped job token

Browse source 
Gitea Actions GITHUB_TOKEN often returns 404 on sibling repos. Try
unauthenticated API first (public releases), then job token; optional
FIRMWARE_API_TOKEN for private firmware repo.

Made-with: Cursor
This commit is contained in:
niklascfw 2026-04-09 23:28:14 +02:00
parent 462cce5896
commit d0c5beafce
No known key found for this signature in database
2 changed files with 35 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/update-badge-data.yml vendored
View file

@ -27,6 +27,8 @@ jobs:
GITHUB_API_URL: ${{ github.api_url }} GITHUB_API_URL: ${{ github.api_url }}
GITHUB_REPOSITORY: ${{ github.repository }} GITHUB_REPOSITORY: ${{ github.repository }}
FIRMWARE_REPOSITORY: OmniNX/NX_Firmware FIRMWARE_REPOSITORY: OmniNX/NX_Firmware
# Optional: PAT with read access if NX_Firmware is private (job token often 404s on other repos).
FIRMWARE_API_TOKEN: ${{ secrets.FIRMWARE_API_TOKEN }}
run: python3 scripts/update-badge-data.py run: python3 scripts/update-badge-data.py
- name: Commit and push if changed - name: Commit and push if changed

37
scripts/update-badge-data.py
View file

@ -36,6 +36,35 @@ def fetch_releases(api_base: str, repo: str, token: str) -> list:
return out return out
def _token_attempt_order(pack_token: str) -> list[str]:
"""Repos/branches the job token cannot see on Gitea often return 404; public /releases works without auth."""
pat = os.environ.get("FIRMWARE_API_TOKEN", "").strip()
order = [pat, "", pack_token] if pat else ["", pack_token]
seen: set[str] = set()
out: list[str] = []
for t in order:
if t in seen:
continue
seen.add(t)
out.append(t)
return out
def fetch_releases_with_token_fallback(
api_base: str, repo: str, pack_token: str
) -> tuple[list | None, urllib.error.HTTPError | None]:
last_err: urllib.error.HTTPError | None = None
for t in _token_attempt_order(pack_token):
try:
return fetch_releases(api_base, repo, t), None
except urllib.error.HTTPError as e:
last_err = e
if e.code in (401, 403, 404):
continue
raise
return None, last_err
def sum_zip_downloads(releases: list) -> int: def sum_zip_downloads(releases: list) -> int:
total = 0 total = 0
for rel in releases: for rel in releases:
@ -92,11 +121,11 @@ def main() -> int:
return 1 return 1
fw: str | None = None fw: str | None = None
try: fw_releases, fw_err = fetch_releases_with_token_fallback(api_base, fw_repo, token)
fw_releases = fetch_releases(api_base, fw_repo, token) if fw_releases is not None:
fw = first_non_draft_tag(fw_releases) fw = first_non_draft_tag(fw_releases)
except urllib.error.HTTPError as e: elif fw_err is not None:
print(f"Firmware-Repo ({fw_repo}): HTTP {e.code}{e.reason}", file=sys.stderr) print(f"Firmware-Repo ({fw_repo}): HTTP {fw_err.code}{fw_err.reason}", file=sys.stderr)
if not fw: if not fw:
fw = load_existing_firmware() or "unknown" fw = load_existing_firmware() or "unknown"