Definig permissions/token on organization repos

Hi,

I am confused with access control and permissions management on repos.

For now, as the owner and admin of a local Gitea instance, I have created an organization. For testing purposes it has been setup as “public”.

Inside, I have created several repos, with default settings.

On my user profile, I have created an Access Token (GITEA_TOKEN) granting all permissions on everything.

One of the repos (REPO_A) contains configuration files, generated by scripts located in another repo (REPO_B).

I have defined a workflow in REPO_B which is supposed to :

  • checkout the scripts (from REPO_B)
  • checkout the static files (from REPO_A) in a another dir (tmp_dir)
  • run the scripts against “tmp_dir” content
  • commit the results back into REPO_A if needed
- name: Checkout Scripts files
  uses: actions/checkout@v4
  with:
    ref: main
    path: .
    persist-credentials: false

- name: Checkout remote static files
  uses: actions/checkout@v4
  with:
    ref: main
    repository: REPO_A/STATIC_FILES
    path: ./tmp_dir
    token: ${{ secrets.GITEA_TOKEN }}

    ...

    - name: Commit Docker related files if needed
      run: |
        cd ${GITHUB_WORKSPACE}/tmp_dir
        git status
        git add .
        git config user.name "${{ github.actor }}"
        git config user.email "${{ github.actor }}@nowhere.com"
        git diff --quiet && git diff --staged --quiet \
        || (git commit -m "generated by Gitea [${{ gitea.actor }}]" \
        && git push )

Everything is running fine until it’s time to commit, as I get an error 403 (remote: User permission denied).

I made my first experiments with repos located in my own worspace, the same code was working flawlessly.

So what am I missing ? I have not been able to find a permissions control interface and my access token seems to allow everything everywhere.

I have tried to remove the token in the workflow definition, use “github.token” instead, but nothing improves.

So I am running out of ideas …

Thanks for any help

Regards

I have realized I am not passing any token with my shell commands.

So I have tried this approach :

     - name: Commit Docker related files if needed
       run: |
         cd ${GITHUB_WORKSPACE}/docker_tmp
         git remote -v
         new_remote_origin="$( echo $(git remote -v | grep push) | awk '{print $2}' | sed 's/:\/\//:\/\/${{ secrets.GITEA_TOKEN }}@/g' )"
         git remote set-url origin ${new_remote_origin}
         git remote -v
         git status
         git add .
         git config user.name "${{ github.actor }}"
         git config user.email "${{ github.actor }}@nowhere.com"
         git diff --quiet && git diff --staged --quiet \
         || (git commit -m "generated by Gitea [${{ gitea.actor }}]" \
         && git push )

But it’s not getting a better result.

And one last attempt before leaving it :slight_smile:

        - name: Commit Docker related files if needed
          uses: stefanzweifel/git-auto-commit-action@v5
          with:
            repository: ./docker_tmp
            commit_message: "generated by Gitea [${{ gitea.actor }}]"

Guess what ? Same result.

I have also created a new team I am a member of, with admin permissions, but no improvements either.