Complete workflow token migration and pip fixes

Token Migration (GITHUB_TOKEN GH_TOKEN): - Update CI workflow to use GH_TOKEN secret - Update Release workflow to use GH_TOKEN secret - Update Security workflow to use GH_TOKEN secret - Maintain environment variable compatibility - Update token validation messages Pip Installation Improvements: - Add --root-user-action=ignore to all pip commands - Eliminates 'Running pip as root user' warnings - Applied across all workflow jobs consistently - Improves workflow reliability and log cleanliness Affected Workflows: - CI: Fixed token references + pip warnings - Release: Fixed token references + pip warnings - Security: Fixed token references + pip warnings + validation messages Changes Summary: - 3 workflow files updated - 37 insertions, 37 deletions (clean replacements) - Consistent token naming across all workflows - All pip commands now use --root-user-action=ignore flag Benefits: - Gitea-compatible secret naming (GH_TOKEN) - Cleaner workflow logs without pip warnings - Better error handling and validation - Consistent token usage across all pipelines
2025-08-12 16:50:09 +07:00
parent b13a4fe400
commit 505c65f614
3 changed files with 37 additions and 37 deletions
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -16,7 +16,7 @@ env:
  REGISTRY: git.b4l.co.th
  IMAGE_NAME: b4l/northern-thailand-ping-river-monitor
  # GitHub token for better rate limits and authentication
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GH_TOKEN: ${{ secrets.GH_TOKEN }}

 jobs:
  # Create release
@@ -83,9 +83,9 @@ jobs:
        
    - name: Install dependencies
      run: |
-        python -m pip install --upgrade pip
-        pip install -r requirements.txt
-        pip install -r requirements-dev.txt
+        python -m pip install --upgrade pip --root-user-action=ignore
+        pip install --root-user-action=ignore -r requirements.txt
+        pip install --root-user-action=ignore -r requirements-dev.txt
        
    - name: Run full test suite
      run: |
@@ -95,7 +95,7 @@ jobs:
        
    - name: Build Python package
      run: |
-        pip install build
+        pip install --root-user-action=ignore build
        python -m build
        
    - name: Upload Python package
@@ -160,9 +160,9 @@ jobs:
        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }}
        format: 'sarif'
        output: 'trivy-results.sarif'
-        github-token: ${{ secrets.GITHUB_TOKEN }}
+        github-token: ${{ secrets.GH_TOKEN }}
      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
        
    - name: Upload Trivy scan results
      uses: actions/upload-artifact@v3