every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2

dev: use forgejo-cli (fj) instead of tea

Browse source
This commit is contained in:
every.channel 2026-02-15 17:24:44 -05:00
parent 6cb4a9e401
commit 77dc6788f0
No known key found for this signature in database
4 changed files with 10 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
evolution/proposals/ECP-0061-agenix-secrets.md
View file

@ -7,7 +7,7 @@ Status: Draft
Provide a simple, repo-native way to manage a small set of long-lived tokens for local development without committing plaintext secrets:
- Cloudflare API token (local `wrangler deploy`)
- Codeberg token (optional; for `tea` CLI)
- Codeberg token (optional; for `fj` CLI)
## Non-Goals
@ -23,10 +23,10 @@ Provide a simple, repo-native way to manage a small set of long-lived tokens for
- `secrets/codeberg-token.age`
2. Add tools to the nix dev shell:
- `agenix`
- `tea` (Forgejo/Gitea-compatible CLI)
- `forgejo-cli` (`fj`)
3. Update scripts to use these secrets opportunistically:
- `scripts/deploy-workers.sh` loads `CLOUDFLARE_API_TOKEN` via `agenix -d` when present.
- `scripts/tea-login-codeberg.sh` configures `tea` using `CODEBERG_TOKEN` (env) or `agenix`.
- `scripts/fj-auth-codeberg.sh` configures `fj` using `CODEBERG_TOKEN` (env) or `agenix`.
## Rationale
@ -37,4 +37,3 @@ CI remains clean and auditable by using the platform's secret store.
- Additive. If a developer doesn't use `agenix`, nothing breaks.
- Easy to remove later if a different secret system is adopted.