From 3315c18ed20662e04ef148c974b66397a1f2f901 Mon Sep 17 00:00:00 2001 From: Robert Garrett Date: Mon, 21 Jul 2025 16:09:12 -0500 Subject: [PATCH] New 'authentication' section The auth tokens can now be loaded from the config files, so I need to mention that. I took the opportunity to revise the explanation of when auth is required. Now it has a more obvious example of how it depends on instance configuration. --- README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b64aa53..830f716 100644 --- a/README.md +++ b/README.md @@ -42,11 +42,16 @@ Likewise, the "repo" is what ever the Gitea instance thinks it's called -- which ### Authentication -Authentication is token-based via environment variable `RELEASE_KEY_GITEA`. +Authentication is token-based. There is no CLI option to prevent the token from appearing in any command logs. -Ensure your token has the appropriate access for your usage. This depends on what you're doing and how your Gitea instance is configured, so you'll have to figure it out for yourself. +In order of priority, the token is loaded from: -Most likely, you will need a token with "repository: read-and-write" permissions. See Gitea's documentation on [token scopes](https://docs.gitea.com/development/oauth2-provider#scopes) for more. +1. The environment variable `RELEASE_KEY_GITEA` +2. Config files, key `token` + +Whether or not it is required depends on how your Gitea instance and the repositories inside are configured. For example, a default Gitea configuration will allow unauthenticated users to see public repositories but not make any changes. This means no token is required to run `gt-tool list-releases`, while `gt-tool upload-release` *will* require a token. + +For details, see Gitea's documentation on [token scopes](https://docs.gitea.com/development/oauth2-provider#scopes). ### ``: