diff --git a/.forgejo/workflows/branch-cleanup.yaml b/.forgejo/workflows/branch-cleanup.yaml index afdaee7..cb509b3 100644 --- a/.forgejo/workflows/branch-cleanup.yaml +++ b/.forgejo/workflows/branch-cleanup.yaml @@ -30,12 +30,11 @@ jobs: - name: Run branch cleanup env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | CUTOFF="${{ inputs.cutoff || '30' }}" echo "Running branch cleanup with cutoff=${CUTOFF} days..." uv run --script mise-tasks/branch-cleanup \ --remote-only \ --yes \ - --token "$GITHUB_TOKEN" \ --cutoff "$CUTOFF" diff --git a/mise-tasks/branch-cleanup b/mise-tasks/branch-cleanup index 89265bf..0ba9187 100755 --- a/mise-tasks/branch-cleanup +++ b/mise-tasks/branch-cleanup @@ -18,8 +18,9 @@ Detects merged branches via two methods: 2. Forgejo API (catches squash-merged PRs) Remote branches are deleted via the Forgejo API. The token is resolved: - 1. --token flag (for CI: pass $GITHUB_TOKEN) - 2. 1Password: op read (for local use, prompts biometric) + 1. --token flag (explicit) + 2. FORGEJO_TOKEN environment variable (for CI) + 3. 1Password: op read (for local use, prompts biometric) Local branches are deleted via git branch -D. @@ -32,6 +33,7 @@ Usage: mise run branch-cleanup --dry-run # preview only """ +import os import subprocess from datetime import datetime, timezone from typing import Annotated @@ -60,9 +62,12 @@ def run_git(*args: str) -> str: def resolve_token(explicit_token: str | None, console: Console) -> str: - """Resolve Forgejo API token: explicit flag > 1Password.""" + """Resolve Forgejo API token: explicit flag > FORGEJO_TOKEN env > 1Password.""" if explicit_token: return explicit_token + env_token = os.environ.get("FORGEJO_TOKEN", "").strip() + if env_token: + return env_token console.print("[dim]Reading Forgejo API token from 1Password...[/dim]") try: result = subprocess.run(