fix : use Docker Registry V2 Bearer token auth for Gitea

The Gitea container registry requires a two-step auth flow: 1. Get Bearer token from /v2/token with Basic auth 2. Use Bearer token for /v2/{owner}/{package}/tags/list Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 15:53:15 +02:00
parent 5d2aba634e
commit 7127bdfdfc
1 changed files with 22 additions and 1 deletions
--- a/src/Service/GiteaRegistryService.php
+++ b/src/Service/GiteaRegistryService.php
@@ -35,11 +35,13 @@ final readonly class GiteaRegistryService
        $owner = $parts[1];
        $package = implode('/', \array_slice($parts, 2));

+        $bearerToken = $this->getBearerToken($owner, $package);
+
        $url = sprintf('%s/v2/%s/%s/tags/list', $this->giteaApiUrl, $owner, $package);

        $response = $this->httpClient->request('GET', $url, [
            'headers' => [
-                'Authorization' => sprintf('token %s', $this->giteaApiToken),
+                'Authorization' => sprintf('Bearer %s', $bearerToken),
            ],
            'timeout' => 10,
        ]);
@@ -69,4 +71,23 @@ final readonly class GiteaRegistryService

        return $tags;
    }
+
+    private function getBearerToken(string $owner, string $package): string
+    {
+        $tokenUrl = sprintf(
+            '%s/v2/token?service=container_registry&scope=repository:%s/%s:pull',
+            $this->giteaApiUrl,
+            $owner,
+            $package,
+        );
+
+        $response = $this->httpClient->request('GET', $tokenUrl, [
+            'auth_basic' => [$this->giteaApiToken, ''],
+            'timeout' => 10,
+        ]);
+
+        $data = $response->toArray();
+
+        return $data['token'] ?? throw new \RuntimeException('Failed to obtain bearer token from Gitea registry.');
+    }
 }