From 7127bdfdfcf4abb41fabe496995e06fc76aa7b6a Mon Sep 17 00:00:00 2001 From: tristan Date: Mon, 6 Apr 2026 15:53:15 +0200 Subject: [PATCH] fix : use Docker Registry V2 Bearer token auth for Gitea The Gitea container registry requires a two-step auth flow: 1. Get Bearer token from /v2/token with Basic auth 2. Use Bearer token for /v2/{owner}/{package}/tags/list Co-Authored-By: Claude Opus 4.6 (1M context) --- src/Service/GiteaRegistryService.php | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/Service/GiteaRegistryService.php b/src/Service/GiteaRegistryService.php index d32c6cf..ae686da 100644 --- a/src/Service/GiteaRegistryService.php +++ b/src/Service/GiteaRegistryService.php @@ -35,11 +35,13 @@ final readonly class GiteaRegistryService $owner = $parts[1]; $package = implode('/', \array_slice($parts, 2)); + $bearerToken = $this->getBearerToken($owner, $package); + $url = sprintf('%s/v2/%s/%s/tags/list', $this->giteaApiUrl, $owner, $package); $response = $this->httpClient->request('GET', $url, [ 'headers' => [ - 'Authorization' => sprintf('token %s', $this->giteaApiToken), + 'Authorization' => sprintf('Bearer %s', $bearerToken), ], 'timeout' => 10, ]); @@ -69,4 +71,23 @@ final readonly class GiteaRegistryService return $tags; } + + private function getBearerToken(string $owner, string $package): string + { + $tokenUrl = sprintf( + '%s/v2/token?service=container_registry&scope=repository:%s/%s:pull', + $this->giteaApiUrl, + $owner, + $package, + ); + + $response = $this->httpClient->request('GET', $tokenUrl, [ + 'auth_basic' => [$this->giteaApiToken, ''], + 'timeout' => 10, + ]); + + $data = $response->toArray(); + + return $data['token'] ?? throw new \RuntimeException('Failed to obtain bearer token from Gitea registry.'); + } }