fix: remove duplicate environment gate from merge-docker job

Move DOCKERHUB_USERNAME from vars to secrets so merge-docker can access credentials without its own environment scope. This eliminates the redundant double approval since build-docker already gates on release-publish.
2026-05-21 00:14:58 +02:00 · 2026-03-17 03:47:05 +05:30
parent ea7c74f33b
commit 955eae5d65
2 changed files with 6 additions and 7 deletions
@@ -83,7 +83,7 @@ jobs:
      - name: Log in to Docker Hub
        uses: docker/login-action@v4
        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build and push by digest
@@ -114,7 +114,6 @@ jobs:
    name: Push Docker manifests
    needs: [preflight, build-docker]
    runs-on: ubuntu-latest
-    environment: release-publish
    permissions:
      contents: read
      id-token: write
@@ -135,7 +134,7 @@ jobs:
      - name: Log in to Docker Hub
        uses: docker/login-action@v4
        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Create manifest list and push
@@ -69,7 +69,7 @@ jobs:

      - name: Show current npm dist-tags
        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_ROLLBACK_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: npm dist-tag ls @keygraph/shannon

      - name: Set up Docker Buildx
@@ -78,7 +78,7 @@ jobs:
      - name: Log in to Docker Hub
        uses: docker/login-action@v4
        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Verify Docker image tag exists
@@ -102,7 +102,7 @@ jobs:

      - name: Move npm latest
        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_ROLLBACK_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: npm dist-tag add "@keygraph/shannon@${{ steps.target.outputs.version }}" latest

      - name: Mark GitHub release as latest
@@ -112,7 +112,7 @@ jobs:

      - name: Show final npm dist-tags
        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_ROLLBACK_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: npm dist-tag ls @keygraph/shannon

      - name: Verify Docker latest now points to target