Commit d628ddc - fangorn/ex_git_objectstore


      fangorn/ex_git_objectstore

public

ref:d628ddcab8e6081f5eb58d2a91c16f10add8ff35

ci: push tag via ANVIL_TOKEN URL, not clone-token origin

The runner clones via an auto-embedded clone token in origin. That token is legacy-read-only per git_http_controller — `git push origin` always returns 401, which is exactly what the last release run showed: fatal: Authentication failed for 'https://anvil.fangorn.io/fangorn/ex_git_objectstore.git/' With fangorn/anvil#59 merged, job API tokens (ANVIL_TOKEN env var) can push via git HTTP when the repo has `contents: :write` granted. Push via an explicit URL that embeds `$ANVIL_TOKEN` as the Basic auth password, instead of the clone-token URL baked into origin. ## Prerequisites - fangorn/anvil#59 must be merged and deployed - `contents: :write` must be granted on this repo (already done) ## After this lands Next push to main runs the release step, `git push` authenticates via the API token, tag `2026.4.1` lands, the release is published with the `blob_sizes/3` commit from #22 finally shipped. Refs: fangorn/anvil#46, fangorn/anvil#57, fangorn/anvil#59 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

SHA: d628ddcab8e6081f5eb58d2a91c16f10add8ff35

Author: Cole Christensen <cole.christensen@macmillan.com>

Date: 2026-04-13 23:41

Parents: 29413b3

1 files changed +8 -2

Type

Type
	.anvil.yml	+8 −2
@@ -136,9 +136,15 @@ --title "ExGitObjectstore $VERSION" \ --body "$CHANGELOG" # Tag and push # Tag and push. The runner clones via an auto-embedded clone # token in origin, which only has read access — `git push origin` # would 401. Push via an explicit URL that embeds the job API # token (ANVIL_TOKEN) so auth goes through the repo's # contents:write scope (see fangorn/anvil#46 / #59). git tag "$VERSION" git push \ "https://x-token:${ANVIL_TOKEN}@anvil.fangorn.io/fangorn/ex_git_objectstore.git" \ git push origin "$VERSION" "$VERSION" echo "Released $VERSION" depends_on: [compile, format, dialyzer, test]

.anvil.yml

+8 −2

@@ -136,9 +136,15 @@
        --title "ExGitObjectstore $VERSION" \
        --body "$CHANGELOG"
      # Tag and push
      # Tag and push. The runner clones via an auto-embedded clone
      # token in origin, which only has read access — `git push origin`
      # would 401. Push via an explicit URL that embeds the job API
      # token (ANVIL_TOKEN) so auth goes through the repo's
      # contents:write scope (see fangorn/anvil#46 / #59).
      git tag "$VERSION"
      git push \
        "https://x-token:${ANVIL_TOKEN}@anvil.fangorn.io/fangorn/ex_git_objectstore.git" \
      git push origin "$VERSION"
        "$VERSION"
      echo "Released $VERSION"
    depends_on: [compile, format, dialyzer, test]