From a2e78b8fbde8ccfbe6e7c811ad967a3a49358bc9 Mon Sep 17 00:00:00 2001
From: Fadhli Azhari <fadhli@kollect.biz>
Date: Thu, 14 May 2026 09:45:39 +0800
Subject: [PATCH] fix(ci): harbor login mangled username and added newline to
 password
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pass HARBOR_USERNAME/HARBOR_PASSWORD via env: instead of inlining
${{ secrets.* }} directly into the shell — bash was expanding the `$`
in the robot username (e.g. `robot$kollect-tools+...` lost the
`$kollect-tools` segment). Switched echo to printf to avoid appending a
newline to --password-stdin.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/build-and-push.yaml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/build-and-push.yaml b/.gitea/workflows/build-and-push.yaml
index 8b137cf..e129b63 100644
--- a/.gitea/workflows/build-and-push.yaml
+++ b/.gitea/workflows/build-and-push.yaml
@@ -67,10 +67,17 @@ jobs:
           echo "tag_latest=${IMAGE_NAME}:latest" >> "$GITHUB_OUTPUT"
 
       - name: Login to Harbor
+        # Pass secrets via env (not ${{ }} inlining) so shell quoting can't
+        # mangle them — e.g. a literal `$` in the robot username would be
+        # expanded by bash if inlined inside double quotes. printf (not echo)
+        # avoids appending a newline to the password sent to --password-stdin.
+        env:
+          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
+          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
         run: |
-          echo "${{ secrets.HARBOR_PASSWORD }}" \
-            | docker login "${{ env.HARBOR_REGISTRY }}" \
-                -u "${{ secrets.HARBOR_USERNAME }}" \
+          printf '%s' "$HARBOR_PASSWORD" \
+            | docker login "$HARBOR_REGISTRY" \
+                -u "$HARBOR_USERNAME" \
                 --password-stdin
 
       - name: Build image