From eabd59e9452463a848d8ee9c64a1b81f99b6a35f Mon Sep 17 00:00:00 2001
From: MrUnknownDE <me@johanneskr.de>
Date: Tue, 23 Sep 2025 19:38:20 +0200
Subject: [PATCH] add token secret

---
 .github/workflows/docker-build-push.yml | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
index c8f2f6d..f076cfd 100644
--- a/.github/workflows/docker-build-push.yml
+++ b/.github/workflows/docker-build-push.yml
@@ -8,23 +8,20 @@ on:
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
-    # DIESER BLOCK IST ENTSCHEIDEND - er wird aber von den Repo-Settings überschrieben, wenn diese zu restriktiv sind.
-    permissions:
-      contents: read
-      packages: write # Notwendig, um in die GHCR zu pushen
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0 
+          fetch-depth: 0 # Notwendig, um den Git-Hash zu bekommen
 
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          # Verwendet Ihr dediziertes Secret für die Authentifizierung
+          password: ${{ secrets.GHC_PUSH }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -43,7 +40,7 @@ jobs:
       - name: Build images using compose.build.yml
         env:
           GIT_COMMIT_SHA: ${{ steps.git_sha.outputs.sha }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }} # Sentry DSN als Secret übergeben
         run: |
           docker compose -f compose.build.yml build