From e9a624418b29067801ac7fae668abee7db8abaeb Mon Sep 17 00:00:00 2001
From: "Jonathan M. Waldrop" <relik107@gmail.com>
Date: Thu, 16 Nov 2023 09:57:48 -0600
Subject: [PATCH] rework secrets and continue debug

---
 .github/workflows/common_merge.yaml        |  5 ++++-
 .github/workflows/common_pull_request.yaml | 17 ++++++++++-------
 .github/workflows/merge.yaml               |  3 +--
 .github/workflows/pull_request.yaml        |  3 +--
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/common_merge.yaml b/.github/workflows/common_merge.yaml
index e2f7c1a..540e9dd 100644
--- a/.github/workflows/common_merge.yaml
+++ b/.github/workflows/common_merge.yaml
@@ -37,6 +37,9 @@ on:
       TAG_TOKEN:
         description: "Token used to bump the version tag"
         required: true
+      CONTAINER_REPO_TOKEN:
+        description: "Token to access Github Image Registry"
+        required: true
 
 jobs:
   # Bump the version tag
@@ -58,7 +61,7 @@ jobs:
       image: ghcr.io/nwchemex-project/nwx_buildenv:latest
       credentials:
         username: ${{ github.actor }}
-        password: ${{ secrets.github_token }}
+        password: ${{ secrets.CONTAINER_REPO_TOKEN }}
     steps:
       - uses: actions/checkout@v4
       # These next two steps will configure CMake if required
diff --git a/.github/workflows/common_pull_request.yaml b/.github/workflows/common_pull_request.yaml
index 1289ef6..346b65e 100644
--- a/.github/workflows/common_pull_request.yaml
+++ b/.github/workflows/common_pull_request.yaml
@@ -48,7 +48,10 @@ on:
     secrets:
       CMAIZE_GITHUB_TOKEN:
         description: "Token passed to CMaize"
-        required: false
+        required: true
+      CONTAINER_REPO_TOKEN:
+        description: "Token to access Github Image Registry"
+        required: true
 
 jobs:
   # Apply licensing and formatting, then push changes.
@@ -98,7 +101,7 @@ jobs:
       image: ghcr.io/nwchemex-project/nwx_buildenv:latest
       credentials:
         username: ${{ github.actor }}
-        password: ${{ secrets.github_token }}
+        password: ${{ secrets.CONTAINER_REPO_TOKEN }}
     strategy:
       matrix:
         compiler: ${{ fromJSON(inputs.compilers) }}
@@ -129,11 +132,11 @@ jobs:
     #   needs.license_and_format.outputs.made_changes == false &&
     #   inputs.doc_target != ''
     runs-on: ubuntu-latest
-    # container: 
-    #   image: ghcr.io/nwchemex-project/nwx_buildenv:latest
-    #   credentials:
-    #     username: ${{ github.actor }}
-    #     password: ${{ secrets.github_token }}
+    container: 
+      image: ghcr.io/nwchemex-project/nwx_buildenv:latest
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.CONTAINER_REPO_TOKEN }}
     steps:
       - run: |
           echo ${{ needs.license_and_format.outputs.made_changes }}
diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml
index e003269..0a046f5 100644
--- a/.github/workflows/merge.yaml
+++ b/.github/workflows/merge.yaml
@@ -26,5 +26,4 @@ jobs:
     with:
       doc_target: 'Sphinx'
       generate_module_docs: false
-    secrets:
-      TAG_TOKEN: ${{ secrets.TAG_TOKEN }}
+    secrets: inherit
diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 5c311a7..f198e29 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -28,5 +28,4 @@ jobs:
       source_dir: ''
       compilers: ''
       doc_target: 'Sphinx'
-    secrets:
-      CMAIZE_GITHUB_TOKEN: ${{ secrets.CMAIZE_GITHUB_TOKEN }}
+    secrets: inherit