From bed8e93b5d9d796299288846be555156ffe1aed3 Mon Sep 17 00:00:00 2001
From: Jan Novak <jan.novak@livesport.eu>
Date: Sun, 1 Mar 2026 23:17:42 +0100
Subject: [PATCH] ci: fix unbound variable error for OIDC vars on stock Gitea

Use ${VAR:-} default-empty syntax so set -u doesn't abort when
ACTIONS_ID_TOKEN_REQUEST_TOKEN/URL are absent (stock Gitea runners
don't set them).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/kubernetes-deploy.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/kubernetes-deploy.yaml b/.gitea/workflows/kubernetes-deploy.yaml
index c4beec2..283e85e 100644
--- a/.gitea/workflows/kubernetes-deploy.yaml
+++ b/.gitea/workflows/kubernetes-deploy.yaml
@@ -14,9 +14,9 @@ jobs:
       - name: Get Vault token
         run: |
           set -euxo pipefail
-          
-          IDTOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
-            "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://vault.hrajfrisbee.cz/")
+
+          IDTOKEN=$(curl -sS -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" \
+            "${ACTIONS_ID_TOKEN_REQUEST_URL:-}&audience=https://vault.hrajfrisbee.cz/")
           
           TOKEN=$(echo "$IDTOKEN" | jq -r '.value')
           
@@ -32,8 +32,8 @@ jobs:
           env | sort
           echo ""
           echo "=== ID Token (decoded) ==="
-          IDTOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
-            "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://vault.hrajfrisbee.cz/")
+          IDTOKEN=$(curl -sS -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" \
+            "${ACTIONS_ID_TOKEN_REQUEST_URL:-}&audience=https://vault.hrajfrisbee.cz/")
           echo "$IDTOKEN" | jq -r '.value' | cut -d. -f2 | base64 -d 2>/dev/null | jq .
 
       - name: Read secret from Vault