try to fix

nychiang · nychiang · commit a09520705da3 · 2025-09-30T23:54:32.000-07:00
diff --git a/.github/workflows/spack_build.yml b/.github/workflows/spack_build.yml
@@ -1,4 +1,3 @@
-# https://spack.readthedocs.io/en/latest/binary_caches.html#spack-build-cache-for-github-actions
 name: Spack Builds (Ubuntu x86_64 Buildcache)
 
 on: [pull_request]
@@ -29,7 +28,6 @@ jobs:
         uses: warjiang/setup-skopeo@v0.1.3
         with:
           version: latest
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       # Use skopeo to check for image for convenience
       - name: Check for existing base images
@@ -44,8 +42,6 @@ jobs:
               --creds "${{ env.USERNAME }}:${{ secrets.GITHUB_TOKEN }}" \
             > /dev/null && echo "Image already exists. Please bump version." && exit 0
           echo "IMAGE_EXISTS=false" >> $GITHUB_ENV
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       # Need to build custom base image with gfortran
       - name: Create Dockerfile heredoc
@@ -67,8 +63,6 @@ jobs:
                 libstdc++6 \
               && rm -rf /var/lib/apt/lists/*
           EOF
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       # https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
       - name: Log in to the Container registry
@@ -77,7 +71,6 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ env.USERNAME }}
           password: ${{ secrets.GITHUB_TOKEN }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         if: ${{ env.IMAGE_EXISTS == 'false' }}
@@ -86,7 +79,6 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           labels: org.opencontainers.image.version=${{ env.BASE_VERSION }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push Docker base image
         if: ${{ env.IMAGE_EXISTS == 'false' }}
@@ -96,7 +88,6 @@ jobs:
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BASE_VERSION }}
           labels: ${{ steps.meta.outputs.labels }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
   hiop_spack_builds:
     needs: base_image_build
@@ -127,17 +118,12 @@ jobs:
           # Once we move submodule deps into spack, we can do some more builds
           # Also need to change build script to use spack from base image
           submodules: true
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Clone Spack
         run: git clone https://github.com/spack/spack.git
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Spack
         run: echo "$PWD/spack/bin" >> "$GITHUB_PATH"
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create heredoc spack.yaml
         run: |
@@ -172,45 +158,29 @@ jobs:
                 # Building OpenSSL was causing errors
                 require: "~openssl"
           EOF
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Configure GHCR mirror
         run: spack -e . mirror set --oci-username ${{ env.USERNAME }} --oci-password "${{ secrets.GITHUB_TOKEN }}" local-buildcache
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Trust keys
         run: spack -e . buildcache keys --install --trust
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Find external packages
         run: spack -e . external find --all --exclude python --exclude curl --exclude openssl
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Spack develop HiOp
         run: spack -e . develop --path=$(pwd) hiop@git."${{ github.head_ref || github.ref_name }}"=develop
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Concretize
         run: spack -e . concretize --fresh
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Dependencies
         run: spack -e . install --no-check-signature --fail-fast --show-log-on-error --verbose --only dependencies
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install HiOp
         run: |
           ls -al
           spack -d -e . install  --keep-stage --verbose --show-log-on-error --only package --no-cache
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Test Build
         run: |
@@ -220,12 +190,24 @@ jobs:
           source env.txt || true
           cd $(spack -e . location --build-dir hiop@develop)
           ctest -VV
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Push binaries to buildcache
-        run: |
-          spack -e . buildcache push --force --base-image ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BASE_VERSION }} --unsigned --update-index local-buildcache
         if: ${{ !cancelled() }}
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          # What Spack’s example expects
+          GITHUB_USER: ${{ env.USERNAME }}          # e.g. hiop-bot
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # packages: write perms
+        run: |
+          # Ensure the mirror uses these env var names for auth (idempotent)
+          spack -e . mirror set \
+            --oci-username-variable GITHUB_USER \
+            --oci-password-variable GITHUB_TOKEN \
+            local-buildcache
+
+          # Push (NO username/password flags here!)
+          spack -e . buildcache push \
+            --force \
+            --base-image ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BASE_VERSION }} \
+            --unsigned \
+            --update-index \
+            local-buildcache
