bot_bottle/git_gate.py

@@ -390,11 +390,11 @@ def _provision_dynamic_key(
     can inject it into the GitGateUpstream as `identity_file`."""
     from .deploy_key_provisioner import get_provisioner
     pk = entry.Key
-    token = os.environ.get(pk.provisioner_token)
+    token = os.environ.get(pk.forge_token_env)
     if token is None:
         raise RuntimeError(
-            f"git-gate.repos[{entry.Name!r}] key.provisioner_token"
-            f" = {pk.provisioner_token!r}: env var is not set"
+            f"git-gate.repos[{entry.Name!r}] key.forge_token_env"
+            f" = {pk.forge_token_env!r}: env var is not set"
         )
     api_url = pk.api_url or f"https://{entry.UpstreamHost}"
     provisioner = get_provisioner(pk.provider, token, api_url)
@@ -434,11 +434,11 @@ def revoke_git_gate_provisioned_keys(bottle: ManifestBottle, stage_dir: Path) ->
         if not id_file.exists():
             continue
         key_id = id_file.read_text().strip()
-        token = os.environ.get(pk.provisioner_token)
+        token = os.environ.get(pk.forge_token_env)
         if token is None:
             raise RuntimeError(
-                f"git-gate.repos[{entry.Name!r}] key.provisioner_token"
-                f" = {pk.provisioner_token!r}: env var is not set;"
+                f"git-gate.repos[{entry.Name!r}] key.forge_token_env"
+                f" = {pk.forge_token_env!r}: env var is not set;"
                 f" cannot revoke deploy key {key_id}"
             )
         api_url = pk.api_url or f"https://{entry.UpstreamHost}"

bot_bottle/manifest_git.py

@@ -78,14 +78,14 @@ class ManifestKeyConfig:
 
     For `static`: `path` is the host-side absolute path to the SSH private key.
 
-    For `gitea`: `provisioner_token` is the name of a host-side env var
+    For `gitea`: `forge_token_env` is the name of a host-side env var
     carrying the Gitea API token; the value is read at provision time,
     never stored on the plan. `api_url` is the forge's HTTP API root; if
     empty, it is derived from the upstream URL's host at provision time."""
 
     provider: str
     path: str = ""
-    provisioner_token: str = ""
+    forge_token_env: str = ""
     api_url: str = ""
 
 
@@ -212,16 +212,16 @@ def _parse_key_config(
 
     # provider == "gitea"
     for k in d:
-        if k not in {"provider", "provisioner_token", "api_url"}:
+        if k not in {"provider", "forge_token_env", "api_url"}:
             raise ManifestError(
                 f"bottle '{bottle_name}' {label}.key has unknown key {k!r} "
-                f"for provider 'gitea'; allowed: provider, provisioner_token, api_url"
+                f"for provider 'gitea'; allowed: provider, forge_token_env, api_url"
             )
-    provisioner_token = d.get("provisioner_token")
-    if not isinstance(provisioner_token, str) or not provisioner_token:
+    forge_token_env = d.get("forge_token_env")
+    if not isinstance(forge_token_env, str) or not forge_token_env:
         raise ManifestError(
             f"bottle '{bottle_name}' {label}.key missing required "
-            f"string field 'provisioner_token' for provider 'gitea'"
+            f"string field 'forge_token_env' for provider 'gitea'"
         )
     api_url_raw = d.get("api_url", "")
     if not isinstance(api_url_raw, str):
@@ -230,7 +230,7 @@ def _parse_key_config(
         )
     return ManifestKeyConfig(
         provider=provider,
-        provisioner_token=provisioner_token,
+        forge_token_env=forge_token_env,
         api_url=api_url_raw,
     )
 

tests/unit/test_manifest_git.py

@@ -296,14 +296,14 @@ class TestGiteaKey(unittest.TestCase):
                 "url": "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git",
                 "key": {
                     "provider": "gitea",
-                    "provisioner_token": "GITEA_TOKEN",
+                    "forge_token_env": "GITEA_TOKEN",
                 },
             },
         }))
         e = m.bottles["dev"].git[0]
         self.assertEqual("bot-bottle", e.Name)
         self.assertEqual("gitea", e.Key.provider)
-        self.assertEqual("GITEA_TOKEN", e.Key.provisioner_token)
+        self.assertEqual("GITEA_TOKEN", e.Key.forge_token_env)
         self.assertEqual("", e.Key.api_url)
         self.assertEqual("", e.IdentityFile)
 
@@ -313,7 +313,7 @@ class TestGiteaKey(unittest.TestCase):
                 "url": "ssh://git@gitea.example.com/org/repo.git",
                 "key": {
                     "provider": "gitea",
-                    "provisioner_token": "MY_TOKEN",
+                    "forge_token_env": "MY_TOKEN",
                     "api_url": "https://gitea.example.com",
                 },
             },
@@ -324,12 +324,12 @@ class TestGiteaKey(unittest.TestCase):
         m = Manifest.from_json_obj(_manifest({
             "foo": {
                 "url": "ssh://git@github.com/didericis/foo.git",
-                "key": {"provider": "gitea", "provisioner_token": "T"},
+                "key": {"provider": "gitea", "forge_token_env": "T"},
             },
         }))
         self.assertEqual("", m.bottles["dev"].git[0].IdentityFile)
 
-    def test_gitea_key_missing_provisioner_token_dies(self):
+    def test_gitea_key_missing_forge_token_env_dies(self):
         with self.assertRaises(ManifestError):
             Manifest.from_json_obj(_manifest({
                 "foo": {
@@ -345,7 +345,7 @@ class TestGiteaKey(unittest.TestCase):
                     "url": "ssh://git@github.com/foo.git",
                     "key": {
                         "provider": "gitea",
-                        "provisioner_token": "T",
+                        "forge_token_env": "T",
                         "key_type": "rsa",  # not allowed
                     },
                 },