feat: enhance pipeline token preparation for improved error handling and fallback mechanism

Author: KristjanESPERANTO

.github/workflows/container-build.yaml

@@ -29,14 +29,34 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Ensure pipeline token is configured
+      - name: Prepare pipeline token
+        env:
+          PIPELINE_GITHUB_TOKEN: ${{ secrets.PIPELINE_GITHUB_TOKEN }}
+          DEFAULT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           set -euo pipefail
-          if [ -z "${{ secrets.PIPELINE_GITHUB_TOKEN }}" ]; then
-            echo "Set the PIPELINE_GITHUB_TOKEN secret with a classic PAT that has at least public_repo scope." >&2
+          token="$PIPELINE_GITHUB_TOKEN"
+          source="PIPELINE_GITHUB_TOKEN"
+
+          if [ -z "$token" ]; then
+            token="$DEFAULT_GITHUB_TOKEN"
+            source="GITHUB_TOKEN"
+            echo "PIPELINE_GITHUB_TOKEN not set; falling back to workflow GITHUB_TOKEN (may hit rate limits)." >&2
+          fi
+
+          if [ -z "$token" ]; then
+            echo "No GitHub token available. Configure PIPELINE_GITHUB_TOKEN or rely on the default GITHUB_TOKEN." >&2
             exit 1
           fi
 
+          echo "::add-mask::$token"
+          {
+            echo "PIPELINE_BUILD_TOKEN=$token"
+            echo "PIPELINE_BUILD_TOKEN_SOURCE=$source"
+          } >> "$GITHUB_ENV"
+
+          echo "Using token source: $source"
+
       - name: Build and push image
         uses: docker/build-push-action@v6
         with:
@@ -45,5 +65,5 @@ jobs:
           push: true
           platforms: linux/amd64
           secrets: |
-            github_token=${{ secrets.PIPELINE_GITHUB_TOKEN }}
+            github_token=${{ env.PIPELINE_BUILD_TOKEN }}
           tags: ${{ env.IMAGE_TAG }}