hyperhive/scripts/forge-create-token.sh

#!/usr/bin/env bash
# Mint a Forgejo access token for an existing user.
#
# Usage: forge-create-token.sh <username> [--name <label>] [--scopes <csv>]
#
# Defaults:
#   --name   = local-<timestamp>
#   --scopes = all
#
# Prints the token to stdout — feed it to `forge-login.sh` or paste
# into tea / .netrc. Forgejo only shows the token once, so capture it.
set -euo pipefail

if [ $# -lt 1 ]; then
  echo "usage: $0 <username> [--name <label>] [--scopes <csv>]" >&2
  exit 2
fi

username="$1"; shift
name="local-$(date +%s)"
scopes="all"

while [ $# -gt 0 ]; do
  case "$1" in
    --name)   name="$2"; shift 2 ;;
    --scopes) scopes="$2"; shift 2 ;;
    *) echo "unknown arg: $1" >&2; exit 2 ;;
  esac
done

sudo nixos-container run hive-forge -- runuser -u forgejo -- \
  forgejo --work-path /var/lib/forgejo admin user generate-access-token \
    --username "$username" \
    --token-name "$name" \
    --scopes "$scopes"