diff --git a/tests/timmy_automations/test_health_snapshot.py b/tests/timmy_automations/test_health_snapshot.py index 2cc2cb1c..cc660014 100644 --- a/tests/timmy_automations/test_health_snapshot.py +++ b/tests/timmy_automations/test_health_snapshot.py @@ -60,8 +60,17 @@ class TestGetToken: assert token == "file-token-456" - def test_returns_none_when_no_token(self): + def test_returns_none_when_no_token(self, monkeypatch): """Return None when no token available.""" + # Prevent repo-root .timmy_gitea_token fallback from leaking real token + _orig_exists = Path.exists + + def _exists_no_timmy(self): + if self.name == ".timmy_gitea_token": + return False + return _orig_exists(self) + + monkeypatch.setattr(Path, "exists", _exists_no_timmy) config = {"token_file": "/nonexistent/path"} token = hs.get_token(config) diff --git a/timmy_automations/daily_run/health_snapshot.py b/timmy_automations/daily_run/health_snapshot.py index dbcc44cb..216dcf74 100755 --- a/timmy_automations/daily_run/health_snapshot.py +++ b/timmy_automations/daily_run/health_snapshot.py @@ -53,21 +53,26 @@ def load_config() -> dict: def get_token(config: dict) -> str | None: - """Get Gitea token from environment or file.""" + """Get Gitea token from environment or file. + + Priority: config["token"] > config["token_file"] > .timmy_gitea_token + """ if "token" in config: return config["token"] - - # Try timmy's token file + + # Explicit token_file from config takes priority + token_file_str = config.get("token_file", "") + if token_file_str: + token_file = Path(token_file_str) + if token_file.exists(): + return token_file.read_text().strip() + + # Fallback: repo-root .timmy_gitea_token repo_root = Path(__file__).resolve().parent.parent.parent timmy_token_path = repo_root / ".timmy_gitea_token" if timmy_token_path.exists(): return timmy_token_path.read_text().strip() - - # Fallback to legacy token file - token_file = Path(config["token_file"]).expanduser() - if token_file.exists(): - return token_file.read_text().strip() - + return None