Skip to content
Latchkey

tea login: Authenticate the Gitea CLI in CI

tea login add registers a Gitea host and token so subsequent tea commands can talk to your instance.

tea is the CLI for Gitea and Forgejo. Because these are usually self-hosted, tea always needs an explicit instance URL plus an access token before pr or issue commands work.

What it does

tea login add stores a named login: a Gitea instance URL and an access token. tea login list shows configured logins and tea login default sets which one commands use when --login is omitted.

Common usage

Terminal
# non-interactive token login for a self-hosted Gitea
tea login add --name ci --url https://gitea.example.com --token "$GITEA_TOKEN"
tea login default ci
# verify
tea login list

Options

FlagWhat it does
--name <name>A label for this login (referenced by --login later)
--url <url>The Gitea/Forgejo instance base URL
--token <token>API access token (non-interactive)
--user / --passwordBasic-auth alternative (avoid in CI)
--insecureSkip TLS verification (self-signed instances)
--ssh-key <path>Associate an SSH key with the login

In CI

Use --token with a Gitea access token, never --user/--password. tea persists logins in ~/.config/tea/config.yml, so on ephemeral runners run tea login add every job or bake the config in. For self-signed test instances add --insecure rather than disabling TLS globally.

Common errors in CI

"Error: token is required" or "could not detect base url" means --token or --url was omitted. "Post \"https://.../api/v1/...\": x509: certificate signed by unknown authority" on a self-signed host is fixed with --insecure or a trusted CA. "401 Unauthorized" means the token is wrong or revoked. "unknown login" from a later command means the --login name does not match one added here.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →