From 662d1a3b8f70b3d466ca1084bb67b7803a7b6bf4 Mon Sep 17 00:00:00 2001
From: Alexis Bruneteau <alex@sortifal.dev>
Date: Wed, 1 Oct 2025 18:45:29 +0200
Subject: [PATCH] Configure DVC credentials explicitly in CI/CD pipeline
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

DVC needs credentials to be configured via 'dvc remote modify' command
rather than just environment variables. This fixes 403 Forbidden errors
when accessing MinIO/S3 storage.

Changes:
- Added dvc remote modify commands to set access_key_id and secret_access_key
- Applied to both pull and push operations in test and train jobs
- Added .dvc/config.local to .gitignore to prevent credential leaks

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .gitea/workflows/mlops-pipeline.yml | 6 ++++++
 .gitignore                          | 1 +
 2 files changed, 7 insertions(+)

diff --git a/.gitea/workflows/mlops-pipeline.yml b/.gitea/workflows/mlops-pipeline.yml
index e53233d..2e2da7e 100644
--- a/.gitea/workflows/mlops-pipeline.yml
+++ b/.gitea/workflows/mlops-pipeline.yml
@@ -35,6 +35,8 @@ jobs:
 
       - name: Setup DVC
         run: |
+          poetry run dvc remote modify minio access_key_id $AWS_ACCESS_KEY_ID
+          poetry run dvc remote modify minio secret_access_key $AWS_SECRET_ACCESS_KEY
           poetry run dvc remote list
           poetry run dvc pull || echo "DVC pull failed, continuing..."
         env:
@@ -79,6 +81,8 @@ jobs:
 
       - name: Setup DVC
         run: |
+          poetry run dvc remote modify minio access_key_id $AWS_ACCESS_KEY_ID
+          poetry run dvc remote modify minio secret_access_key $AWS_SECRET_ACCESS_KEY
           poetry run dvc remote list
           poetry run dvc pull || echo "DVC pull failed, continuing..."
         env:
@@ -94,6 +98,8 @@ jobs:
 
       - name: Push DVC changes
         run: |
+          poetry run dvc remote modify minio access_key_id $AWS_ACCESS_KEY_ID
+          poetry run dvc remote modify minio secret_access_key $AWS_SECRET_ACCESS_KEY
           poetry run dvc push || echo "DVC push failed, continuing..."
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.DVC_ID }}
diff --git a/.gitignore b/.gitignore
index fa15de9..9ff9516 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ data/raw/*
 data/processed/*
 models/*.pkl
 .dvc/cache
+.dvc/config.local