debug: deeper Coolify token diagnostics

Add hex dump of token prefix to check for hidden characters,
and try curl --oauth2-bearer as alternative auth method.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/ci.yml

@@ -59,16 +59,24 @@ jobs:
           COOLIFY_WEBHOOK: ${{ vars.COOLIFY_WEBHOOK }}
         run: |
           echo "Token length: ${#COOLIFY_TOKEN}"
-          echo "Token contains pipe: $(echo "${COOLIFY_TOKEN}" | grep -c '|')"
+          echo "Token first 3 chars: $(printf '%.3s' "${COOLIFY_TOKEN}")"
+          echo "Token hex (first 20 bytes):"
+          printf '%s' "${COOLIFY_TOKEN}" | od -A x -t x1z -N 20
           echo "Webhook URL: ${COOLIFY_WEBHOOK}"
+          echo "--- Attempt 1: manual Bearer header ---"
           RESPONSE=$(curl -s -w '\n%{http_code}' -X GET "${COOLIFY_WEBHOOK}" \
             -H "Authorization: Bearer ${COOLIFY_TOKEN}")
           STATUS=$(echo "$RESPONSE" | tail -1)
           BODY=$(echo "$RESPONSE" | sed '$d')
-          echo "Coolify deploy response: HTTP ${STATUS}"
-          echo "Response body: ${BODY}"
-          if [ "$STATUS" -ge 400 ]; then
-            echo "::error::Coolify deploy failed with HTTP ${STATUS} - ${BODY}"
+          echo "HTTP ${STATUS} - ${BODY}"
+          echo "--- Attempt 2: curl --oauth2-bearer ---"
+          RESPONSE2=$(curl -s -w '\n%{http_code}' -X GET "${COOLIFY_WEBHOOK}" \
+            --oauth2-bearer "${COOLIFY_TOKEN}")
+          STATUS2=$(echo "$RESPONSE2" | tail -1)
+          BODY2=$(echo "$RESPONSE2" | sed '$d')
+          echo "HTTP ${STATUS2} - ${BODY2}"
+          if [ "$STATUS" -ge 400 ] && [ "$STATUS2" -ge 400 ]; then
+            echo "::error::Coolify deploy failed - both attempts returned errors"
             exit 1
           fi