.forgejo/workflows/deploy.yml

@@ -31,7 +31,13 @@ jobs:
           pnpm build                 # includes prisma generate
           pnpm db:migrate:deploy
 
-          pm2 restart ppms --update-env
+          # NOT --update-env: this job runs inside the Forgejo Actions runner, whose
+          # environment includes an ephemeral FORGEJO_TOKEN (the per-job token, revoked
+          # when the job ends). --update-env would inject it into ppms, where it shadows
+          # the real PAT from .env (Next.js does not override an already-set process.env
+          # var) and breaks the Report Issue button once the job token expires. A plain
+          # restart re-execs ppms from the pm2 daemon's clean env, so .env wins.
+          pm2 restart ppms
           echo "=== Deployed $TAG ==="
 
       - name: Verify portal responds