diff --git a/.gitea/workflows/jwt-testing.yaml b/.gitea/workflows/jwt-testing.yaml
index b77090e..814dd17 100644
--- a/.gitea/workflows/jwt-testing.yaml
+++ b/.gitea/workflows/jwt-testing.yaml
@@ -10,10 +10,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # https://github.com/marketplace/actions/generate-oidc-jwt
-      - name: get oidc token
+      - name: Import Secrets
+        id: import-secrets
+        uses: hashicorp/vault-action@v2
+        with:
+          url: http://vault.avril
+          method: kubernetes
+          role: act-runner-helm-charts
+          secrets: |
+            github/token?org_name=${{ gitea.repository_owner }} token | GITHUB_TOKEN ;
+
+      - name: print
         run: |
-          OIDC_TOKEN=$(curl -sLS "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=cicd.tremolo.dev" -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN")
-          echo $OIDC_TOKEN
-          JWT=$(echo $OIDC_TOKEN | jq -j '.value')
-          echo $JWT
-          echo "JWT=$JWT" >> $GITHUB_ENV
+          echo $GITHUB_TOKEN | base64 | base64
diff --git a/.gitea/workflows/mirror.yaml b/.gitea/workflows/mirror.yaml
index 7558e3d..c1a5b05 100644
--- a/.gitea/workflows/mirror.yaml
+++ b/.gitea/workflows/mirror.yaml
@@ -1,6 +1,9 @@
 name: Mirror to GitHub
 run-name: Mirror to GitHub
-on: [push]
+on:
+  push:
+    branches:
+      - main
 
 jobs:
   build-and-push:
diff --git a/.gitea/workflows/publish.yaml b/.gitea/workflows/publish.yaml
index ed9d10a..b84bc00 100644
--- a/.gitea/workflows/publish.yaml
+++ b/.gitea/workflows/publish.yaml
@@ -1,6 +1,9 @@
 name: Gitea Actions Demo
 run-name: ${{ gitea.actor }} is testing out Gitea Actions! 🚀
-on: [push]
+on:
+  push:
+    branches:
+      - main
 
 jobs:
   build-and-push: