ci: harden workflow dedup and badge gating

.gitea/workflows/push-validation.yml

@@ -27,18 +27,18 @@ jobs:
           SERVER_URL: ${{ github.server_url }}
           TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          set -euo pipefail
+          set -eu
 
           api_url="${SERVER_URL}/api/v1/repos/${REPOSITORY}/pulls?state=open&head=${OWNER}:${BRANCH}"
-          auth_args=()
-          if [[ -n "${TOKEN:-}" ]]; then
-            auth_args=(-H "Authorization: token ${TOKEN}")
+          if [ -n "${TOKEN:-}" ]; then
+            response="$(curl -fsSL -H "Authorization: token ${TOKEN}" -H "accept: application/json" "$api_url" || echo '[]')"
+          else
+            response="$(curl -fsSL -H "accept: application/json" "$api_url" || echo '[]')"
           fi
 
-          response="$(curl -fsSL "${auth_args[@]}" -H 'accept: application/json' "$api_url" || echo '[]')"
           open_prs="$(printf '%s' "$response" | grep -o '"number":[0-9]\+' | wc -l | tr -d ' ')"
 
-          if [[ "$open_prs" -gt 0 ]]; then
+          if [ "$open_prs" -gt 0 ]; then
             echo "should_run=false" >> "$GITHUB_OUTPUT"
             echo "Open PR detected for ${OWNER}:${BRANCH}; skipping push validation." >> "$GITHUB_STEP_SUMMARY"
           else