fix: fix: env.sh should not source .env inside containers — compose env is the source of truth (#378)

lib/env.sh

@@ -20,11 +20,9 @@ fi
 export DISINTO_LOG_DIR
 
 # Load secrets: prefer .env.enc (SOPS-encrypted), fall back to plaintext .env.
-# Always source .env — cron jobs inside the container do NOT inherit compose
-# env vars (FORGE_TOKEN, etc.). Only FORGE_URL is preserved across .env
-# sourcing because compose injects http://forgejo:3000 while .env has
-# http://localhost:3000. FORGE_TOKEN is NOT preserved so that refreshed
-# tokens in .env take effect immediately in running containers.
+# Inside containers (DISINTO_CONTAINER=1), compose environment is the source of truth.
+# On bare metal, .env/.env.enc is sourced to provide default values.
+if [ "${DISINTO_CONTAINER:-}" != "1" ]; then
   if [ -f "$FACTORY_ROOT/.env.enc" ] && command -v sops &>/dev/null; then
     set -a
     _saved_forge_url="${FORGE_URL:-}"
@@ -63,6 +61,7 @@ elif [ -f "$FACTORY_ROOT/.env" ]; then
     set +a
     [ -n "$_saved_forge_url" ] && export FORGE_URL="$_saved_forge_url"
   fi
+fi
 
 # Allow per-container token override (#375): .env sets the default FORGE_TOKEN
 # (dev-bot), then FORGE_TOKEN_OVERRIDE replaces it for containers that need a