fix(ci): enforce Admin basic auth sync flow

2026-04-30 22:03:23 +02:00 · 2026-04-30 22:03:23 +02:00 · b8f87e5a51
commit b8f87e5a51
parent c87d96e6be
1 changed files with 12 additions and 26 deletions
--- a/.github/workflows/sync-to-gitea.yml
+++ b/.github/workflows/sync-to-gitea.yml
@ -16,41 +16,27 @@ jobs:
        with:
          fetch-depth: 0

-      - name: Preflight token check
-        env:
-          GITEA_TOKEN: ${{ secrets.GITEA_SECRET }}
-        run: |
-          set -euo pipefail
-          echo "actor=${GITHUB_ACTOR} repo=${GITHUB_REPOSITORY} ref=${GITHUB_REF_NAME}"
-          test -n "${GITEA_TOKEN:-}" || (echo "GITEA_TOKEN is empty" && exit 1)
-          echo "token_len=${#GITEA_TOKEN}"
-          curl -fsS -H "Authorization: token ${GITEA_TOKEN}" https://ci.nxtgauge.com/api/v1/user >/dev/null
-
      - name: Sync to Gitea
        env:
-          GITEA_TOKEN: ${{ secrets.GITEA_SECRET }}
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
          REPO: ${{ github.event.repository.name }}
          BRANCH: ${{ github.ref_name }}
        run: |
          set -euo pipefail
+          export GIT_TERMINAL_PROMPT=0

-          test -n "${GITEA_TOKEN:-}" || (echo "GITEA_TOKEN is empty" && exit 1)
+          USER="Admin"
+          TARGET="https://ci.nxtgauge.com/Admin/${REPO}.git"
+          AUTH="$(printf '%s' "${USER}:${GITEA_TOKEN}" | base64 -w0)"
+
+          test -n "${GITEA_TOKEN:-}" || (echo "GITEA_TOKEN empty" && exit 1)
+          curl -fsS -H "Authorization: token ${GITEA_TOKEN}" https://ci.nxtgauge.com/api/v1/user >/dev/null
+          curl -fsS -H "Authorization: Basic ${AUTH}" "${TARGET}/info/refs?service=git-receive-pack" >/dev/null

          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
-
-          GITEA_USER="$(curl -fsS -H "Authorization: token ${GITEA_TOKEN}" https://ci.nxtgauge.com/api/v1/user | jq -r '.login')"
-          test -n "${GITEA_USER:-}" || (echo "Unable to resolve Gitea token user" && exit 1)
-
-          TARGET_URL="https://${GITEA_USER}:${GITEA_TOKEN}@ci.nxtgauge.com/Admin/${REPO}.git"
-
-          echo "Using Gitea user: ${GITEA_USER}"
-          echo "Sync target: Admin/${REPO}.git"
-
-          git ls-remote "${TARGET_URL}" >/dev/null
-
          git remote remove gitea 2>/dev/null || true
-          git remote add gitea "${TARGET_URL}"
+          git remote add gitea "${TARGET}"

-          git push gitea "HEAD:${BRANCH}" --force
-          git push gitea --tags --force
+          git -c http.extraheader="Authorization: Basic ${AUTH}" push gitea "HEAD:${BRANCH}" --force
+          git -c http.extraheader="Authorization: Basic ${AUTH}" push gitea --tags --force