ashwin/nxtgauge-admin-solid
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(ci): add preflight token check and static secret usage

Browse source
This commit is contained in:
Tracewebstudio Dev 2026-04-30 21:36:42 +02:00
parent 66922b06d4
commit c6cd1a0ef3
1 changed files with 17 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
.github/workflows/sync-to-gitea.yml vendored
View file

@ -16,41 +16,40 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Preflight token check
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: |
set -euo pipefail
echo "actor=${GITHUB_ACTOR} repo=${GITHUB_REPOSITORY} ref=${GITHUB_REF_NAME}"
test -n "${GITEA_TOKEN:-}" || (echo "GITEA_TOKEN is empty" && exit 1)
echo "token_len=${#GITEA_TOKEN}"
curl -fsS -H "Authorization: token ${GITEA_TOKEN}" https://ci.nxtgauge.com/api/v1/user >/dev/null
- name: Sync to Gitea - name: Sync to Gitea
env: env:
GITEA_TOKEN_PRIMARY: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITEA_TOKEN_FALLBACK: ${{ secrets.GITEA_SECRET }}
GITEA_USERNAME: ${{ secrets.GITEA_USERNAME }} GITEA_USERNAME: ${{ secrets.GITEA_USERNAME }}
REPO: ${{ github.event.repository.name }} REPO: ${{ github.event.repository.name }}
BRANCH: ${{ github.ref_name }} BRANCH: ${{ github.ref_name }}
run: | run: |
set -euo pipefail set -euo pipefail
GITEA_TOKEN="${GITEA_TOKEN_PRIMARY:-${GITEA_TOKEN_FALLBACK:-}}" test -n "${GITEA_TOKEN:-}" || (echo "GITEA_TOKEN is empty" && exit 1)
if [ -z "${GITEA_TOKEN}" ]; then test -n "${GITEA_USERNAME:-}" || (echo "GITEA_USERNAME is empty" && exit 1)
echo "Missing token secret: set GITEA_TOKEN (preferred) or GITEA_SECRET"
exit 1
fi
git config user.name "github-actions[bot]" git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com" git config user.email "github-actions[bot]@users.noreply.github.com"
GITEA_USER="$(curl -fsS -H "Authorization: token ${GITEA_TOKEN}" https://ci.nxtgauge.com/api/v1/user 2>/dev/null | jq -r '.login // empty' || true)" TARGET_URL="https://${GITEA_USERNAME}:${GITEA_TOKEN}@ci.nxtgauge.com/Admin/${REPO}.git"
if [ -z "$GITEA_USER" ]; then
GITEA_USER="${GITEA_USERNAME:-Admin}"
fi
TARGET="https://ci.nxtgauge.com/Admin/${REPO}.git"
AUTH="$(printf '%s' "${GITEA_USER}:${GITEA_TOKEN}" | base64 | tr -d '\n')"
AUTH_URL="https://${GITEA_USER}:${GITEA_TOKEN}@ci.nxtgauge.com/Admin/${REPO}.git"
echo "Using Gitea user: ${GITEA_USER}" echo "Using Gitea user: ${GITEA_USERNAME}"
echo "Sync target: Admin/${REPO}.git" echo "Sync target: Admin/${REPO}.git"
curl -fsS -H "Authorization: Basic ${AUTH}" "${TARGET}/info/refs?service=git-receive-pack" >/dev/null git ls-remote "${TARGET_URL}" >/dev/null
git ls-remote "${AUTH_URL}" >/dev/null
git remote remove gitea 2>/dev/null || true git remote remove gitea 2>/dev/null || true
git remote add gitea "${AUTH_URL}" git remote add gitea "${TARGET_URL}"
git push gitea "HEAD:${BRANCH}" --force git push gitea "HEAD:${BRANCH}" --force
git push gitea --tags --force git push gitea --tags --force