From b2838ba32ad728c16e853440a742e8653b8f63f3 Mon Sep 17 00:00:00 2001
From: Tracewebstudio Dev <dev@tracewebstudio.com>
Date: Thu, 30 Apr 2026 20:45:49 +0200
Subject: [PATCH] fix(ci): hardcode admin gitea sync remote

---
 .github/workflows/sync-to-gitea.yml | 102 +++-------------------------
 1 file changed, 11 insertions(+), 91 deletions(-)

diff --git a/.github/workflows/sync-to-gitea.yml b/.github/workflows/sync-to-gitea.yml
index 6db5803..4bcc133 100644
--- a/.github/workflows/sync-to-gitea.yml
+++ b/.github/workflows/sync-to-gitea.yml
@@ -16,102 +16,22 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Push to Gitea main
+      - name: Sync to Gitea
         env:
-          GITEA_USERNAME: ${{ secrets.GITEA_USERNAME }}
           GITEA_TOKEN: ${{ secrets.GITEA_SECRET }}
-          GITEA_HOST: ci.nxtgauge.com
-          GITEA_OWNER: ${{ vars.GITEA_OWNER }}
+          REPO: ${{ github.event.repository.name }}
+          BRANCH: ${{ github.ref_name }}
         run: |
           set -euo pipefail
-          echo "Syncing ${{ github.event.repository.name }}:main → Gitea main"
-          echo "Commit: $(git rev-parse HEAD)"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
 
-          if [ -z "${GITEA_TOKEN:-}" ]; then
-            echo "Missing GITEA_SECRET"
-            exit 1
-          fi
+          GITEA_URL="https://Admin:${GITEA_TOKEN}@ci.nxtgauge.com/Admin/${REPO}.git"
 
-          REPO_NAME="${{ github.event.repository.name }}"
-          BRANCH_NAME="${{ github.ref_name }}"
-          API_USER_JSON="$(curl -fsS -H "Authorization: token ${GITEA_TOKEN}" "https://${GITEA_HOST}/api/v1/user" || curl -fsS -H "Authorization: Bearer ${GITEA_TOKEN}" "https://${GITEA_HOST}/api/v1/user" || true)"
-          TOKEN_OWNER_USER="$(printf '%s' "$API_USER_JSON" | jq -r '.login // empty')"
-          if [ -n "$TOKEN_OWNER_USER" ]; then
-            echo "Resolved token owner user: $TOKEN_OWNER_USER"
-          else
-            echo "Could not resolve token owner via API; using configured username fallbacks"
-          fi
-          RESOLVED_GITEA_USER=""
-          CANDIDATE_OWNERS="${GITEA_OWNER:-} Admin ${{ github.repository_owner }}"
-          TARGET_FULL_NAME=""
-          TARGET_URL=""
+          git remote remove gitea 2>/dev/null || true
+          git remote add gitea "${GITEA_URL}"
 
-          for owner in $CANDIDATE_OWNERS; do
-            [ -n "$owner" ] || continue
-            candidate_full_name="${owner}/${REPO_NAME}"
-            candidate_url="https://${GITEA_HOST}/${candidate_full_name}.git"
-            if git ls-remote "https://${GITEA_USERNAME}:${GITEA_TOKEN}@${GITEA_HOST}/${candidate_full_name}.git" >/dev/null 2>&1; then
-              TARGET_FULL_NAME="$candidate_full_name"
-              echo "Using Gitea target owner: $owner"
-              break
-            fi
-          done
+          git ls-remote "${GITEA_URL}" >/dev/null
 
-          if [ -z "$TARGET_FULL_NAME" ]; then
-            echo "Owner guess failed; searching accessible repos via Gitea API"
-            API_URL="https://${GITEA_HOST}/api/v1/repos/search?q=${REPO_NAME}&limit=100"
-            API_JSON="$(curl -fsS -H "Authorization: token ${GITEA_TOKEN}" "${API_URL}" || true)"
-            TARGET_FULL_NAME="$(printf '%s' "$API_JSON" | jq -r --arg repo "$REPO_NAME" '[.data[]?.full_name | select((ascii_downcase | endswith("/" + ($repo | ascii_downcase))))][0] // empty')"
-            if [ -n "$TARGET_FULL_NAME" ]; then
-              echo "Resolved Gitea target via API"
-            fi
-          fi
-
-          if [ -z "$TARGET_FULL_NAME" ]; then
-            echo "Could not access target repo on Gitea for owners: $CANDIDATE_OWNERS"
-            exit 1
-          fi
-
-          TARGET_REMOTE_URL="https://${GITEA_HOST}/${TARGET_FULL_NAME}.git"
-
-          for auth_user in "$TOKEN_OWNER_USER" "$GITEA_USERNAME" "oauth2"; do
-            [ -n "$auth_user" ] || continue
-            AUTH_B64="$(printf '%s' "${auth_user}:${GITEA_TOKEN}" | base64 | tr -d '\n')"
-            if git -c http.extraHeader="Authorization: Basic ${AUTH_B64}" ls-remote "$TARGET_REMOTE_URL" >/dev/null 2>&1; then
-              TARGET_URL="$TARGET_REMOTE_URL"
-              TARGET_HTTP_AUTH_HEADER="Authorization: Basic ${AUTH_B64}"
-              echo "Using Gitea credential mode for ${TARGET_FULL_NAME} as ${auth_user}"
-              break
-            fi
-          done
-
-          if [ -z "$TARGET_URL" ]; then
-            for auth_url in \
-            "https://${GITEA_USERNAME}:${GITEA_TOKEN}@${GITEA_HOST}/${TARGET_FULL_NAME}.git" \
-            "https://${GITEA_TOKEN}@${GITEA_HOST}/${TARGET_FULL_NAME}.git" \
-            "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${TARGET_FULL_NAME}.git"; do
-              if git ls-remote "$auth_url" >/dev/null 2>&1; then
-                TARGET_URL="$TARGET_REMOTE_URL"
-                TARGET_HTTP_AUTH_HEADER=""
-                echo "Using Gitea credential mode for ${TARGET_FULL_NAME}"
-                break
-              fi
-            done
-          fi
-
-          if [ -z "$TARGET_URL" ]; then
-            echo "Resolved repo path but authentication to Gitea git remote failed"
-            exit 1
-          fi
-
-          git remote add gitea "$TARGET_URL"
-
-          if [ -n "${TARGET_HTTP_AUTH_HEADER:-}" ]; then
-            git -c http.extraHeader="$TARGET_HTTP_AUTH_HEADER" fetch gitea "$BRANCH_NAME" || true
-            git -c http.extraHeader="$TARGET_HTTP_AUTH_HEADER" push gitea "HEAD:${BRANCH_NAME}" --force-with-lease=refs/heads/"$BRANCH_NAME"
-          else
-            git fetch gitea "$BRANCH_NAME" || true
-            git push gitea "HEAD:${BRANCH_NAME}" --force-with-lease=refs/heads/"$BRANCH_NAME"
-          fi
-
-          echo "Sync complete!"
+          git push "${GITEA_URL}" "HEAD:${BRANCH}" --force
+          git push "${GITEA_URL}" --tags --force