fix(ci): use secret for SSH key instead of container volume

2025-12-13 13:40:39 +01:00
parent 47b9b5119a
commit 952d8059d5
1 changed files with 5 additions and 12 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -199,24 +199,17 @@ jobs:
    runs-on: ubuntu-latest
    needs: [test, lint]
    if: github.event_name == 'push' && github.ref == 'refs/heads/main' && vars.MIRROR_ENABLED != 'false'
-    container:
-      image: debian:bookworm-slim
-      volumes:
-        - /root/.ssh:/root/.ssh:ro
    steps:
-      - name: Install git
-        run: apt-get update && apt-get install -y --no-install-recommends git openssh-client ca-certificates && rm -rf /var/lib/apt/lists/*
-
      - name: Setup SSH key
        run: |
-          chmod 600 /root/.ssh/id_ed25519 2>/dev/null || true
-          ssh-keyscan github.com >> /root/.ssh/known_hosts
+          mkdir -p ~/.ssh
+          echo "${{ secrets.GITHUB_MIRROR_SSH_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan github.com >> ~/.ssh/known_hosts

      - name: Clone and mirror
        run: |
-          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git clone --mirror ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git repo.git
          cd repo.git
          git remote add github git@github.com:PlusOne/hmac-file-server.git
-          git push --mirror github || git push --force --all github && git push --force --tags github
-
+          git push --mirror github || (git push --force --all github && git push --force --tags github)