From 7a58cf0303864eb63439338e7a16ead5c77dccf0 Mon Sep 17 00:00:00 2001 From: Echo Date: Sun, 26 Apr 2026 21:16:07 +0000 Subject: [PATCH] fix: use SSH git clone for checkout to bypass Gitea API 404 Gitea archive API returns 404 for private repos. Switched to SSH-based git clone which uses runner SSH keys for authentication. - Replace curl+tar archive download with git clone over SSH - Add ssh-keyscan for host key verification - Alpine job installs openssh-client and git - All other runners have git/ssh pre-installed --- .gitea/workflows/ci.yml | 140 ++++++++++++++-------------------------- 1 file changed, 50 insertions(+), 90 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 44fce99..e8218c1 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -17,19 +17,14 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal @@ -44,19 +39,14 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal @@ -75,19 +65,14 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal @@ -105,19 +90,14 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal @@ -138,19 +118,14 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal @@ -178,19 +153,14 @@ jobs: runs-on: fedora steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal @@ -220,29 +190,24 @@ jobs: runs-on: alpine steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | - apk add --no-cache curl bash + apk add --no-cache curl bash git openssh-client curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" rustup target add x86_64-unknown-linux-musl echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install build dependencies run: | - apk add --no-cache alpine-sdk rust cargo openssl-dev elogind-dev musl-dev git abuild gcc + apk add --no-cache alpine-sdk rust cargo openssl-dev elogind-dev musl-dev abuild gcc - name: Build release binary run: cargo build --release --target x86_64-unknown-linux-musl - name: Build Alpine package @@ -265,19 +230,14 @@ jobs: runs-on: arch steps: - name: Checkout repository - env: - GITEA_TOKEN: ${{ secrets.giteatoken }} run: | set -e - REPO_URL="https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" - echo "Downloading archive from $REPO_URL ..." - if [ -n "$GITEA_TOKEN" ]; then - curl -sfL -H "Authorization: token $GITEA_TOKEN" "$REPO_URL" -o repo.tar.gz - else - curl -sfL "$REPO_URL" -o repo.tar.gz - fi - tar -xzf repo.tar.gz --strip-components=1 - rm -f repo.tar.gz + mkdir -p ~/.ssh + ssh-keyscan -H gitea-lxc.moon-dragon.us >> ~/.ssh/known_hosts 2>/dev/null || true + git clone --depth 1 git@gitea-lxc.moon-dragon.us:echo/linux_patch_api.git . + git config --global --add safe.directory "$(pwd)" + git fetch origin "$GITHUB_SHA" --depth=1 + git checkout -f "$GITHUB_SHA" - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal