From 9c924a204c191d4ad06fe9a9242b04a09a4afb11 Mon Sep 17 00:00:00 2001
From: Echo <echo@moon-dragon.us>
Date: Fri, 24 Apr 2026 02:21:16 +0000
Subject: [PATCH] ci: Use Gitea API archive download instead of git clone

- git clone with token-in-URL doesn't work for private repos in Gitea
- Use API archive endpoint with Authorization header instead
- curl archive tarball, extract with --strip-components=1
- More reliable than git URL auth for self-hosted runners
---
 .gitea/workflows/build.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index a7b27fe..7b0b43c 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -23,10 +23,13 @@ jobs:
 
       - name: Checkout repository
         run: |
-          # Use internal Gitea URL with GITHUB_TOKEN for auth
-          # GITHUB_SERVER_URL may point to unreachable external domain
-          git clone "http://echo:${GITHUB_TOKEN}@192.168.2.189:3000/${GITHUB_REPOSITORY}.git" .
-          git checkout "$GITHUB_SHA"
+          # Use Gitea API archive download (avoids git auth issues with private repos)
+          # Token auth works reliably in HTTP headers, not in git URLs
+          curl -sf -H "Authorization: token ${GITHUB_TOKEN}" \
+            "http://192.168.2.189:3000/api/v1/repos/${GITHUB_REPOSITORY}/archive/${GITHUB_SHA}.tar.gz" \
+            -o repo.tar.gz
+          tar xzf repo.tar.gz --strip-components=1
+          rm repo.tar.gz
 
       - name: Ensure Rust toolchain
         run: |