No credential persistence #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sync github repo with Forgejo | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| sync: | |
| name: Sync git repo | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout main | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Setup SSH key | |
| run: | | |
| mkdir -p ~/.ssh | |
| chmod 700 ~/.ssh | |
| echo "git.disroot.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBl6QhMLV//e4QkBnkk8eyFbL1B0CTrJ1HiTaqncGSv1" >> ~/.ssh/known_hosts | |
| echo "${{ secrets.DISROOT_SSH_PRIVATE_KEY }}" > ~/.ssh/forge.key | |
| chmod 400 ~/.ssh/forge.key | |
| echo "Host git.disroot.org | |
| Hostname git.disroot.org | |
| IdentityFile ~/.ssh/forge.key | |
| IdentitiesOnly yes" > ~/.ssh/config | |
| - name: Push main branch | |
| run: | | |
| git config pull.ff only | |
| git pull ssh://[email protected]/PawprintPrototyping/admin.git main | |
| git push --force-with-lease ssh://[email protected]/PawprintPrototyping/admin.git main | |
| git push origin main | |