|
| 1 | +# SPDX-License-Identifier: AGPL-3.0-or-later |
1 | 2 | name: Mirror to GitLab and Bitbucket |
2 | 3 |
|
3 | 4 | on: |
|
7 | 8 | - 'v*' |
8 | 9 | workflow_dispatch: |
9 | 10 |
|
| 11 | +permissions: read-all |
| 12 | + |
10 | 13 | jobs: |
11 | 14 | mirror-gitlab: |
12 | 15 | runs-on: ubuntu-latest |
| 16 | + permissions: |
| 17 | + contents: read |
13 | 18 | if: ${{ vars.GITLAB_MIRROR_ENABLED == 'true' }} |
14 | 19 |
|
15 | 20 | steps: |
16 | 21 | - name: Checkout |
17 | | - uses: actions/checkout@v4 |
| 22 | + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 |
18 | 23 | with: |
19 | 24 | fetch-depth: 0 |
20 | 25 |
|
| 26 | + - name: Setup SSH |
| 27 | + uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 |
| 28 | + with: |
| 29 | + ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }} |
| 30 | + |
| 31 | + - name: Add GitLab to known hosts |
| 32 | + run: | |
| 33 | + mkdir -p ~/.ssh |
| 34 | + ssh-keyscan -t ed25519 gitlab.com >> ~/.ssh/known_hosts |
| 35 | +
|
21 | 36 | - name: Push to GitLab |
22 | 37 | env: |
23 | | - GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }} |
24 | 38 | REPO_NAME: ${{ github.event.repository.name }} |
25 | 39 | run: | |
26 | | - git remote add gitlab https://oauth2:${GITLAB_TOKEN}@gitlab.com/hyperpolymath/${REPO_NAME}.git || true |
| 40 | + git remote add gitlab git@gitlab.com:hyperpolymath/${REPO_NAME}.git || true |
27 | 41 | git push gitlab HEAD:main --force || git push gitlab HEAD:master --force |
28 | 42 | git push gitlab --tags --force |
29 | 43 |
|
30 | 44 | mirror-bitbucket: |
31 | 45 | runs-on: ubuntu-latest |
| 46 | + permissions: |
| 47 | + contents: read |
32 | 48 | if: ${{ vars.BITBUCKET_MIRROR_ENABLED == 'true' }} |
33 | 49 |
|
34 | 50 | steps: |
35 | 51 | - name: Checkout |
36 | | - uses: actions/checkout@v4 |
| 52 | + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 |
37 | 53 | with: |
38 | 54 | fetch-depth: 0 |
39 | 55 |
|
| 56 | + - name: Setup SSH |
| 57 | + uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 |
| 58 | + with: |
| 59 | + ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }} |
| 60 | + |
| 61 | + - name: Add Bitbucket to known hosts |
| 62 | + run: | |
| 63 | + mkdir -p ~/.ssh |
| 64 | + ssh-keyscan -t ed25519 bitbucket.org >> ~/.ssh/known_hosts |
| 65 | +
|
40 | 66 | - name: Push to Bitbucket |
41 | 67 | env: |
42 | | - BITBUCKET_TOKEN: ${{ secrets.BITBUCKET_TOKEN }} |
43 | 68 | REPO_NAME: ${{ github.event.repository.name }} |
44 | 69 | run: | |
45 | | - git remote add bitbucket https://x-token-auth:${BITBUCKET_TOKEN}@bitbucket.org/hyperpolymath/${REPO_NAME}.git || true |
| 70 | + git remote add bitbucket git@bitbucket.org:hyperpolymath/${REPO_NAME}.git || true |
46 | 71 | git push bitbucket HEAD:main --force || git push bitbucket HEAD:master --force |
47 | 72 | git push bitbucket --tags --force |
0 commit comments