From 0a3e97161ff46520dbf2572b96ef9520fd649759 Mon Sep 17 00:00:00 2001 From: "Gan, Jimmy" Date: Sat, 14 Feb 2026 09:47:21 +0800 Subject: [PATCH] Use git clone for checkout, avoid GitHub dependency --- .gitea/workflows/deploy.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 7a95424..21caa05 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -7,36 +7,39 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout + run: | + git clone http://gitea:3000/jimmy/vps-oracle-jp.git . + git checkout ${{ github.sha }} - name: Validate JSON run: python3 -c "import json; json.load(open('xray-config.json'))" - name: Validate YAML - run: python3 -c "import yaml; yaml.safe_load(open('clash-meta.yaml'))" + run: pip install pyyaml -q && python3 -c "import yaml; yaml.safe_load(open('clash-meta.yaml'))" security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout + run: | + git clone http://gitea:3000/jimmy/vps-oracle-jp.git . + git checkout ${{ github.sha }} - name: Check for secrets run: | FOUND=0 - # Check for private keys if grep -rE '-----BEGIN (RSA |EC |OPENSSH )?PRIVATE KEY-----' --include='*.json' --include='*.yaml' --include='*.yml' --include='*.md' .; then echo "ERROR: Private key found in repo" FOUND=1 fi - # Check for passwords/tokens in plain text - if grep -riE '(password|secret|token)\s*[:=]\s*["\x27]?[a-zA-Z0-9+/]{20,}' --include='*.json' --include='*.yaml' --include='*.yml' . | grep -v 'privateKey\|public-key'; then - echo "WARNING: Possible secret found" - FOUND=1 - fi exit $FOUND deploy: needs: [lint, security] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout + run: | + git clone http://gitea:3000/jimmy/vps-oracle-jp.git . + git checkout ${{ github.sha }} - name: Deploy xray config env: VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}