name: Sync public mirror on: push: branches: [ main ] jobs: sync: runs-on: ubuntu-latest steps: - name: Install tools (rsync) run: | sudo apt-get update && sudo apt-get install -y rsync - name: Checkout private repo uses: actions/checkout@v4 with: fetch-depth: 0 - name: Prepare SSH env: SSH_KEY: ${{ secrets.PUBLIC_REPO_SSH_KEY }} run: | set -euo pipefail mkdir -p ~/.ssh echo "$SSH_KEY" > ~/.ssh/id_sync chmod 600 ~/.ssh/id_sync printf 'Host 192.168.1.15\n HostName 192.168.1.15\n Port 22\n User git\n IdentityFile ~/.ssh/id_sync\n IdentitiesOnly yes\n' >> ~/.ssh/config ssh-keyscan -p 22 192.168.1.15 >> ~/.ssh/known_hosts - name: Clone public repo run: | git clone --depth 1 ssh://git@192.168.1.15:22/Bausager/Flux-oss.git /tmp/public - name: Sync files using .gitea/workflows/oss-keep.txt run: | set -euo pipefail KEEP_FILE=".gitea/workflows/oss-keep.txt" INCLUDE_FILE="$(pwd)/.oss-include.rsync" echo "Generating rsync include list from $KEEP_FILE" : > "$INCLUDE_FILE" echo "## Generated from $KEEP_FILE" >> "$INCLUDE_FILE" echo "+ */" >> "$INCLUDE_FILE" while IFS= read -r line; do line="${line%%#*}" line="$(echo "$line" | xargs || true)" [ -z "$line" ] && continue case "$line" in !*) pat="${line#!}" echo "- $pat" >> "$INCLUDE_FILE" ;; *) echo "+ $line" >> "$INCLUDE_FILE" ;; esac done < "$KEEP_FILE" echo "- *" >> "$INCLUDE_FILE" echo "Rsync include rules:" cat "$INCLUDE_FILE" echo "Syncing files to /tmp/public" rsync -a --delete --prune-empty-dirs \ --exclude '.git/' \ --include-from="$INCLUDE_FILE" \ ./ /tmp/public/ cd /tmp/public git config user.name "Gitea CI" git config user.email "ci@bausager.org" git add -A if git diff --cached --quiet; then echo "✅ No public-eligible changes to push." else echo "🚀 Pushing filtered subset to Flux-oss..." git commit -m "Sync public subset from Flux (private)" git push origin HEAD:main fi