name: Sync public mirror on: push: branches: [ main ] jobs: sync: runs-on: ubuntu-latest container: node:20-alpine steps: - name: Install tools run: apk add --no-cache git rsync openssh-client bash - name: Checkout private repo uses: actions/checkout@v4 with: fetch-depth: 0 - name: Prepare SSH env: SSH_KEY: ${{ secrets.PUBLIC_REPO_SSH_KEY }} run: | set -euo pipefail mkdir -p ~/.ssh echo "$SSH_KEY" > ~/.ssh/id_sync chmod 600 ~/.ssh/id_sync printf 'Host 192.168.1.15\n HostName 192.168.1.15\n Port 22\n User git\n IdentityFile ~/.ssh/id_sync\n IdentitiesOnly yes\n' >> ~/.ssh/config ssh-keyscan -p 22 192.168.1.15 >> ~/.ssh/known_hosts - name: Clone public repo run: git clone --depth 1 ssh://git@192.168.1.15:22/Bausager/Flux-openbuild.git /tmp/public - name: Sync files using .gitea/workflows/openbuild-keep.txt run: | set -euo pipefail KEEP_FILE=".gitea/workflows/openbuild-keep.txt" INCLUDE_FILE="$(pwd)/.openbuild-include.rsync" : > "$INCLUDE_FILE" echo "+ */" >> "$INCLUDE_FILE" while IFS= read -r line; do line="${line%%#*}"; line="$(echo "$line" | xargs || true)" [ -z "$line" ] && continue case "$line" in !*) echo "- ${line#!}";; *) echo "+ $line";; esac done >> "$INCLUDE_FILE" echo "- *" >> "$INCLUDE_FILE" rsync -a --delete --prune-empty-dirs \ --exclude '.git/' \ --include-from="$INCLUDE_FILE" \ ./ /tmp/public/ cd /tmp/public git config user.name "Gitea CI" git config user.email "ci@bausager.org" git add -A if git diff --cached --quiet; then echo "No public-eligible changes to push." else git commit -m "Sync public subset from Flux (private)" git push origin HEAD:main fi