From 187b530cbf0289469123826d5457edfb2ac1db85 Mon Sep 17 00:00:00 2001 From: adtpdn Date: Thu, 2 Jul 2026 15:40:37 +0800 Subject: [PATCH] ci: enforce ssh checkout on all gitea workflows Adds ssh-key to actions/checkout configurations and fixes yaml indentation in upload_pck.yml --- .gitea/workflows/build_artifacts.yml | 9 ++++++ .gitea/workflows/build_binaries.yml | 42 ++++++++++++++++++++++++++++ .gitea/workflows/ci.yml | 12 ++++++++ .gitea/workflows/deploy_patch.yml | 2 ++ .gitea/workflows/test.yml | 12 ++++++++ .gitea/workflows/upload_pck.yml | 16 +++++------ 6 files changed, 85 insertions(+), 8 deletions(-) create mode 100644 .gitea/workflows/build_binaries.yml diff --git a/.gitea/workflows/build_artifacts.yml b/.gitea/workflows/build_artifacts.yml index 143c38b..639f3f9 100644 --- a/.gitea/workflows/build_artifacts.yml +++ b/.gitea/workflows/build_artifacts.yml @@ -26,6 +26,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -58,6 +61,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -90,6 +96,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 diff --git a/.gitea/workflows/build_binaries.yml b/.gitea/workflows/build_binaries.yml new file mode 100644 index 0000000..d684029 --- /dev/null +++ b/.gitea/workflows/build_binaries.yml @@ -0,0 +1,42 @@ +name: Build and Upload Binaries +on: + push: + tags: + - 'v*' + +jobs: + build: + runs-on: ubuntu-latest + container: + image: barichello/godot-ci:4.2.1 + steps: + - name: Checkout + run: | + mkdir -p ~/.ssh + echo "${{ secrets.TEKTON_SSH_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + ssh-keyscan git.klud.top >> ~/.ssh/known_hosts + git clone git@git.klud.top:danchie/tekton.git . + git checkout ${{ github.ref_name }} + + - name: Build Windows + run: mkdir -p build && godot --headless --export-release "Windows Desktop" build/tekton.exe + + - name: Build Linux + run: godot --headless --export-release "Linux/X11" build/tekton.x86_64 + + - name: Upload Windows Binary + run: | + curl -X POST \ + -H "Authorization: token ${{ secrets.TEKTON_RELEASE_TOKEN }}" \ + -H "Content-Type: multipart/form-data" \ + -F "attachment=@build/tekton.exe" \ + "https://git.klud.top/api/v1/repos/danchie/tekton/releases/tags/${{ github.ref_name }}" + + - name: Upload Linux Binary + run: | + curl -X POST \ + -H "Authorization: token ${{ secrets.TEKTON_RELEASE_TOKEN }}" \ + -H "Content-Type: multipart/form-data" \ + -F "attachment=@build/tekton.x86_64" \ + "https://git.klud.top/api/v1/repos/danchie/tekton/releases/tags/${{ github.ref_name }}" \ No newline at end of file diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 41158e0..b7eab67 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -14,6 +14,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -39,6 +42,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -71,6 +77,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -103,6 +112,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 diff --git a/.gitea/workflows/deploy_patch.yml b/.gitea/workflows/deploy_patch.yml index 8275e10..73f503c 100644 --- a/.gitea/workflows/deploy_patch.yml +++ b/.gitea/workflows/deploy_patch.yml @@ -22,6 +22,8 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index 2597b26..b102837 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -15,6 +15,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -38,6 +41,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -75,6 +81,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Setup Godot uses: firebelley/godot-action@v3 @@ -94,6 +103,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.TEKTON_SSH_KEY }} + ssh-strict: false - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master diff --git a/.gitea/workflows/upload_pck.yml b/.gitea/workflows/upload_pck.yml index 17afab1..86aa7f6 100644 --- a/.gitea/workflows/upload_pck.yml +++ b/.gitea/workflows/upload_pck.yml @@ -10,14 +10,14 @@ jobs: container: image: barichello/godot-ci:4.3 steps: - - name: Checkout - run: | - mkdir -p ~/.ssh - echo "${{ secrets.TEKTON_SSH_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan git.klud.top >> ~/.ssh/known_hosts - git clone git@git.klud.top:danchie/tekton.git . - git checkout ${{ github.ref_name }} + - name: Checkout + run: | + mkdir -p ~/.ssh + echo "${{ secrets.TEKTON_SSH_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + ssh-keyscan git.klud.top >> ~/.ssh/known_hosts + git clone git@git.klud.top:danchie/tekton.git . + git checkout ${{ github.ref_name }} - name: Build PCK run: godot --headless -s tools/build_patch.gd