From d4c0fb128b838310045f89b14de2d55d9626d637 Mon Sep 17 00:00:00 2001 From: Michael Schiemer Date: Fri, 31 Oct 2025 03:44:52 +0100 Subject: [PATCH] fix: use GITEA_TOKEN for git clone authentication in workflows - Add GITEA_TOKEN secret support for HTTPS git clone - Fallback to public access if token not available - Fixes checkout failures when runner has no git credentials - Required for native workflows without actions/checkout --- .gitea/workflows/security-scan.yml | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/security-scan.yml b/.gitea/workflows/security-scan.yml index 1cde45a2..72a3972a 100644 --- a/.gitea/workflows/security-scan.yml +++ b/.gitea/workflows/security-scan.yml @@ -24,15 +24,21 @@ jobs: REF_NAME="main" fi - git clone --depth 1 --branch "$REF_NAME" \ - "https://git.michaelschiemer.de/${REPO}.git" \ - /workspace/repo || \ - git clone --depth 1 --branch "$REF_NAME" \ - "git@git.michaelschiemer.de:${REPO}.git" \ - /workspace/repo || \ - git clone --depth 1 \ - "https://git.michaelschiemer.de/${REPO}.git" \ - /workspace/repo + # Use Gitea token if available, otherwise try public access + if [ -n "${{ secrets.GITEA_TOKEN }}" ]; then + git clone --depth 1 --branch "$REF_NAME" \ + "https://${{ secrets.GITEA_TOKEN }}@git.michaelschiemer.de/${REPO}.git" \ + /workspace/repo + else + # Try public HTTPS (works if repository is public) + git clone --depth 1 --branch "$REF_NAME" \ + "https://git.michaelschiemer.de/${REPO}.git" \ + /workspace/repo || \ + # Fallback: Try to use Gitea's internal runner access + git clone --depth 1 \ + "https://git.michaelschiemer.de/${REPO}.git" \ + /workspace/repo + fi cd /workspace/repo