Bump actions/checkout from 4.1.1 to 6.0.1 (#3) #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: AGPL-3.0-or-later | |
| name: Mirror to GitLab/Codeberg/Bitbucket | |
| on: | |
| push: | |
| branches: [main, master] | |
| workflow_dispatch: | |
| # Prevent concurrent mirror operations to avoid race conditions | |
| concurrency: | |
| group: mirror-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| env: | |
| # SSH known hosts for security - prevents MITM attacks | |
| # These are the official SSH host keys for each platform | |
| GITLAB_HOST_KEY: "gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf" | |
| CODEBERG_HOST_KEY: "codeberg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVIC02vnjFyL+I4RHfvIGNtOgJMe769VTF1VR4EB3ZB" | |
| BITBUCKET_HOST_KEY: "bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO" | |
| jobs: | |
| mirror-gitlab: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: vars.GITLAB_MIRROR_ENABLED == 'true' | |
| steps: | |
| - name: Add GitLab to known hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ env.GITLAB_HOST_KEY }}" >> ~/.ssh/known_hosts | |
| chmod 600 ~/.ssh/known_hosts | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 | |
| with: | |
| ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }} | |
| - name: Mirror to GitLab | |
| run: | | |
| git remote add gitlab "git@gitlab.com:${{ github.repository_owner }}/${GITHUB_REPOSITORY#*/}.git" || true | |
| git push gitlab --all --force | |
| git push gitlab --tags --force | |
| mirror-codeberg: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: vars.CODEBERG_MIRROR_ENABLED == 'true' | |
| steps: | |
| - name: Add Codeberg to known hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ env.CODEBERG_HOST_KEY }}" >> ~/.ssh/known_hosts | |
| chmod 600 ~/.ssh/known_hosts | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 | |
| with: | |
| ssh-private-key: ${{ secrets.CODEBERG_SSH_KEY }} | |
| - name: Mirror to Codeberg | |
| run: | | |
| git remote add codeberg "git@codeberg.org:${{ github.repository_owner }}/${GITHUB_REPOSITORY#*/}.git" || true | |
| git push codeberg --all --force | |
| git push codeberg --tags --force | |
| mirror-bitbucket: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: vars.BITBUCKET_MIRROR_ENABLED == 'true' | |
| steps: | |
| - name: Add Bitbucket to known hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ env.BITBUCKET_HOST_KEY }}" >> ~/.ssh/known_hosts | |
| chmod 600 ~/.ssh/known_hosts | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 | |
| with: | |
| ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }} | |
| - name: Mirror to Bitbucket | |
| run: | | |
| git remote add bitbucket "git@bitbucket.org:${{ github.repository_owner }}/${GITHUB_REPOSITORY#*/}.git" || true | |
| git push bitbucket --all --force | |
| git push bitbucket --tags --force |