From 5309e5503fd8718a09c9ea0d2ce66617eebcbbc3 Mon Sep 17 00:00:00 2001 From: forbes Date: Tue, 27 Jan 2026 14:38:47 -0600 Subject: [PATCH] Replace checkout action with manual SSH clone - Bypass SSSD KnownHostsCommand by using custom SSH config - Set KnownHostsCommand none in SSH config - Use GIT_SSH_COMMAND with explicit config file - Manual git clone with --recurse-submodules --- .gitea/workflows/build.yml | 39 ++++++++++++++++++++++++----------- .gitea/workflows/release.yml | 40 ++++++++++++++++++++++++------------ 2 files changed, 54 insertions(+), 25 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 37feec5da2..21e42525e6 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -28,21 +28,36 @@ jobs: fi node --version - - name: Get Gitea SSH host key - id: ssh-host-key + - name: Setup SSH and checkout shell: bash + env: + DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} run: | - HOST_KEY=$(ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal 2>/dev/null | head -1) - echo "host-key=$HOST_KEY" >> $GITHUB_OUTPUT + # Setup SSH key + mkdir -p ~/.ssh + echo "$DEPLOY_KEY" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 - - name: Checkout repository - uses: https://code.forgejo.org/actions/checkout@v4 - with: - submodules: recursive - fetch-depth: 0 - ssh-key: ${{ secrets.DEPLOY_KEY }} - ssh-known-hosts: ${{ steps.ssh-host-key.outputs.host-key }} - ssh-strict: false + # Get host key and add to known_hosts + ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal >> ~/.ssh/known_hosts 2>/dev/null + chmod 600 ~/.ssh/known_hosts + + # Configure SSH to bypass SSSD KnownHostsCommand + cat > ~/.ssh/config << 'EOF' + Host gitea.kindred.internal + IdentityFile ~/.ssh/id_ed25519 + StrictHostKeyChecking no + UserKnownHostsFile ~/.ssh/known_hosts + KnownHostsCommand none + EOF + chmod 600 ~/.ssh/config + + # Set GIT_SSH_COMMAND to use our config + export GIT_SSH_COMMAND="ssh -F ~/.ssh/config" + + # Clone repository + git clone --recurse-submodules git@gitea.kindred.internal:kindred/create-0070.git . + git fetch --tags - name: Install pixi if needed shell: bash diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 658a45f6a1..5da4d2c499 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -36,22 +36,36 @@ jobs: fi node --version - - name: Get Gitea SSH host key - id: ssh-host-key + - name: Setup SSH and checkout shell: bash + env: + DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} run: | - HOST_KEY=$(ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal 2>/dev/null | head -1) - echo "host-key=$HOST_KEY" >> $GITHUB_OUTPUT + # Setup SSH key + mkdir -p ~/.ssh + echo "$DEPLOY_KEY" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 - - name: Checkout repository - uses: https://code.forgejo.org/actions/checkout@v4 - with: - submodules: recursive - fetch-depth: 0 - fetch-tags: true - ssh-key: ${{ secrets.DEPLOY_KEY }} - ssh-known-hosts: ${{ steps.ssh-host-key.outputs.host-key }} - ssh-strict: false + # Get host key and add to known_hosts + ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal >> ~/.ssh/known_hosts 2>/dev/null + chmod 600 ~/.ssh/known_hosts + + # Configure SSH to bypass SSSD KnownHostsCommand + cat > ~/.ssh/config << 'EOF' + Host gitea.kindred.internal + IdentityFile ~/.ssh/id_ed25519 + StrictHostKeyChecking no + UserKnownHostsFile ~/.ssh/known_hosts + KnownHostsCommand none + EOF + chmod 600 ~/.ssh/config + + # Set GIT_SSH_COMMAND to use our config + export GIT_SSH_COMMAND="ssh -F ~/.ssh/config" + + # Clone repository + git clone --recurse-submodules git@gitea.kindred.internal:kindred/create-0070.git . + git fetch --tags - name: Install pixi if needed shell: bash