Mirror — see github.com/blacksky-algorithms/blacksky.community
ci: replace to-tangled with inline ssh push
The third-party action hardcodes "Host tangled.org" in its generated
ssh config so the IdentityFile only takes effect for that exact host,
which means pushes to non-tangled.org knots fall back to default
identities and fail with "Permission denied (publickey)". Avoid the
action; inline the equivalent shell.
+22
-5
+22
-5
.github/workflows/tangle.yml
+22
-5
.github/workflows/tangle.yml
···
6
6
7
7
permissions:
8
8
contents: read
9
-
pull-requests: read
10
9
11
10
jobs:
12
11
tangle:
13
12
runs-on: ubuntu-latest
14
13
steps:
15
-
- uses: gwennlbh/to-tangled@6867d16fd934f3fe27df0a540dbd6375ea88b31c # v0.5
14
+
- uses: actions/checkout@v4
16
15
with:
17
-
repo: blackskyweb.xyz/blacksky.community
18
-
knot: knot.blacksky.community
19
-
ssh-key: ${{ secrets.TANGLED_KEY }}
16
+
fetch-depth: 0
17
+
- name: push to forge knot
18
+
env:
19
+
TANGLED_KEY: ${{ secrets.TANGLED_KEY }}
20
+
run: |
21
+
set -euo pipefail
22
+
mkdir -p ~/.ssh
23
+
chmod 700 ~/.ssh
24
+
printf '%s\n' "$TANGLED_KEY" > ~/.ssh/tangled_key
25
+
chmod 600 ~/.ssh/tangled_key
26
+
cat > ~/.ssh/config <<'EOF'
27
+
Host knot.blacksky.community
28
+
StrictHostKeyChecking no
29
+
UserKnownHostsFile=/dev/null
30
+
IdentityFile ~/.ssh/tangled_key
31
+
IdentitiesOnly yes
32
+
EOF
33
+
chmod 600 ~/.ssh/config
34
+
git fetch --tags origin
35
+
git remote add tangled git@knot.blacksky.community:blackskyweb.xyz/blacksky.community
36
+
git push --mirror tangled