lair/mistralrs-package
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(ci): use RPM_REPO_HOST env var, add SSH connectivity test

Browse Source 
- Set RPM_REPO_HOST=oolon.kosherinata.internal as a plain env var
  instead of treating the hostname as a secret via RSYNC_TARGET
- Add explicit SSH connectivity test step using StrictHostKeyChecking=accept-new
- Remove ssh-keyscan in favour of accept-new which provides meaningful errors
- Remove RSYNC_TARGET secret dependency

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
rob thijssen
2026-04-27 09:23:54 +03:00
parent ba5eec78f1
commit cacdbebbf7
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.gitea/workflows/build-release.yml
View File

@@ -159,10 +159,15 @@ jobs:
run: | run: |
install --directory --mode 700 ~/.ssh install --directory --mode 700 ~/.ssh
echo "${RSYNC_SSH_KEY}" | install --mode 600 /dev/stdin ~/.ssh/id_ed25519 echo "${RSYNC_SSH_KEY}" | install --mode 600 /dev/stdin ~/.ssh/id_ed25519
ssh-keyscan -H oolon.kosherinata.internal >> ~/.ssh/known_hosts
env: env:
RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }}
- name: Test SSH connectivity
run: |
ssh -o StrictHostKeyChecking=accept-new "gitea_ci@${RPM_REPO_HOST}" exit
env:
RPM_REPO_HOST: oolon.kosherinata.internal
- name: Sync RPMs to repo - name: Sync RPMs to repo
run: | run: |
rsync \ rsync \
@@ -170,9 +175,13 @@ jobs:
--verbose \ --verbose \
--chmod D755,F644 \ --chmod D755,F644 \
rpms/*.rpm \ rpms/*.rpm \
"${{ secrets.RSYNC_TARGET }}:/var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64/" "gitea_ci@${RPM_REPO_HOST}:/var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64/"
env:
RPM_REPO_HOST: oolon.kosherinata.internal
- name: Update repo metadata - name: Update repo metadata
run: | run: |
ssh "${{ secrets.RSYNC_TARGET }}" \ ssh "gitea_ci@${RPM_REPO_HOST}" \
"cd /var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64 && createrepo_c --update ." "cd /var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64 && createrepo_c --update ."
env:
RPM_REPO_HOST: oolon.kosherinata.internal

1
readme.md
View File

@@ -117,5 +117,4 @@ The build-release workflow requires the following secrets:
| `DISPATCH_TOKEN` | Gitea API token for triggering builds | | `DISPATCH_TOKEN` | Gitea API token for triggering builds |
| `RPM_SIGNING_KEY`| ASCII-armored GPG signing subkey | | `RPM_SIGNING_KEY`| ASCII-armored GPG signing subkey |
| `RPM_SIGNING_KEY_ID` | GPG key UID (`rpm@lair.cafe`) | | `RPM_SIGNING_KEY_ID` | GPG key UID (`rpm@lair.cafe`) |
| `RSYNC_TARGET` | SSH target for rsync (e.g. `gitea_ci@oolon`) |
| `RSYNC_SSH_KEY` | SSH private key for the `gitea_ci` user | | `RSYNC_SSH_KEY` | SSH private key for the `gitea_ci` user |