From 37f4306367137d34e6289d809e99544240119bc6 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Thu, 12 Feb 2026 15:13:27 +0100 Subject: [PATCH] fix(pipeline): use git ls-remote for robust upstream SHA discovery --- .gitea/workflows/deploy.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index bbc93114..5b146529 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -118,8 +118,12 @@ jobs: "https://git.infra.mintel.me/mmintel/at-mintel/raw/branch/main/packages/infra/scripts/wait-for-upstream.sh" > wait-for-upstream.sh chmod +x wait-for-upstream.sh - # Patch script to allow unauthenticated tag lookup if token is restricted - sed -i 's#TARGET_SHA=$(echo "$TAG_INFO" | jq -r ".commit.sha // empty")#TARGET_SHA=$(echo "$TAG_INFO" | jq -r ".commit.sha // empty"); [[ -z "$TARGET_SHA" || "$TARGET_SHA" == "null" ]] \&\& TARGET_SHA=$(curl -s "https://git.infra.mintel.me/api/v1/repos/$REPO/tags/$TAG" | jq -r ".commit.sha // empty")#' wait-for-upstream.sh + # Robust SHA discovery (bypasses restricted Gitea API) + UPSTREAM_SHA=$(git ls-remote --tags https://git.infra.mintel.me/mmintel/at-mintel.git "$TAG_TO_WAIT" | grep "$TAG_TO_WAIT" | tail -n1 | awk '{print $1}') + if [[ -n "$UPSTREAM_SHA" ]]; then + echo "✅ Found upstream SHA $UPSTREAM_SHA for $TAG_TO_WAIT (via git ls-remote)" + sed -i "s#TARGET_SHA=.*#TARGET_SHA=$UPSTREAM_SHA#g" wait-for-upstream.sh + fi GITEA_TOKEN=${{ secrets.GITHUB_TOKEN }} ./wait-for-upstream.sh "mmintel/at-mintel" "$TAG_TO_WAIT" fi