cf63e0d2f7
This commit addresses the OWASP security audit by enforcing strict host key verification and resolves persistent CI issues. Security Changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops. - Removed insecure host key verification from pkg/ansible. - Implemented synchronous host key discovery using ssh-keyscan during VM boot. - Updated Boot lifecycle to wait for host key verification. - Handled missing known_hosts file in pkg/ansible. - Refactored hardcoded SSH port to DefaultSSHPort constant. CI and Maintenance: - Fixed auto-merge.yml by inlining the script and adding repository context to 'gh' command, resolving the "not a git repository" error in CI. - Resolved merge conflicts in .github/workflows/auto-merge.yml with dev branch. - Added pkg/ansible/ssh_test.go for SSH client verification. - Fixed formatting in pkg/io/local/client.go to pass QA checks.
92 lines
2.4 KiB
Go
92 lines
2.4 KiB
Go
package gitea
|
|
|
|
import (
|
|
"fmt"
|
|
"os/exec"
|
|
"strings"
|
|
|
|
"github.com/host-uk/core/pkg/cli"
|
|
gt "github.com/host-uk/core/pkg/gitea"
|
|
)
|
|
|
|
// Mirror command flags.
|
|
var (
|
|
mirrorOrg string
|
|
mirrorGHToken string
|
|
)
|
|
|
|
// addMirrorCommand adds the 'mirror' subcommand for creating GitHub-to-Gitea mirrors.
|
|
func addMirrorCommand(parent *cli.Command) {
|
|
cmd := &cli.Command{
|
|
Use: "mirror <github-owner/repo>",
|
|
Short: "Mirror a GitHub repo to Gitea",
|
|
Long: `Create a pull mirror of a GitHub repository on your Gitea instance.
|
|
|
|
The mirror will be created under the specified Gitea organisation (or your user account).
|
|
Gitea will periodically sync changes from GitHub.
|
|
|
|
For private repos, a GitHub token is needed. By default it uses 'gh auth token'.`,
|
|
Args: cli.ExactArgs(1),
|
|
RunE: func(cmd *cli.Command, args []string) error {
|
|
owner, repo, err := splitOwnerRepo(args[0])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return runMirror(owner, repo)
|
|
},
|
|
}
|
|
|
|
cmd.Flags().StringVar(&mirrorOrg, "org", "", "Gitea organisation to mirror into (default: your user account)")
|
|
cmd.Flags().StringVar(&mirrorGHToken, "github-token", "", "GitHub token for private repos (default: from gh auth token)")
|
|
|
|
parent.AddCommand(cmd)
|
|
}
|
|
|
|
func runMirror(githubOwner, githubRepo string) error {
|
|
client, err := gt.NewFromConfig("", "")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
cloneURL := fmt.Sprintf("https://github.com/%s/%s.git", githubOwner, githubRepo)
|
|
|
|
// Determine target owner on Gitea
|
|
targetOwner := mirrorOrg
|
|
if targetOwner == "" {
|
|
user, _, err := client.API().GetMyUserInfo()
|
|
if err != nil {
|
|
return cli.WrapVerb(err, "get", "current user")
|
|
}
|
|
targetOwner = user.UserName
|
|
}
|
|
|
|
// Resolve GitHub token for source auth
|
|
ghToken := mirrorGHToken
|
|
if ghToken == "" {
|
|
ghToken = resolveGHToken()
|
|
}
|
|
|
|
cli.Print(" Mirroring %s/%s -> %s/%s on Gitea...\n", githubOwner, githubRepo, targetOwner, githubRepo)
|
|
|
|
repo, err := client.CreateMirror(targetOwner, githubRepo, cloneURL, ghToken)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
cli.Blank()
|
|
cli.Success(fmt.Sprintf("Mirror created: %s", repo.FullName))
|
|
cli.Print(" %s %s\n", dimStyle.Render("URL:"), valueStyle.Render(repo.HTMLURL))
|
|
cli.Print(" %s %s\n", dimStyle.Render("Clone:"), valueStyle.Render(repo.CloneURL))
|
|
cli.Blank()
|
|
|
|
return nil
|
|
}
|
|
|
|
// resolveGHToken tries to get a GitHub token from the gh CLI.
|
|
func resolveGHToken() string {
|
|
out, err := exec.Command("gh", "auth", "token").Output()
|
|
if err != nil {
|
|
return ""
|
|
}
|
|
return strings.TrimSpace(string(out))
|
|
}
|