add .github/workflows/sync-to-gitee.yaml#3137
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow to mirror this repository to Gitee on pushes to key branches.
Changes:
- Introduces a new workflow that runs on pushes to
masterandgh-pages - Uses
Yikun/hub-mirror-actionto syncgithub/alibaba/arthastogitee/arthas/arthasusing repository secrets
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Sync to Gitee | ||
| uses: Yikun/hub-mirror-action@v1.5 |
There was a problem hiding this comment.
The workflow uses a third-party action pinned only to a mutable tag (Yikun/hub-mirror-action@v1.5). To reduce supply-chain risk, pin the action to an immutable commit SHA (optionally with a comment noting the intended version) so a retagged release can’t change what runs in CI.
| uses: Yikun/hub-mirror-action@v1.5 | |
| uses: Yikun/hub-mirror-action@<COMMIT-SHA-FOR-v1.5> # v1.5 |
| src: github/alibaba | ||
| dst: gitee/arthas | ||
| dst_key: ${{ secrets.GITEE_PRIVATE_KEY }} | ||
| dst_token: ${{ secrets.GITEE_TOKEN }} |
There was a problem hiding this comment.
This job requires GITEE_PRIVATE_KEY/GITEE_TOKEN secrets and hard-codes src/dst orgs. In forks (or in environments where these secrets aren’t configured), the workflow will run on push and fail. Consider adding a job-level guard (e.g., if: github.repository == 'alibaba/arthas' and/or checking that required secrets are present) to avoid noisy failures and unintended runs.
1 participant
No description provided.