Hunter Bown
efa00ff69b
- Add explicit permissions: contents: read (least-privilege) - Bump actions/checkout@v3 → @v4 - Narrow trigger from on: [push] to on: push: branches: [main] + tags: ['v*'] Matches the hardening convention used by every other workflow in the repo.
26 lines
565 B
YAML
26 lines
565 B
YAML
name: Sync to CNB
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
tags: ['v*']
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
sync:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Sync to CNB Repository
|
|
uses: docker://tencentcom/git-sync
|
|
env:
|
|
PLUGIN_TARGET_URL: "https://cnb.cool/deepseek-tui.com/DeepSeek-TUI"
|
|
PLUGIN_AUTH_TYPE: "https"
|
|
PLUGIN_USERNAME: "cnb"
|
|
PLUGIN_PASSWORD: ${{ secrets.CNB_GIT_TOKEN }}
|
|
PLUGIN_SYNC_MODE: "rebase" |