From 1efad5114a65bdb9230866d55b72ae44116b0ccf Mon Sep 17 00:00:00 2001
From: Boming Zhang <bomingzh@sjtu.edu.cn>
Date: Sat, 19 Oct 2024 07:02:58 -0400
Subject: [PATCH] ci: use gitea secrets for ssh keys

---
 .gitea/workflows/build.yaml     | 22 ++++++++++++++++------
 .gitea/workflows/submodule.yaml | 12 +++++++++---
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index 1d99eba..166149f 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -6,8 +6,6 @@ jobs:
   build:
     container:
       image: focs.ji.sjtu.edu.cn:5000/gitea/runner-images:golang-ubuntu-latest
-      volumes:
-        - /home/actions/.ssh:/root/.ssh
     steps:
       - name: Check out repository code
         uses: https://gitea.com/BoYanZh/checkout@focs
@@ -17,7 +15,13 @@ jobs:
         run: |
           go env -w GO111MODULE=on
           go env -w GOPROXY=https://goproxy.io,direct
-          chown -R root:root /root/.ssh
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519.pub
+          chmod 600 ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519.pub
+          ssh-keyscan -p 2222 focs.ji.sjtu.edu.cn >> ~/.ssh/known_hosts
+          ssh -T git@focs.ji.sjtu.edu.cn -p 2222
       # - name: Setup Joint-Teapot
       #   run: |
       #       pip install git+https://ghp.ci/https://github.com/BoYanZh/Joint-Teapot
@@ -34,16 +38,22 @@ jobs:
   trigger-build-image:
     container:
       image: focs.ji.sjtu.edu.cn:5000/gitea/runner-images:ubuntu-latest
-      volumes:
-        - /home/actions/.ssh:/root/.ssh
     needs: build
     if: github.ref == 'refs/heads/master'
     steps:
+      - name: Set up SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519.pub
+          chmod 600 ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519.pub
+          ssh-keyscan -p 2222 focs.ji.sjtu.edu.cn >> ~/.ssh/known_hosts
+          ssh -T git@focs.ji.sjtu.edu.cn -p 2222
       - name: Set up Git
         run: |
           git config --global user.name "gitea-actions[bot]"
           git config --global user.email "gitea-actions[bot]@users.noreply.gitea.com"
-          chown -R root:root /root/.ssh
       - name: Clone, Commit and Push
         shell: bash
         run: |
diff --git a/.gitea/workflows/submodule.yaml b/.gitea/workflows/submodule.yaml
index 4b2ed9b..d835344 100644
--- a/.gitea/workflows/submodule.yaml
+++ b/.gitea/workflows/submodule.yaml
@@ -7,18 +7,24 @@ jobs:
   sync:
     container:
       image: focs.ji.sjtu.edu.cn:5000/gitea/runner-images:ubuntu-latest
-      volumes:
-        - /home/actions/.ssh:/root/.ssh
     steps:
       - name: Check out repository code
         uses: https://gitea.com/BoYanZh/checkout@focs
         with:
           fetch-depth: 0
+      - name: Set up SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519.pub
+          chmod 600 ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519.pub
+          ssh-keyscan -p 2222 focs.ji.sjtu.edu.cn >> ~/.ssh/known_hosts
+          ssh -T git@focs.ji.sjtu.edu.cn -p 2222
       - name: Set up Git
         run: |
           git config --global user.name "gitea-actions[bot]"
           git config --global user.email "gitea-actions[bot]@users.noreply.gitea.com"
-          chown -R root:root /root/.ssh
           git remote set-url origin ssh://git@focs.ji.sjtu.edu.cn:2222/JOJ/JOJ3.git
       - name: Check Git status
         run: |