gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-21 09:21:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

Codex/wiki sync revert working (#79)

Browse Source 
* fix(wiki-sync): restore known-good pat auth flow

* fix(wiki-sync): restore github token write flow
This commit is contained in:
davida-ps
2026-02-26 00:37:50 +02:00
committed by GitHub
parent 433a9596a6
commit 8132c23f41
1 changed files with 4 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/wiki-sync.yml
+4 -30
View File
@@ -7,7 +7,8 @@ on:
- 'wiki/**'
workflow_dispatch:
permissions: read-all
permissions:
contents: write
concurrency:
group: wiki-sync
@@ -22,7 +23,7 @@ jobs:
- name: Sync wiki folder to repository wiki
env:
AUTOMATION_TOKEN: ${{ secrets.POLL_NVD_CVES_PAT }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euo pipefail
@@ -31,11 +32,6 @@ jobs:
exit 1
fi
if [ -z "$AUTOMATION_TOKEN" ]; then
echo "::error::Set POLL_NVD_CVES_PAT with repo write permissions."
exit 1
fi
# GitHub Wiki root (/wiki) renders Home.md, not INDEX.md.
# INDEX.md is the canonical source; generate Home.md from it.
if [ ! -f wiki/INDEX.md ]; then
@@ -44,29 +40,7 @@ jobs:
fi
cp wiki/INDEX.md wiki/Home.md
REPO_API_JSON="$(mktemp)"
REPO_API_STATUS="$(curl -sS -o "$REPO_API_JSON" -w "%{http_code}" -H "Authorization: Bearer ${AUTOMATION_TOKEN}" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/${{ github.repository }}")"
if [ "$REPO_API_STATUS" = "401" ]; then
echo "::error::POLL_NVD_CVES_PAT is invalid/expired, or not SSO-authorized for this org."
exit 1
fi
if [ "$REPO_API_STATUS" = "404" ]; then
echo "::error::POLL_NVD_CVES_PAT cannot access ${{ github.repository }}."
exit 1
fi
if [ "$REPO_API_STATUS" != "200" ]; then
REPO_API_MESSAGE="$(jq -r '.message // empty' "$REPO_API_JSON" || true)"
echo "::error::Unexpected GitHub API response (${REPO_API_STATUS}) while validating token. ${REPO_API_MESSAGE}"
exit 1
fi
REPO_PUSH_PERMISSION="$(jq -r '.permissions.push // false' "$REPO_API_JSON" || true)"
if [ "$REPO_PUSH_PERMISSION" != "true" ]; then
echo "::error::POLL_NVD_CVES_PAT cannot push to ${{ github.repository }}. Grant Contents: write (fine-grained PAT) or repo scope (classic PAT), and ensure org approval/SSO authorization if required."
exit 1
fi
WIKI_REMOTE="https://x-access-token:${AUTOMATION_TOKEN}@github.com/${{ github.repository }}.wiki.git"
WIKI_REMOTE="https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}.wiki.git"
if ! git ls-remote "$WIKI_REMOTE" >/dev/null 2>&1; then
echo "::warning::Wiki remote unavailable (repository wiki may be disabled). Skipping sync."
exit 0