deploy(mirror): drop --force-with-lease; plain push so divergence fails loud
- SHA
7947046be3f2c8ff47b71dab8f43ba5eb69427d7- Parents
-
2400474 - Tree
cd7380e
tenseleyflow/shithub
/
7947046
Browse files
1 changed file
| Status | File | + | - |
|---|---|---|---|
| M |
.github/workflows/deploy.yml
|
6 | 1 |
.github/workflows/deploy.ymlmodified@@ -75,6 +75,11 @@ jobs: | ||
| 75 | 75 | # a broken commit never appears canonical on the dogfood mirror. |
| 76 | 76 | # The credential helper feeds the PAT via stdin to avoid leaking |
| 77 | 77 | # it via the process listing or git's url-with-credentials log. |
| 78 | + # | |
| 79 | + # Plain `push` (no --force-with-lease): if shithub.sh ever | |
| 80 | + # diverges from origin/trunk, the push fails non-fast-forward | |
| 81 | + # and a human reconciles. We never want a runner to silently | |
| 82 | + # overwrite a human edit on the mirror. | |
| 78 | 83 | - name: Mirror to shithub.sh |
| 79 | 84 | if: success() |
| 80 | 85 | env: |
@@ -82,6 +87,6 @@ jobs: | ||
| 82 | 87 | SHITHUB_PUSH_PAT: ${{ secrets.SHITHUB_PUSH_PAT }} |
| 83 | 88 | run: | |
| 84 | 89 | git -c "credential.helper=!f() { echo username=$SHITHUB_PUSH_USER; echo password=$SHITHUB_PUSH_PAT; }; f" \ |
| 85 | - push --force-with-lease \ | |
| 90 | + push \ | |
| 86 | 91 | https://shithub.sh/tenseleyflow/shithub.git \ |
| 87 | 92 | HEAD:trunk |