From 01f41432f01334395fb540a61bd45c56c727e644 Mon Sep 17 00:00:00 2001
From: Archicratia <area.technik@proton.me>
Date: Wed, 21 Jan 2026 10:33:51 +0100
Subject: [PATCH] ci: checkout without external actions (no github.com)

---
 .gitea/workflows/ci.yml | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index dc89f8e..884f43e 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -13,14 +13,32 @@ jobs:
       image: node:20-bookworm-slim
 
     steps:
-      - name: Install git (needed by checkout)
+      - name: Install base tools (git + certs)
         run: |
+          set -e
           apt-get update
           apt-get install -y --no-install-recommends git ca-certificates
+          rm -rf /var/lib/apt/lists/*
           git --version
 
-      - name: Checkout
-        uses: actions/checkout@v4
+      - name: Checkout (from Gitea, no external actions)
+        env:
+          SERVER: ${{ github.server_url }}
+          REPO: ${{ github.repository }}
+          SHA: ${{ github.sha }}
+          TOKEN: ${{ secrets.CI_TOKEN }}
+        run: |
+          set -euo pipefail
+
+          if [ -n "${TOKEN:-}" ]; then
+            AUTH="$(printf "oauth2:%s" "$TOKEN" | base64 | tr -d '\n')"
+            git -c http.extraHeader="AUTHORIZATION: basic $AUTH" clone "$SERVER/$REPO.git" .
+          else
+            echo "ℹ️ CI_TOKEN absent → clone sans auth (repo public ou accès runner déjà OK)."
+            git clone "$SERVER/$REPO.git" .
+          fi
+
+          git checkout "$SHA"
 
       - name: Install deps
         run: npm ci
-- 
2.49.1