From 6522f660ab532d12390e8da9f51021091b8befc1 Mon Sep 17 00:00:00 2001
From: Jack Jackson <scubbojj@gmail.com>
Date: Tue, 18 Mar 2025 21:36:46 -0700
Subject: [PATCH] Templatize commit-report-sync workflow

---
 .gitea/workflows/mirror.yaml | 42 ++++++++++++++++++++++++++----------
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/.gitea/workflows/mirror.yaml b/.gitea/workflows/mirror.yaml
index 7558e3d..b5a5160 100644
--- a/.gitea/workflows/mirror.yaml
+++ b/.gitea/workflows/mirror.yaml
@@ -6,18 +6,38 @@ jobs:
   build-and-push:
     runs-on: ubuntu-latest
     steps:
-      # If I were going to make this as a template, I'd instead use the `${{ github.[...] }} context to determin owner
-      # and name directly from the context.
-      # I'm leaving that off because it'd require a whole other step (to pipe `github.repository` through a splitting
-      # tool, because there's only `github.repository_owner`, no `github.repository_name`)
-      #
-      # (And the token should be retrieved from Vault)
-      - uses: https://gitea.scubbo.org/scubbo/commit-report-sync@main
+      # It's still _so_ baffling to me that this doesn't appear to be available in the `github` context.
+      - name: Determine repo name
+        run: |
+          echo "Test output"
+          echo ${{ github.repository }} | cut -d'/' -f2
+          echo "REPO_NAME=$(echo ${{ github.repository }} | cut -d'/' -f2)" >> "$GITHUB_ENV"
+          echo
+          echo "from braces"
+          echo "${{ env.REPO_NAME }}"
+          echo "$REPO_NAME"
+
+      - name: Import Secrets
+        id: import-secrets
+        uses: hashicorp/vault-action@v2
         with:
+          url: http://vault.avril
+          method: kubernetes
+          role: act-runner-helm-charts
+          secrets: |
+            github/token?org_name=${{ gitea.repository_owner }} token | GITHUB_TOKEN ;
+
+      - name: Commit Report Sync
+        uses: https://gitea.scubbo.org/scubbo/commit-report-sync@main
+        with:
+          source_repo_domain: gitea.scubbo.org
+          source_repo_owner: ${{ github.repository_owner }}
+          source_repo_name: ${{ env.REPO_NAME }}
           target_repo_domain: github.com
           target_repo_owner: scubbo
           target_repo_name: gitea-commit-mirror
-          source_repo_domain: gitea.scubbo.org
-          source_repo_owner: scubbo
-          source_repo_name: blogcontent
-          token_for_target_repo: ${{ secrets.PAT_FOR_GITHUB_SYNC }}
\ No newline at end of file
+          token_for_target_repo: ${{ steps.import-secrets.outputs.GITHUB_TOKEN }}
+
+      - name: Revoke GitHub token
+        run: |
+          curl -H "Authorization: Bearer ${{ env.GITHUB_TOKEN }}" -X DELETE https://api.github.com/installation/token