From 33f6ca9e3f1f93942056541d506d9744ea939dc2 Mon Sep 17 00:00:00 2001 From: m3taversal Date: Mon, 27 Apr 2026 23:09:25 +0100 Subject: [PATCH] fix(mirror): setup script pushes main+tags only (consistency with sync-mirror) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Initial setup-infra-mirror.sh did `git push origin --all`, which contradicted the main_only mode protection landed in b9c4947 — agent review branches (epimetheus/*, ganymede/*) ended up publicly visible on the new GitHub teleo-infrastructure mirror until I deleted them. Initial push now mirrors the recurring sync's main_only path: refs/heads/main + tags only. Re-running the setup script is now idempotent at branch level — won't redo the agent-branch leak. Cleanup applied to live GitHub teleo-infrastructure: 18 stale agent review branches deleted via single batched push (epimetheus/* x14, ganymede/* x3, ship/metadao-scraper). Only main remains. Codex bidirectional mirror unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) --- deploy/setup-infra-mirror.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/deploy/setup-infra-mirror.sh b/deploy/setup-infra-mirror.sh index a304e7a..b94f41f 100755 --- a/deploy/setup-infra-mirror.sh +++ b/deploy/setup-infra-mirror.sh @@ -98,14 +98,15 @@ echo "Fetching from Forgejo..." git fetch forgejo --prune 2>&1 | sed 's/^/ /' # Initial push to GitHub (will populate the empty repo) -echo "Pushing initial state to GitHub..." -# Sync local refs from forgejo remote refs first (mirrors what sync-mirror.sh does) -while read branch; do - [ "$branch" = "HEAD" ] && continue - git update-ref "refs/heads/$branch" "refs/remotes/forgejo/$branch" 2>/dev/null || true -done < <(git for-each-ref --format="%(refname:lstrip=3)" refs/remotes/forgejo/) +# main_only mode: push ONLY refs/heads/main + tags, mirroring what sync-mirror.sh +# does for this repo on the recurring path. Agent review branches stay Forgejo-only. +echo "Pushing initial main + tags to GitHub..." +git update-ref refs/heads/main refs/remotes/forgejo/main 2>/dev/null || { + echo "ERROR: forgejo/main ref missing — fetch may have failed" >&2 + exit 1 +} -git push origin --all 2>&1 | sed 's/^/ /' || { +git push origin "refs/heads/main:refs/heads/main" 2>&1 | sed 's/^/ /' || { echo "WARN: initial push failed — you may need to authorize the PAT for $GITHUB_REPO" >&2 } git push origin --tags 2>&1 | sed 's/^/ /' || true