From 30cc2378d2bd1e89d5e1ae30bd364952f6847555 Mon Sep 17 00:00:00 2001
From: Dorian <dorian@Dorians-MacBook-Air.local>
Date: Thu, 26 Mar 2026 14:21:48 +0000
Subject: [PATCH] fix: CI checkout with token auth for private repo

Manual git clone needs GITHUB_TOKEN injected for private repos.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/build-iso.yml | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/build-iso.yml b/.gitea/workflows/build-iso.yml
index a1d3803b..b2fdf981 100644
--- a/.gitea/workflows/build-iso.yml
+++ b/.gitea/workflows/build-iso.yml
@@ -13,15 +13,17 @@ jobs:
       - name: Checkout
         run: |
           WORKSPACE="${GITHUB_WORKSPACE:-$(pwd)}"
-          cd "$WORKSPACE"
-          if [ -d .git ]; then
-            git fetch origin "${GITHUB_REF_NAME:-main}" --depth 1
-            git checkout FETCH_HEAD
-          else
-            git clone --depth 1 --branch "${GITHUB_REF_NAME:-main}" \
-              "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" "$WORKSPACE"
+          CLONE_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
+          # Inject token for private repo auth
+          if [ -n "$GITHUB_TOKEN" ]; then
+            CLONE_URL=$(echo "$CLONE_URL" | sed "s|https://|https://token:${GITHUB_TOKEN}@|")
           fi
+          rm -rf "$WORKSPACE"
+          git clone --depth 1 --branch "${GITHUB_REF_NAME:-main}" "$CLONE_URL" "$WORKSPACE"
+          cd "$WORKSPACE"
           echo "Checked out $(git rev-parse --short HEAD) on ${GITHUB_REF_NAME:-main}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build backend
         run: |