From fe98ca754ac40fc20dae3ab22036753f5be39b94 Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Mon, 7 Apr 2025 11:58:23 +0200
Subject: [PATCH] chore: rework credential

---
 .woodpecker.yml |  2 +-
 build.sh        | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index f3109cb..d531097 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -24,7 +24,7 @@ steps:
     - mkdir /build
     - chown -R build:build . /build
     - sudo -u build --preserve-env=PGP_KEY,PGP_PWD,PGP_ID sh -c 'mkdir ~/.gnupg && echo -e "default-cache-ttl 3600\nallow-preset-passphrase" > ~/.gnupg/gpg-agent.conf && echo "$PGP_KEY" | gpg --import --no-tty --batch --yes && echo "$PGP_PWD" | /usr/lib/gnupg/gpg-preset-passphrase --preset $PGP_ID'
-    - sudo -u build --preserve-env=CI_REPO_CLONE_URL,CI_COMMIT_BRANCH,CI_PREV_COMMIT_SHA,GIT_USER,GIT_TOKEN,BUILD_DIR,REPO_DIR,GIT_USER_NAME,GIT_USER_EMAIL sh -c './build.sh'
+    - sudo -u build --preserve-env=CI_FORGE_URL,CI_REPO_CLONE_URL,CI_COMMIT_BRANCH,CI_PREV_COMMIT_SHA,GIT_USER,GIT_TOKEN,BUILD_DIR,REPO_DIR,GIT_USER_NAME,GIT_USER_EMAIL sh -c './build.sh'
     environment:
       PGP_ID:
         from_secret: pgp_id
diff --git a/build.sh b/build.sh
index a64dd20..9dc46c1 100755
--- a/build.sh
+++ b/build.sh
@@ -3,7 +3,7 @@
 set -euo pipefail
 
 # Constants
-readonly REQUIRED_ENV_VARS=(BUILD_DIR REPO_DIR GIT_USER_EMAIL GIT_USER_NAME CI_REPO_CLONE_URL GIT_USER GIT_TOKEN)
+readonly REQUIRED_ENV_VARS=(BUILD_DIR REPO_DIR GIT_USER_EMAIL GIT_USER_NAME CI_FORGE_URL CI_REPO_CLONE_URL GIT_USER GIT_TOKEN)
 readonly REQUIRED_COMMANDS=(makepkg repo-add git pacman)
 
 # Colors for logging
@@ -199,8 +199,14 @@ setup_git() {
   git config --global user.name "${GIT_USER_NAME}"
   git config --global init.defaultBranch master
   git remote set-url origin "${CI_REPO_CLONE_URL}"
-  # shellcheck disable=SC2016
-  git config credential.helper '!f() { sleep 1; echo "username=${GIT_USER}"; echo "password=${GIT_TOKEN}"; }; f'
+
+  local forge_url="${CI_FORGE_URL#https://}"
+  cat > "${HOME}/.netrc" <<EOF
+machine ${forge_url}
+login ${GIT_USER}
+password ${GIT_TOKEN}
+EOF
+  chmod 600 "${HOME}/.netrc"
 }
 
 process_aur_packages() {