From 8f298e86d99c3ddc94347c026c19a95870213164 Mon Sep 17 00:00:00 2001
From: wompmacho <michael@wompmacho.com>
Date: Wed, 25 Mar 2026 00:47:11 +0000
Subject: [PATCH] Fix workflow: Use local read-only mount to prevent Git auth
 errors      and protect host symlinks

---
 .gitea/workflows/deploy.yaml | 49 ++++++++++++++----------------------
 1 file changed, 19 insertions(+), 30 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 79bf636..c42d9e9 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -9,41 +9,32 @@ jobs:
     runs-on: ubuntu-latest
     container:
       image: hugomods/hugo:latest
-      # We only mount the deployment target, we DO NOT mount the host's framework directory
-      options: --user root -v /srv/caddy/sites:/deploy
+      # Mount deployment target and the framework (Read-Only)
+      options: --user root -v /srv/caddy/sites:/deploy -v /srv/dev/hugo/wiki:/framework:ro
       
     steps:
-      # 1. Checkout the Framework from Gitea
-      - name: Checkout Hugo Framework
+      - name: Checkout Docs Source
         uses: actions/checkout@v4
-        with:
-          repository: wompmacho/hugo-framework
-          path: hugo-site
-          # The default token has access to other repos owned by the user
-          token: ${{ github.token }}
-          submodules: true
 
-      # 2. Checkout the Content
-      - name: Checkout Docs Content
-        uses: actions/checkout@v4
-        with:
-          path: docs-content
-
-      # 3. Merge and Build
-      - name: Sync Markdown and Build
+      - name: Prepare, Build, and Deploy
         run: |
-          cd hugo-site
+          # Save the path to the checked-out docs
+          DOCS_DIR=$(pwd)
           
-          # Remove the symlinks that were committed to the framework repo
-          rm -f content static
+          # Copy the read-only framework to a writable build directory
+          cp -r /framework /tmp/hugo-build
+          cd /tmp/hugo-build
           
-          # Create real folders
+          # Remove the symlinks that were copied from the host
+          rm -rf content static
+          
+          # Create real folders for the build
           mkdir -p content static
           
-          # Copy content from docs-content
-          cp -r ../docs-content/* content/
+          # Copy the new content from the docs repository
+          cp -r $DOCS_DIR/* content/
           
-          # Move static assets if they exist inside the copied content
+          # Move static assets if they exist in the docs
           if [ -d "content/static" ]; then
             cp -r content/static/* static/
             rm -rf content/static
@@ -54,10 +45,8 @@ jobs:
           
           # Build the site
           hugo --minify --destination public
-
-      # 4. Deploy to Caddy
-      - name: Deploy to Caddy
-        run: |
+          
+          # Deploy to Caddy
           mkdir -p /deploy/wiki
           rm -rf /deploy/wiki/*
-          cp -r hugo-site/public/* /deploy/wiki/
+          cp -r public/* /deploy/wiki/