From 88ab9c7f866cd5bcdff294538b69618bff0c1847 Mon Sep 17 00:00:00 2001
From: aydent <aydent@frielith.com>
Date: Sat, 24 Jan 2026 23:54:44 +0100
Subject: [PATCH] ci: Force Infisical DNS resolution by dynamically adding its
 public IP to `/etc/hosts` and remove the container definition.

---
 .gitea/workflows/infisical-secrets.yml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/infisical-secrets.yml b/.gitea/workflows/infisical-secrets.yml
index e970016..8177271 100644
--- a/.gitea/workflows/infisical-secrets.yml
+++ b/.gitea/workflows/infisical-secrets.yml
@@ -8,10 +8,18 @@ on:
 jobs:
   list-secrets:
     runs-on: ubuntu-latest
-    container:
-      image: docker.gitea.com/runner-images:ubuntu-latest
-      options: --network host
     steps:
+      - name: Force DNS resolution
+        run: |
+          # Install dnsutils to get the 'dig' command
+          sudo apt-get update && sudo apt-get install -y dnsutils
+          
+          # Dynamically fetch the public IP to handle dynamic DNS
+          # We query Cloudflare DNS (1.1.1.1) to ignore local/Tailscale records
+          PUBLIC_IP=$(dig +short @1.1.1.1 infisical.lemarechal.eu | tail -n1)
+          echo "Public IP found: $PUBLIC_IP"
+          echo "$PUBLIC_IP infisical.lemarechal.eu" | sudo tee -a /etc/hosts
+
       - name: Fetch Secrets from Infisical
         uses: https://github.com/Infisical/secrets-action@v1.0.7
         with: