From a29e2dcd58290bc0aa641a80986dd72c9df3c244 Mon Sep 17 00:00:00 2001
From: Lorenzo Pistone <lorenzo.pistone@corvina.io>
Date: Tue, 26 May 2026 19:31:24 +0200
Subject: [PATCH 1/2] ECC-8262: adopt OAuth mirror pattern from
 terraform-cloud-infra

---
 .github/workflows/mirror-repository.yaml | 36 ++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/mirror-repository.yaml b/.github/workflows/mirror-repository.yaml
index db682af..4b77166 100644
--- a/.github/workflows/mirror-repository.yaml
+++ b/.github/workflows/mirror-repository.yaml
@@ -1,13 +1,43 @@
 on:
-  push:
+  push: {}
+  schedule:
+    - cron: "0 0 * * *"
 
 name: Mirror repository
 
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
 jobs:
   mirror:
     name: Mirror repository
     runs-on: ubuntu-24.04
     steps:
-      - uses: Corvina-R-D/corvina-github-public-actions/mirror-public-repository@v1
+      - id: bitbucket-auth
+        name: Get access token for Bitbucket
+        env:
+          BITBUCKET_CLIENT_ID: ${{ vars.BITBUCKET_CLIENT_ID }}
+          BITBUCKET_CLIENT_SECRET: ${{ secrets.BITBUCKET_CLIENT_SECRET }}
+        shell: bash
+        run: |
+          token="$(
+            curl \
+              --silent \
+              --fail \
+              --request POST \
+              --user "${BITBUCKET_CLIENT_ID}:${BITBUCKET_CLIENT_SECRET}" \
+              --header "content-type: application/x-www-form-urlencoded" \
+              --data "grant_type=client_credentials" \
+              "https://bitbucket.org/site/oauth2/access_token" \
+            | jq --exit-status --raw-output '.access_token'
+          )"
+          echo "::add-mask::${token}"
+          printf 'token=%s\n' "${token}" >> "${GITHUB_OUTPUT}"
+
+      - uses: Corvina-R-D/corvina-github-actions/mirror-repository@v5
         with:
-          target: https://x-token-auth:${{ secrets.BITBUCKET_ACCESS_TOKEN }}@bitbucket.org/exorint/mirror-corvina-github-public-actions.git
\ No newline at end of file
+          target: https://x-token-auth:${{ steps.bitbucket-auth.outputs.token }}@bitbucket.org/exorint/mirror-corvina-github-public-actions.git

From 430f444d0769efae583db49dd709de8516c29c88 Mon Sep 17 00:00:00 2001
From: Lorenzo Pistone <lorenzo.pistone@corvina.io>
Date: Fri, 5 Jun 2026 14:59:48 +0200
Subject: [PATCH 2/2] Update action for mirroring repository to public

---
 .github/workflows/mirror-repository.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/mirror-repository.yaml b/.github/workflows/mirror-repository.yaml
index 4b77166..76b1974 100644
--- a/.github/workflows/mirror-repository.yaml
+++ b/.github/workflows/mirror-repository.yaml
@@ -38,6 +38,6 @@ jobs:
           echo "::add-mask::${token}"
           printf 'token=%s\n' "${token}" >> "${GITHUB_OUTPUT}"
 
-      - uses: Corvina-R-D/corvina-github-actions/mirror-repository@v5
+      - uses: Corvina-R-D/corvina-github-public-actions/mirror-public-repository@v5
         with:
           target: https://x-token-auth:${{ steps.bitbucket-auth.outputs.token }}@bitbucket.org/exorint/mirror-corvina-github-public-actions.git