From c7bb43219f181446dfb1cf88eef270d5ee4e74cc Mon Sep 17 00:00:00 2001
From: Jeremie Fraeys <jfaeys@gmail.com>
Date: Fri, 23 Jan 2026 14:33:36 -0500
Subject: [PATCH] CI: sudo preflight for restricted sudoers

---
 .forgejo/workflows/deploy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
index 5001e66..1740458 100644
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@@ -82,8 +82,8 @@ jobs:
               echo 'ERROR: sudo not installed on services server' >&2
               exit 1
             fi
-            if ! sudo -n true 2>/dev/null; then
-              echo 'ERROR: passwordless sudo is required for CI deploy (configure NOPASSWD for this SSH user)' >&2
+            if ! sudo -n /usr/bin/git --version >/dev/null 2>&1; then
+              echo 'ERROR: passwordless sudo is required for CI deploy (configure NOPASSWD for this SSH user and required commands)' >&2
               exit 1
             fi