disinto-admin/disinto
1
0
Fork 0
Code Issues 23 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: fix: Forgejo API tokens rejected for git HTTP push — agents must use password auth (#361)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details

Browse source 
Forgejo 11.x rejects API tokens for git HTTP push while accepting them
for all other operations. Store bot passwords alongside tokens during
init and use password auth for git operations consistently.

- forge-setup.sh: persist bot passwords to .env (FORGE_PASS, etc.)
- forge-push.sh: use FORGE_PASS instead of FORGE_TOKEN for git remote URL
- entrypoint.sh: configure git credential helper with password auth
- entrypoint-llama.sh: use FORGE_PASS for git clone (fallback to FORGE_TOKEN)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude 2026-04-07 16:48:43 +00:00
parent b4cc5d649e
commit daf9151b9a
4 changed files with 67 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/forge-push.sh
View file

@ -6,7 +6,8 @@
#
# Globals expected:
# FORGE_URL - Forge instance URL (e.g. http://localhost:3000)
# FORGE_TOKEN - API token for Forge operations
# FORGE_TOKEN - API token for Forge operations (used for API verification)
# FORGE_PASS - Bot password for git HTTP push (#361: tokens rejected by Forgejo 11.x)
# FACTORY_ROOT - Root of the disinto factory
# PRIMARY_BRANCH - Primary branch name (e.g. main)
#
@ -20,6 +21,7 @@ set -euo pipefail
_assert_forge_push_globals() {
local missing=()
[ -z "${FORGE_URL:-}" ] && missing+=("FORGE_URL")
[ -z "${FORGE_PASS:-}" ] && missing+=("FORGE_PASS")
[ -z "${FORGE_TOKEN:-}" ] && missing+=("FORGE_TOKEN")
[ -z "${FACTORY_ROOT:-}" ] && missing+=("FACTORY_ROOT")
[ -z "${PRIMARY_BRANCH:-}" ] && missing+=("PRIMARY_BRANCH")
@ -33,13 +35,14 @@ _assert_forge_push_globals() {
push_to_forge() {
local repo_root="$1" forge_url="$2" repo_slug="$3"
# Build authenticated remote URL: http://dev-bot:<token>@host:port/org/repo.git
if [ -z "${FORGE_TOKEN:-}" ]; then
echo "Error: FORGE_TOKEN not set — cannot push to Forgejo" >&2
# Build authenticated remote URL: http://dev-bot:<password>@host:port/org/repo.git
# Forgejo 11.x rejects API tokens for git HTTP push (#361); password auth works.
if [ -z "${FORGE_PASS:-}" ]; then
echo "Error: FORGE_PASS not set — cannot push to Forgejo (see #361)" >&2
return 1
fi
local auth_url
auth_url=$(printf '%s' "$forge_url" | sed "s|://|://dev-bot:${FORGE_TOKEN}@|")
auth_url=$(printf '%s' "$forge_url" | sed "s|://|://dev-bot:${FORGE_PASS}@|")
local remote_url="${auth_url}/${repo_slug}.git"
# Display URL without token
local display_url="${forge_url}/${repo_slug}.git"