disinto-admin/disinto
1
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions

fix: fix: Forgejo API tokens rejected for git HTTP push — agents must use password auth (#361)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details

Browse source 
Forgejo 11.x rejects API tokens for git HTTP push while accepting them
for all other operations. Store bot passwords alongside tokens during
init and use password auth for git operations consistently.

- forge-setup.sh: persist bot passwords to .env (FORGE_PASS, etc.)
- forge-push.sh: use FORGE_PASS instead of FORGE_TOKEN for git remote URL
- entrypoint.sh: configure git credential helper with password auth
- entrypoint-llama.sh: use FORGE_PASS for git clone (fallback to FORGE_TOKEN)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude 2026-04-07 16:48:43 +00:00
parent b4cc5d649e
commit daf9151b9a
4 changed files with 67 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

26
lib/forge-setup.sh
View file

@ -294,8 +294,21 @@ setup_forge() {
[predictor-bot]="FORGE_PREDICTOR_TOKEN"
[architect-bot]="FORGE_ARCHITECT_TOKEN"
)
# Map: bot-username -> env-var-name for the password
# Forgejo 11.x API tokens don't work for git HTTP push (#361).
# Store passwords so agents can use password auth for git operations.
local -A bot_pass_vars=(
[dev-bot]="FORGE_PASS"
[review-bot]="FORGE_REVIEW_PASS"
[planner-bot]="FORGE_PLANNER_PASS"
[gardener-bot]="FORGE_GARDENER_PASS"
[vault-bot]="FORGE_VAULT_PASS"
[supervisor-bot]="FORGE_SUPERVISOR_PASS"
[predictor-bot]="FORGE_PREDICTOR_PASS"
[architect-bot]="FORGE_ARCHITECT_PASS"
)
local bot_user bot_pass token token_var
local bot_user bot_pass token token_var pass_var
for bot_user in dev-bot review-bot planner-bot gardener-bot vault-bot supervisor-bot predictor-bot architect-bot; do
bot_pass="bot-$(head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 20)"
@ -389,6 +402,17 @@ setup_forge() {
export "${token_var}=${token}"
echo " ${bot_user} token generated and saved (${token_var})"
# Store password in .env for git HTTP push (#361)
# Forgejo 11.x API tokens don't work for git push; password auth does.
pass_var="${bot_pass_vars[$bot_user]}"
if grep -q "^${pass_var}=" "$env_file" 2>/dev/null; then
sed -i "s|^${pass_var}=.*|${pass_var}=${bot_pass}|" "$env_file"
else
printf '%s=%s\n' "$pass_var" "$bot_pass" >> "$env_file"
fi
export "${pass_var}=${bot_pass}"
echo " ${bot_user} password saved (${pass_var})"
# Backwards-compat aliases for dev-bot and review-bot
if [ "$bot_user" = "dev-bot" ]; then
export CODEBERG_TOKEN="$token"