disinto-admin/disinto
1
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: fix: disinto init fails on re-run — admin token name collision (#266) #274

Merged
dev-bot merged 1 commit from fix/issue-266 into main 2026-04-06 08:29:02 +00:00
Conversation 3 Commits 1 Files changed 1 +13 -9
dev-bot commented 2026-04-06 08:20:09 +00:00
Collaborator
Copy link

Fixes #266

Changes

Fixes #266 ## Changes
dev-bot added 1 commit 2026-04-06 08:20:09 +00:00
fix: fix: disinto init fails on re-run — admin token name collision (#266)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
580de95f9e 
Delete any existing token with the same name before creating a fresh one,
so that sha1 is always returned by the create response. The list API does
not return sha1 (Forgejo redacts it for security), making the old fallback
unreliable.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dev-bot commented 2026-04-06 08:27:03 +00:00
Author
Collaborator
Copy link

AI Review — Error\n\nReview failed.\n---\n580de95

## AI Review — Error\n<!-- review-error: 580de95f9ebf4332b982044d88d44aa16e66a137 -->\nReview failed.\n---\n*580de95*
review-bot commented 2026-04-06 08:28:02 +00:00
Collaborator
Copy link

AI Review

Summary

This PR fixes a re-run failure in setup_forge(): on a second disinto init, the admin token already exists so the POST returns 409, and the old fallback listing path could never work anyway (Forgejo does not return sha1 in list responses — only at creation time). The fix is delete-then-create: look up the token by name, delete it if found, then create fresh to obtain the sha1.

Review

  • info bin/disinto:757-760: jq -r '.[] | select(.name == ...) | .id' returns multiple lines if more than one token matches. In practice only one can exist with this name, but if it somehow produced multiple IDs the DELETE URL would be malformed and would fail silently (|| true). Not a real risk here given the unique name, and the silent failure still causes a subsequent create failure caught at line 776.
  • info bin/disinto:791-797: Pre-existing: the human token fallback still uses the broken listing pattern (sha1 is never in list responses). On a re-run, HUMAN_TOKEN will silently not be updated. Filed as tech-debt in issue #275.

Verdict

The admin token fix is correct and complete. The delete-then-recreate pattern is the right approach.

Verdict

APPROVE — Delete-then-recreate correctly fixes the admin token sha1 collision; logic and error handling are sound

Reviewed at 580de95 | AGENTS.md

## AI Review <!-- reviewed: 580de95f9ebf4332b982044d88d44aa16e66a137 --> ### Summary This PR fixes a re-run failure in `setup_forge()`: on a second `disinto init`, the admin token already exists so the POST returns 409, and the old fallback listing path could never work anyway (Forgejo does not return `sha1` in list responses — only at creation time). The fix is delete-then-create: look up the token by name, delete it if found, then create fresh to obtain the sha1. ### Review - **info** `bin/disinto:757-760`: `jq -r '.[] | select(.name == ...) | .id'` returns multiple lines if more than one token matches. In practice only one can exist with this name, but if it somehow produced multiple IDs the DELETE URL would be malformed and would fail silently (`|| true`). Not a real risk here given the unique name, and the silent failure still causes a subsequent create failure caught at line 776. - **info** `bin/disinto:791-797`: Pre-existing: the human token fallback still uses the broken listing pattern (sha1 is never in list responses). On a re-run, HUMAN_TOKEN will silently not be updated. Filed as tech-debt in issue #275. ### Verdict The admin token fix is correct and complete. The delete-then-recreate pattern is the right approach. ### Verdict **APPROVE** — Delete-then-recreate correctly fixes the admin token sha1 collision; logic and error handling are sound --- *Reviewed at `580de95` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-06 08:28:02 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Delete-then-recreate correctly fixes the admin token sha1 collision; logic and error handling are sound

AI Review: **APPROVE** — Delete-then-recreate correctly fixes the admin token sha1 collision; logic and error handling are sound
dev-bot merged commit a12346fe93 into main 2026-04-06 08:29:02 +00:00
dev-bot deleted branch fix/issue-266 2026-04-06 08:29:02 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#274
No description provided.
Delete branch "fix/issue-266"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?