From 9a0b205f3493fa0a6bebbdf8a6d970263edc7b84 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 7 Apr 2026 13:19:52 +0000 Subject: [PATCH 1/5] =?UTF-8?q?fix:=20fix:=20edge=20entrypoint=20clones=20?= =?UTF-8?q?disinto=20repo=20without=20auth=20=E2=80=94=20fails=20when=20Fo?= =?UTF-8?q?rgejo=20requires=20authentication=20(#353)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Sonnet 4.6 --- docker/edge/entrypoint-edge.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docker/edge/entrypoint-edge.sh b/docker/edge/entrypoint-edge.sh index 26ae442..4b9d5bd 100755 --- a/docker/edge/entrypoint-edge.sh +++ b/docker/edge/entrypoint-edge.sh @@ -5,11 +5,13 @@ set -euo pipefail export USER="${USER:-root}" DISINTO_VERSION="${DISINTO_VERSION:-main}" -DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/${FORGE_REPO:-disinto-admin/disinto}.git" +FORGE_URL="${FORGE_URL:-http://forgejo:3000}" +FORGE_REPO="${FORGE_REPO:-disinto-admin/disinto}" -# Shallow clone at the pinned version +# Shallow clone at the pinned version (inject token to support auth-required Forgejo) if [ ! -d /opt/disinto/.git ]; then - git clone --depth 1 --branch "$DISINTO_VERSION" "$DISINTO_REPO" /opt/disinto + _auth_url=$(printf '%s' "$FORGE_URL" | sed "s|://|://token:${FORGE_TOKEN}@|") + git clone --depth 1 --branch "$DISINTO_VERSION" "${_auth_url}/${FORGE_REPO}.git" /opt/disinto fi # Start dispatcher in background -- 2.49.1 From 93e4648124380ad5bc986a90c7ced02464ddfb40 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 7 Apr 2026 14:05:45 +0000 Subject: [PATCH 2/5] fix: authenticate Woodpecker CI clone step when Forgejo requires sign-in (#353) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Forgejo with REQUIRE_SIGN_IN blocks anonymous git clones (exit code 128). Add WOODPECKER_ENVIRONMENT to inject FORGE_TOKEN into all pipeline steps, and override the default clone step in ci.yml to use an authenticated URL built from FORGE_TOKEN — bypassing the expired stored OAuth token. Co-Authored-By: Claude Sonnet 4.6 --- .woodpecker/ci.yml | 13 +++++++++++++ lib/generators.sh | 1 + 2 files changed, 14 insertions(+) diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml index 08ae24d..fc2f12a 100644 --- a/.woodpecker/ci.yml +++ b/.woodpecker/ci.yml @@ -8,6 +8,19 @@ when: event: [push, pull_request] +# Override default clone to authenticate against Forgejo using FORGE_TOKEN. +# Required because Forgejo is configured with REQUIRE_SIGN_IN, so anonymous +# git clones fail with exit code 128. FORGE_TOKEN is injected globally via +# WOODPECKER_ENVIRONMENT in docker-compose.yml (generated by lib/generators.sh). +clone: + git: + image: alpine/git + commands: + - AUTH_URL=$(printf '%s' "$CI_REPO_CLONE_URL" | sed "s|://|://token:$FORGE_TOKEN@|") + - git clone --depth 1 "$AUTH_URL" . + - git fetch --depth 1 origin "$CI_COMMIT_REF" + - git checkout FETCH_HEAD + steps: - name: shellcheck image: koalaman/shellcheck-alpine:stable diff --git a/lib/generators.sh b/lib/generators.sh index 753de2e..20369a0 100644 --- a/lib/generators.sh +++ b/lib/generators.sh @@ -79,6 +79,7 @@ services: WOODPECKER_AGENT_SECRET: ${WOODPECKER_AGENT_SECRET:-} WOODPECKER_DATABASE_DRIVER: sqlite3 WOODPECKER_DATABASE_DATASOURCE: /var/lib/woodpecker/woodpecker.sqlite + WOODPECKER_ENVIRONMENT: "FORGE_TOKEN:${FORGE_TOKEN}" depends_on: - forgejo networks: -- 2.49.1 From f037a75ccb839dfdbd285d5935690114a5d9d95e Mon Sep 17 00:00:00 2001 From: Agent Date: Tue, 7 Apr 2026 14:14:52 +0000 Subject: [PATCH 3/5] retrigger -- 2.49.1 From e3bda18e856e27ab7b76eb3981fd172669258f86 Mon Sep 17 00:00:00 2001 From: Agent Date: Tue, 7 Apr 2026 14:16:37 +0000 Subject: [PATCH 4/5] retrigger2 -- 2.49.1 From 4a9736f1e64bb50079534ed91eac5cc477216f6b Mon Sep 17 00:00:00 2001 From: Agent Date: Tue, 7 Apr 2026 14:18:08 +0000 Subject: [PATCH 5/5] retrigger3 -- 2.49.1