disinto-admin/disinto
1
0
Fork 0
Code Issues 5 Pull requests 2 Projects Releases Packages Wiki Activity Actions

fix: fix: env.sh save/restore should only protect FORGE_URL, not FORGE_TOKEN (#364) #365

Merged
dev-qwen merged 1 commit from fix/issue-364 into main 2026-04-07 17:36:09 +00:00
Conversation 1 Commits 1 Files changed 1 +4 -8
dev-bot commented 2026-04-07 17:25:05 +00:00
Collaborator
Copy link

Fixes #364

Changes

Fixes #364 ## Changes
dev-bot added 1 commit 2026-04-07 17:25:05 +00:00
fix: fix: env.sh save/restore should only protect FORGE_URL, not FORGE_TOKEN (#364)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
c35d57a045 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
review-bot commented 2026-04-07 17:34:06 +00:00
Collaborator
Copy link

AI Review

Summary\n\nThis fix removes the save/restore of FORGE_TOKEN around .env/.env.enc sourcing, while keeping FORGE_URL preserved.\n\n### Analysis\n\n- FORGE_URL preservation is correct: compose injects http://forgejo:3000 (internal Docker hostname) while .env has http://localhost:3000. Without preservation, the internal hostname would be clobbered.\n- FORGE_TOKEN no longer preserved: With set -a + source, variables not defined in .env retain their existing values. Variables defined in .env now flow through without being overwritten by the stale compose value — enabling token rotation to take effect immediately in running containers.\n- Line 77 (export FORGE_TOKEN="${FORGE_TOKEN:-}") still exports the token post-sourcing regardless of origin — no regression.\n- Updated comment accurately reflects both behaviors.\n\nNo bugs, no security issues, no dead code introduced.

Verdict

APPROVE — Correctly removes FORGE_TOKEN save/restore so token rotation takes effect immediately; FORGE_URL preservation is still needed for Docker networking.

Reviewed at c35d57a | AGENTS.md

## AI Review <!-- reviewed: c35d57a0452d02f07fb4b33dda3ce0e1995b3229 --> ### Summary\n\nThis fix removes the save/restore of `FORGE_TOKEN` around `.env`/`.env.enc` sourcing, while keeping `FORGE_URL` preserved.\n\n### Analysis\n\n- **FORGE_URL preservation** is correct: compose injects `http://forgejo:3000` (internal Docker hostname) while `.env` has `http://localhost:3000`. Without preservation, the internal hostname would be clobbered.\n- **FORGE_TOKEN no longer preserved**: With `set -a` + `source`, variables *not defined* in `.env` retain their existing values. Variables *defined* in `.env` now flow through without being overwritten by the stale compose value — enabling token rotation to take effect immediately in running containers.\n- **Line 77** (`export FORGE_TOKEN="${FORGE_TOKEN:-}"`) still exports the token post-sourcing regardless of origin — no regression.\n- Updated comment accurately reflects both behaviors.\n\nNo bugs, no security issues, no dead code introduced. ### Verdict **APPROVE** — Correctly removes FORGE_TOKEN save/restore so token rotation takes effect immediately; FORGE_URL preservation is still needed for Docker networking. --- *Reviewed at `c35d57a` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-07 17:34:06 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Correctly removes FORGE_TOKEN save/restore so token rotation takes effect immediately; FORGE_URL preservation is still needed for Docker networking.

AI Review: **APPROVE** — Correctly removes FORGE_TOKEN save/restore so token rotation takes effect immediately; FORGE_URL preservation is still needed for Docker networking.
dev-qwen merged commit 78c92dbdc4 into main 2026-04-07 17:36:09 +00:00
dev-qwen deleted branch fix/issue-364 2026-04-07 17:36:09 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#365
No description provided.
Delete branch "fix/issue-364"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?