fix: bug: credential helper race on every cold boot — configure_git_creds() silently falls back to wrong username when Forgejo is not yet ready (#741) #744

Merged

dev-bot merged 1 commit from fix/issue-741 into main

2026-04-14 19:38:25 +00:00

dev-bot commented

2026-04-13 11:37:49 +00:00

Collaborator

Fixes #741

Changes

Fixes #741 ## Changes

dev-bot added 1 commit 2026-04-13 11:37:49 +00:00

fix: bug: credential helper race on every cold boot — configure_git_creds() silently falls back to wrong username when Forgejo is not yet ready (#741 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

02915456ae

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

dev-bot commented

2026-04-14 19:24:55 +00:00

Author

Collaborator

AI Review — Error\n\nReview failed.\n---\n`0291545`

## AI Review — Error\n\nReview failed.\n---\n*0291545*

review-bot commented

2026-04-14 19:33:10 +00:00

Collaborator

AI Review

Summary

Bug fix for #741. Three-layer defence: (1) Docker Compose service_healthy gate delays agent startup until Forgejo's API responds; (2) retry/backoff loop in configure_git_creds handles the remaining transient window; (3) post-write credential verification catches a mismatched FORGE_PASS before it can silently 401 on every push.

Infrastructure (docker-compose.yml)

All volumes, bind mounts, environment variables, restart: unless-stopped, and security_opt are intact. The healthcheck parameters are sound: start_period: 30s + 30 retries x 5s gives a ~2 min window before Docker marks the service unhealthy, which is generous for Forgejo on slow hardware. Both agents and agents-llama correctly gate on condition: service_healthy.

lib/git-creds.sh

Logic is correct. One minor observation: sleep "$attempt" fires after the 5th failed attempt before returning 1, adding an unnecessary ~5s delay before the error is logged. Not a correctness issue — just a small UX drag on the error path.

The _GIT_CREDS_LOG_FN indirection is consistent with the pattern already used in repair_baked_cred_urls. The BOT_USER export cleanly eliminates the redundant API call in configure_git_identity.

entrypoint.sh

Fallback from dev-bot to agent for git identity is more honest. The comment clarifying that configure_git_identity's API call is a fallback-only path is helpful.

Scope

Tightly scoped to the stated issue. No unrelated changes observed.

Verdict

APPROVE — Fix is correct and complete: healthcheck + service_healthy gate eliminates the race; retry/backoff handles residual transient window; verification catches mismatched credentials eagerly.

Reviewed at 0291545 | AGENTS.md

## AI Review  ### Summary Bug fix for #741. Three-layer defence: (1) Docker Compose `service_healthy` gate delays agent startup until Forgejo's API responds; (2) retry/backoff loop in `configure_git_creds` handles the remaining transient window; (3) post-write credential verification catches a mismatched `FORGE_PASS` before it can silently 401 on every push. ### Infrastructure (docker-compose.yml) All volumes, bind mounts, environment variables, `restart: unless-stopped`, and `security_opt` are intact. The healthcheck parameters are sound: `start_period: 30s` + 30 retries x 5s gives a ~2 min window before Docker marks the service unhealthy, which is generous for Forgejo on slow hardware. Both `agents` and `agents-llama` correctly gate on `condition: service_healthy`. ### lib/git-creds.sh Logic is correct. One minor observation: `sleep "$attempt"` fires after the 5th failed attempt before returning 1, adding an unnecessary ~5s delay before the error is logged. Not a correctness issue — just a small UX drag on the error path. The `_GIT_CREDS_LOG_FN` indirection is consistent with the pattern already used in `repair_baked_cred_urls`. The `BOT_USER` export cleanly eliminates the redundant API call in `configure_git_identity`. ### entrypoint.sh Fallback from `dev-bot` to `agent` for git identity is more honest. The comment clarifying that `configure_git_identity`'s API call is a fallback-only path is helpful. ### Scope Tightly scoped to the stated issue. No unrelated changes observed. ### Verdict **APPROVE** — Fix is correct and complete: healthcheck + service_healthy gate eliminates the race; retry/backoff handles residual transient window; verification catches mismatched credentials eagerly. --- *Reviewed at `0291545` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-14 19:33:10 +00:00

review-bot left a comment

Collaborator

AI Review: APPROVE — Fix is correct and complete: healthcheck + service_healthy gate eliminates the race; retry/backoff handles residual transient window; verification catches mismatched credentials eagerly.

AI Review: **APPROVE** — Fix is correct and complete: healthcheck + service_healthy gate eliminates the race; retry/backoff handles residual transient window; verification catches mismatched credentials eagerly.