Fix Gitpod: Gitea auth token creation (#3299)

The Gitea CLI `generate-access-token` has updated the OAuth scopes and
[posts some warning to the STDOUT when creating a
token](https://github.com/go-gitea/gitea/issues/28758):

```
.../setting/security.go:168:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.
0adftokenblablubb
```

When logging in to the Gitpod Gitea instance from Woodpecker, I get an
error:

![Authorization failed: Client ID not
registered](https://github.com/woodpecker-ci/woodpecker/assets/7630662/bd28a661-d46e-4691-aff7-a25d64f8e7ce)

This PR fixes the problems leading you to a dialogue authorizing
Woodpecker after logging in to Gitea.

---------

Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
This commit is contained in:
Henrik Hüttemann 2024-01-30 18:39:59 +01:00 committed by GitHub
parent 9df572ef31
commit 8429811c94
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -42,10 +42,11 @@ tasks:
$DOCKER_COMPOSE_CMD up -d $DOCKER_COMPOSE_CMD up -d
until curl --output /dev/null --silent --head --fail http://localhost:3000; do printf '.'; sleep 1; done until curl --output /dev/null --silent --head --fail http://localhost:3000; do printf '.'; sleep 1; done
$GITEA_CLI_CMD admin user create --username woodpecker --password password --email woodpecker@localhost --admin $GITEA_CLI_CMD admin user create --username woodpecker --password password --email woodpecker@localhost --admin
export GITEA_TOKEN=$($GITEA_CLI_CMD admin user generate-access-token -u woodpecker --scopes repo,write:application --raw) export GITEA_TOKEN=$($GITEA_CLI_CMD admin user generate-access-token -u woodpecker --scopes write:repository,write:user --raw | tail -n 1 | awk 'NF{ print $NF }')
GITEA_OAUTH_APP=$(curl -X 'POST' 'http://localhost:3000/api/v1/user/applications/oauth2' \ GITEA_OAUTH_APP=$(curl -X 'POST' 'http://localhost:3000/api/v1/user/applications/oauth2' \
-H 'accept: application/json' -H 'Content-Type: application/json' -H "Authorization: token ${GITEA_TOKEN}" \ -H 'accept: application/json' -H 'Content-Type: application/json' -H "Authorization: token ${GITEA_TOKEN}" \
-d "{ \"name\": \"Woodpecker CI\", \"confidential_client\": true, \"redirect_uris\": [ \"https://8000-${GITPOD_WORKSPACE_ID}.${GITPOD_WORKSPACE_CLUSTER_HOST}/authorize\" ] }") -d "{ \"name\": \"Woodpecker CI\", \"confidential_client\": true, \"redirect_uris\": [ \"https://8000-${GITPOD_WORKSPACE_ID}.${GITPOD_WORKSPACE_CLUSTER_HOST}/authorize\" ] }")
touch .env
grep "WOODPECKER_GITEA_CLIENT=" .env \ grep "WOODPECKER_GITEA_CLIENT=" .env \
&& sed "s,^WOODPECKER_GITEA_CLIENT=.*,WOODPECKER_GITEA_CLIENT=$(echo $GITEA_OAUTH_APP | jq -r .client_id)," .env \ && sed "s,^WOODPECKER_GITEA_CLIENT=.*,WOODPECKER_GITEA_CLIENT=$(echo $GITEA_OAUTH_APP | jq -r .client_id)," .env \
|| echo WOODPECKER_GITEA_CLIENT=$(echo $GITEA_OAUTH_APP | jq -r .client_id) >> .env || echo WOODPECKER_GITEA_CLIENT=$(echo $GITEA_OAUTH_APP | jq -r .client_id) >> .env