Gitea git fetch always fatal

[cubesky]

Component

server, agent, other

Describe the bug

Git fetch always fatal using Gitea OAuth.

This happens on DroneCI too, but add DRONE_GIT_ALWAYS_AUTH=true can solve this problem. It there any similar solution for woodpecker? WOODPECKER_GIT_ALWAYS_AUTH doesn't work.

System Info

{"source":"https://github.com/woodpecker-ci/woodpecker","version":"next-7725058f"}

Additional context

+ git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint: 
hint: 	git config --global init.defaultBranch <name>
hint: 
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint: 
hint: 	git branch -m <name>
Initialized empty Git repository in /drone/src/git.example.com/foobar/test-repo/.git/
+ git remote add origin https://example.com/cubesky/test-repo.git
+ git fetch --no-tags origin +refs/heads/master:
fatal: could not read Username for 'https://git.example.com': No such device or address
exit status 128

Gitea URL and username is replaced with example.com and foobar

Woodpecker and Gitea is on the same host with docker.

Validations

• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A join our Discord Chat Server.

[cubesky]

woodpecker docker-compose.yml

version: '3'

services:
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:latest
    ports:
      - 192.168.192.2:11491:8000
    volumes:
      - ./data:/var/lib/drone/
    environment:
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=https://ci.example.com
      - WOODPECKER_AGENT_SECRET=example_secret
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_URL=https://git.example.com
      - WOODPECKER_GITEA_CLIENT=example_gitea_client
      - WOODPECKER_GITEA_SECRET=example_gitea_secret
      - WOODPECKER_GIT_ALWAYS_AUTH=true
  woodpecker-agent:
    image: woodpeckerci/woodpecker-agent:latest
    command: agent
    restart: always
    depends_on:
      - woodpecker-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WOODPECKER_SERVER=woodpecker-server:9000
      - WOODPECKER_AGENT_SECRET=example_secret

Drone docker-compose.yml

version: "3.6"
services:
  drone:
    image: drone/drone:2
    ports:
      - 192.168.192.2:11380:80
    environment:
      DRONE_GITEA_SERVER: "https://git.example.com"
      DRONE_GITEA_CLIENT_ID: "example_gitea_clientid"
      DRONE_GITEA_CLIENT_SECRET: "example_gitea_secret"
      DRONE_RPC_SECRET: "example_secret"
      DRONE_SERVER_HOST: "ci.example.com"
      DRONE_SERVER_PROTO: "https"
      DRONE_USER_CREATE: "username:foo,admin:true,token:bar"
      DRONE_GIT_ALWAYS_AUTH: "true"
    volumes:
      # attach a directory relative to the directory containing this compose file
      - ./data:/data
    restart: always

Drone Agent docker-compose.yml

version: "3.6"
services:
  drone:
    image: drone/drone-runner-docker:1
    ports:
      - 192.168.192.2:18182:18182
    environment:
      DRONE_HTTP_BIND: "18182"
      DRONE_RUNNER_CAPACITY: "1"
      DRONE_RUNNER_NAME: "Example-Docker"
      DRONE_RPC_SECRET: "example_secret"
      DRONE_RPC_HOST: "ci.example.com"
      DRONE_RPC_PROTO: "https"
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

[6543]

@cubesky is the repo you like to fetch from private?

[cubesky]

@cubesky is the repo you like to fetch from private?

Yes, it is internal repo.

[6543]

Ok you got hit by: woodpecker-ci/plugin-git#4

TLD: my bad - it is a known issue that still need a fix

The drone "fix" is just a workaround you could "do" via secrets, but i would not recommend to use your own account

[6543]

So i propose: create an "clone" account with read permissions only and add credentials (user+token) to secrets & pass it to the git plugin

If you have matrix/discord we can chat how to do there too :)

[cubesky]

I think use user's permission to clone repo is better than using a "clone" user.
I have discord account. My matrix server is broken. (Sad)

[6543]

-> #479

[LamaAni]

#760