Writekit/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: resolve Woodpecker-Forgejo OAuth integration issues
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse source 
- Enable Forgejo registration for OAuth users (DISABLE_REGISTRATION=false)
- Use public URL for Woodpecker OAuth redirects instead of internal hostname
- Add WOODPECKER_OPEN=true to allow new user registrations
- Bcrypt hash OAuth client secret before storing in database

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Josh 2026-01-09 00:44:35 +02:00
parent 52843aa9e7
commit 2ef95ab66b
2 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
files/cloud-init/ops.yml
View file

@ -9,6 +9,8 @@ packages:
- git
- curl
- sqlite3
- python3
- python3-bcrypt
users:
- name: deploy
@ -63,12 +65,14 @@ write_files:
sleep 10
HASHED_SECRET=$$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'$$WOODPECKER_FORGEJO_SECRET', bcrypt.gensalt()).decode())")
sqlite3 "$$DB" <<EOF
INSERT OR IGNORE INTO login_source (type, name, is_active, is_sync_enabled, cfg, created_unix, updated_unix)
VALUES (6, 'GitHub', 1, 0, '{"Provider":"github","ClientID":"$$GITHUB_CLIENT_ID","ClientSecret":"$$GITHUB_CLIENT_SECRET","OpenIDConnectAutoDiscoveryURL":"","CustomURLMapping":null,"IconURL":"","Scopes":["read:user","user:email"],"RequiredClaimName":"","RequiredClaimValue":"","GroupClaimName":"","AdminGroup":"","RestrictedGroup":"","GroupTeamMap":"","GroupTeamMapRemoval":false}', strftime('%s','now'), strftime('%s','now'));
INSERT OR IGNORE INTO oauth2_application (uid, name, client_id, client_secret, confidential_client, redirect_uris, created_unix, updated_unix)
VALUES (0, 'Woodpecker CI', '$$WOODPECKER_FORGEJO_CLIENT', '$$WOODPECKER_FORGEJO_SECRET', 1, 'https://ci.$$DOMAIN/authorize', strftime('%s','now'), strftime('%s','now'));
VALUES (0, 'Woodpecker CI', '$$WOODPECKER_FORGEJO_CLIENT', '$$HASHED_SECRET', 1, 'https://ci.$$DOMAIN/authorize', strftime('%s','now'), strftime('%s','now'));
EOF
- path: /opt/writekit/promote-admin.sh

5
files/stacks/docker-compose.ops.yml
View file

@ -50,7 +50,7 @@ services:
- FORGEJO__server__SSH_PORT=22
- FORGEJO__server__SSH_LISTEN_PORT=2222
- FORGEJO__database__DB_TYPE=sqlite3
- FORGEJO__service__DISABLE_REGISTRATION=true
- FORGEJO__service__DISABLE_REGISTRATION=false
- FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
- FORGEJO__webhook__ALLOWED_HOST_LIST=external,loopback,10.0.0.0/24
- FORGEJO__security__INSTALL_LOCK=true
@ -74,7 +74,8 @@ services:
environment:
- WOODPECKER_HOST=https://ci.$${DOMAIN}
- WOODPECKER_FORGEJO=true
- WOODPECKER_FORGEJO_URL=http://forgejo:3000
- WOODPECKER_FORGEJO_URL=https://source.$${DOMAIN}
- WOODPECKER_OPEN=true
- WOODPECKER_FORGEJO_CLIENT=$${WOODPECKER_FORGEJO_CLIENT}
- WOODPECKER_FORGEJO_SECRET=$${WOODPECKER_FORGEJO_SECRET}
- WOODPECKER_AGENT_SECRET=$${WOODPECKER_AGENT_SECRET}