ci: final pipeline fixes - kargo SA workaround, oauth2 flow, timeouts

2026-04-19 02:41:41 +00:00
parent cd4f84a949
commit 76dd58c1dc
3 changed files with 90 additions and 35 deletions
@@ -184,13 +184,19 @@ print(data.get('client_secret', ''))
 " 2>/dev/null || echo "")

  if [ -z "$OAUTH2_CLIENT_SECRET" ]; then
-    echo "  ⚠ Client secret not available for existing app — recreating..."
-    APP_ID=$(echo "$EXISTING_APP" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])")
-    curl -s -X DELETE \
-      -H "${AUTH_HEADER}" \
-      "${API}/user/applications/oauth2/${APP_ID}" > /dev/null
-    echo "  Deleted existing OAuth2 app (id=${APP_ID})"
-    EXISTING_APP=""
+    echo "  ✓ OAuth2 app exists, secret stored in Woodpecker DB (not recreating)"
+    # Write client_id only — secret is only available on first creation
+    cat > "${OAUTH2_ENV_FILE}" <<EOF
+# Generated by gitea/setup.sh
+# Secret only available on first creation — Woodpecker DB has it
+GITEA_CLIENT_ID=${OAUTH2_CLIENT_ID}
+GITEA_CLIENT_SECRET=EXISTING_APP_SECRET_IN_WOODPECKER_DB
+EOF
+    echo ""
+    echo "  ✓ Credentials written to ${OAUTH2_ENV_FILE}"
+    echo ""
+    echo "=== Gitea Setup Complete ==="
+    exit 0
  fi
 fi