-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to update Personal Access Tokens for GitHub pull-mirror repositories #21112
Comments
To be clear, after it was pointed out to me on the Gitea Discord - this causes pulls (either with Synchronize Now, or on the timer) to fail with authorization errors |
I'm also running into this issue. I was able to get it working temporarily by deleting the repo on Gitea and re-migrating it from GitHub to Gitea as a mirror and immediately setting the authorization token but after a restart of the docker-compose services, it goes back to failing with authorization errors. |
Have you tried v1.17.2? |
I haven't, it didn't exist when I saw this problem. I don't see anything in the release notes that stands out to me that would address this, but I'll upgrade and try updating the tokens again to see what happens. |
OK, it looks like 1.17.2 may have fixed it - I do now see one entry in the release notes referring to invalid CloneURL, perhaps that's the thing that's addressed it? I will now need to go through all the mirrors and update them to make sure they all work afterwards - perhaps there is value in a feature request here to be able to store a GitHub Personal Access Token either globally or as part of an organisation containing all mirrors so that tokens can be rotated even more easily? It does look like the actual bug is now fixed though |
1.17.2 fixes it for me, thanks! |
A secret storage PR #14483 should fix that. |
Description
I had some GitHub → Gitea pull mirrors working, but I need to rotate the GitHub token. I could not find any documentation about how to do this, but I narrowed it down to the Mirror Settings part of the Settings page in the repository.
The Mirror Settings page shows:
Clone from URL:
https://github.com/g-a-c/myrepo.git
Authorization/Username:
oauth2
Authorization/Password:
(Unchanged)
I then paste my new GitHub Personal Access Token into the Password box, and click the Update Settings button below the Password field. I get a green message saying “The repository settings have been updated.”
I have verified in my browser DevTools that the HTTPS POST to
https://gitea.mydomain.com/g-a-c/myrepo/settings
does contain the new token in themirror_password
field of the form data.However. When I check the
gitea.log
file, I still see a SQL update happening with the old token.When I look inside the SQLite database manually, I see the old token assigned to repo 87
And when I check the Git config file on the container filesystem, I see the old token
I’m running Gitea v1.17.1, inside a Docker container, with a SQLite database, behind Traefik as a reverse proxy.
I have not yet tried this on the public demo site as this means potentially cloning private repositories to a public instance. But I'm happy to do this if it's considered necessary.
Gitea Version
1.17.1
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
Debian 11 amd64, Docker 20.11
How are you running Gitea?
gitea/gitea:1.17.1
Database
SQLite
The text was updated successfully, but these errors were encountered: