fix: add auth header to wget for private repo download #204

Merged

forgejo_admin merged 1 commit from 226-fix-wget-auth into main

2026-03-28 16:44:46 +00:00

forgejo_admin commented

2026-03-28 16:31:56 +00:00

Owner

Summary

The update-kustomize-tag CI step downloads a script from pal-e-platform via wget, but gets a 404 because pal-e-platform is a private repo
Adds an Authorization header using the existing FORGEJO_TOKEN secret so wget can authenticate

Changes

.woodpecker.yaml: added --header="Authorization: token ${FORGEJO_TOKEN}" to the wget command in the update-kustomize-tag step

Test Plan

Merge to main and verify the update-kustomize-tag step succeeds in the next Woodpecker pipeline run (wget returns 200 instead of 404)
No regressions in test or build-and-push steps

Review Checklist

Passed automated review-fix loop
No secrets committed
No unnecessary file changes
Commit messages are descriptive

Closes forgejo_admin/pal-e-platform#226
pal-e-platform — the project this work belongs to

## Summary - The `update-kustomize-tag` CI step downloads a script from pal-e-platform via wget, but gets a 404 because pal-e-platform is a private repo - Adds an Authorization header using the existing `FORGEJO_TOKEN` secret so wget can authenticate ## Changes - `.woodpecker.yaml`: added `--header="Authorization: token ${FORGEJO_TOKEN}"` to the wget command in the `update-kustomize-tag` step ## Test Plan - [ ] Merge to main and verify the `update-kustomize-tag` step succeeds in the next Woodpecker pipeline run (wget returns 200 instead of 404) - [ ] No regressions in test or build-and-push steps ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive ## Related Notes - Closes forgejo_admin/pal-e-platform#226 - `pal-e-platform` — the project this work belongs to

forgejo_admin added 1 commit

2026-03-28 16:31:56 +00:00

fix: add auth header to wget for private pal-e-platform repo 7d1a105922

The update-kustomize-tag.sh download fails with 404 because
pal-e-platform is a private repo. Pass the existing FORGEJO_TOKEN
secret via Authorization header so wget can authenticate.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin commented

2026-03-28 16:32:33 +00:00

Author

Owner

QA Review

Scope: 1 file changed, 1 line added, 0 deleted.

Findings

Correctness -- The --header="Authorization: token ${FORGEJO_TOKEN}" flag is correctly placed as a continuation of the multi-line wget command. The FORGEJO_TOKEN env var is already defined in the same step (sourced from forgejo_token secret), so it will resolve at runtime. This will authenticate the wget request against the private pal-e-platform repo.
Security -- No secrets hardcoded. Token is referenced via environment variable from a Woodpecker secret. No credentials in the diff.
Minimality -- Exactly 1 line added. No unnecessary changes. Focused fix matching the issue description.
YAML formatting -- Indentation is consistent with surrounding lines (10 spaces, matching the URL line below it).

Nits

None.

VERDICT: APPROVE

## QA Review **Scope:** 1 file changed, 1 line added, 0 deleted. ### Findings 1. **Correctness** -- The `--header="Authorization: token ${FORGEJO_TOKEN}"` flag is correctly placed as a continuation of the multi-line wget command. The `FORGEJO_TOKEN` env var is already defined in the same step (sourced from `forgejo_token` secret), so it will resolve at runtime. This will authenticate the wget request against the private pal-e-platform repo. 2. **Security** -- No secrets hardcoded. Token is referenced via environment variable from a Woodpecker secret. No credentials in the diff. 3. **Minimality** -- Exactly 1 line added. No unnecessary changes. Focused fix matching the issue description. 4. **YAML formatting** -- Indentation is consistent with surrounding lines (10 spaces, matching the URL line below it). ### Nits None. --- **VERDICT: APPROVE**