forgejo_admin/pal-e-platform
1
0
Fork 0
Code Issues 28 Pull requests Projects Releases Packages Wiki Activity Actions

Fix update-kustomize-tag wget auth for private pal-e-platform repo #226

New issue
Closed
opened 2026-03-28 16:30:30 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-03-28 16:30:30 +00:00
Owner
Copy link

Type

Feature

Lineage

  • Board: board-pal-e-platform
  • Story: story:superuser-deploy
  • Arch: arch:ci-pipeline

Repo

Cross-repo: pal-e-api, basketball-api, pal-e-app, westside-app (4 repos)

User Story

As the superuser, I need CI pipelines to successfully download update-kustomize-tag.sh from pal-e-platform so that merged code triggers ArgoCD deployments. Currently ALL repos fail with 404 because pal-e-platform is private and wget has no auth header.

Context

The update-kustomize-tag step in .woodpecker.yaml downloads the script via raw URL:

wget -O /tmp/update-kustomize-tag.sh "http://forgejo-http.forgejo.svc.cluster.local:80/forgejo_admin/pal-e-platform/raw/branch/main/scripts/update-kustomize-tag.sh"

pal-e-platform is private. wget gets 404 (Forgejo masks 401 as 404 for private repos).

Scope

Add auth header to wget in 4 repos:

wget -O /tmp/update-kustomize-tag.sh --header="Authorization: token ${FORGEJO_TOKEN}" "http://..."

FORGEJO_TOKEN is already available in the step environment (used for pushing to pal-e-deployments).

File Targets

  • pal-e-api: .woodpecker.yaml
  • basketball-api: .woodpecker.yaml
  • pal-e-app: .woodpecker.yaml
  • westside-app: .woodpecker.yaml

Constraints

  • One PR per repo (4 parallel PRs)
  • Do NOT change the script URL or any other pipeline step
  • Only add the --header flag to the wget line

Acceptance Criteria

  • All 4 repos download the script successfully in CI
  • update-kustomize-tag step passes (not just the download)

Checklist

  • Fix pal-e-api .woodpecker.yaml
  • Fix basketball-api .woodpecker.yaml
  • Fix pal-e-app .woodpecker.yaml
  • Fix westside-app .woodpecker.yaml

Test Expectations

  • Pipeline passes update-kustomize-tag step on next main push

Related

  • Blocks: #232 (pal-e-api NoteType deployment)
  • Blocks: all GitOps deployments across platform
  • Root cause: pal-e-platform repo is private (visibility: private)
### Type Feature ### Lineage - Board: board-pal-e-platform - Story: story:superuser-deploy - Arch: arch:ci-pipeline ### Repo Cross-repo: pal-e-api, basketball-api, pal-e-app, westside-app (4 repos) ### User Story As the superuser, I need CI pipelines to successfully download update-kustomize-tag.sh from pal-e-platform so that merged code triggers ArgoCD deployments. Currently ALL repos fail with 404 because pal-e-platform is private and wget has no auth header. ### Context The update-kustomize-tag step in .woodpecker.yaml downloads the script via raw URL: ``` wget -O /tmp/update-kustomize-tag.sh "http://forgejo-http.forgejo.svc.cluster.local:80/forgejo_admin/pal-e-platform/raw/branch/main/scripts/update-kustomize-tag.sh" ``` pal-e-platform is private. wget gets 404 (Forgejo masks 401 as 404 for private repos). ### Scope Add auth header to wget in 4 repos: ```yaml wget -O /tmp/update-kustomize-tag.sh --header="Authorization: token ${FORGEJO_TOKEN}" "http://..." ``` FORGEJO_TOKEN is already available in the step environment (used for pushing to pal-e-deployments). ### File Targets - pal-e-api: .woodpecker.yaml - basketball-api: .woodpecker.yaml - pal-e-app: .woodpecker.yaml - westside-app: .woodpecker.yaml ### Constraints - One PR per repo (4 parallel PRs) - Do NOT change the script URL or any other pipeline step - Only add the --header flag to the wget line ### Acceptance Criteria - [ ] All 4 repos download the script successfully in CI - [ ] update-kustomize-tag step passes (not just the download) ### Checklist - [ ] Fix pal-e-api .woodpecker.yaml - [ ] Fix basketball-api .woodpecker.yaml - [ ] Fix pal-e-app .woodpecker.yaml - [ ] Fix westside-app .woodpecker.yaml ### Test Expectations - Pipeline passes update-kustomize-tag step on next main push ### Related - Blocks: #232 (pal-e-api NoteType deployment) - Blocks: all GitOps deployments across platform - Root cause: pal-e-platform repo is private (visibility: private)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
188-cross-repo-worktree-isolation-for-parall
111-fix-keycloak-probe
86-fix-rotate-woodpecker-api-token-in-salt
71-feat-deploy-pyrra-slo-manager-with-servi
64-hotfix-woodpecker-oauth-login-broken-for
18-fix-grafana-duplicate-default-datasource-v2
18-fix-grafana-duplicate-default-datasource
13-fix-cnpg-all-parameters
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform#226
No description provided.