fix: add CI_NETRC_MACHINE override for internal Forgejo clone #128

Merged

forgejo_admin merged 4 commits from 121-fix-clone-auth into main 2026-03-21 15:58:21 +00:00

Conversation 0 Commits 4 Files changed 1 -7

forgejo_admin commented 2026-03-21 15:53:14 +00:00

Owner

Copy link

Summary

The custom clone step uses forgejo-http.forgejo.svc.cluster.local but the default netrc entry is for the external Tailscale hostname. Git auth fails because the netrc machine doesn't match the remote hostname.

Adds CI_NETRC_MACHINE override so the plugin-git's auto-generated .netrc matches the internal clone URL.

Changes

• .woodpecker.yaml — added CI_NETRC_MACHINE: forgejo-http.forgejo.svc.cluster.local to clone step environment

Review Checklist

• No secrets committed
• No unnecessary file changes
• Commit messages are descriptive

Test Plan

• Pipeline clone step succeeds on this PR
• After merge, apply-on-merge pipeline clone succeeds

Related

• Closes #121
• Plan: plan-pal-e-platform

## Summary The custom clone step uses `forgejo-http.forgejo.svc.cluster.local` but the default netrc entry is for the external Tailscale hostname. Git auth fails because the netrc machine doesn't match the remote hostname. Adds `CI_NETRC_MACHINE` override so the plugin-git's auto-generated `.netrc` matches the internal clone URL. ## Changes - `.woodpecker.yaml` — added `CI_NETRC_MACHINE: forgejo-http.forgejo.svc.cluster.local` to clone step environment ## Review Checklist - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit messages are descriptive ## Test Plan - [ ] Pipeline clone step succeeds on this PR - [ ] After merge, apply-on-merge pipeline clone succeeds ## Related - Closes #121 - Plan: `plan-pal-e-platform`

forgejo_admin added 1 commit 2026-03-21 15:53:14 +00:00

fix: add CI_NETRC_MACHINE override for internal Forgejo clone URL ... f556b29346

The custom clone step uses forgejo-http.forgejo.svc.cluster.local but
the default netrc entry is for the external Tailscale hostname. Git
auth fails because the netrc machine doesn't match the remote hostname.

Closes #121

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-03-21 15:54:36 +00:00

fix: use custom shell clone with token auth for internal Forgejo URL ... 54674718a1

The plugin-git's netrc machine is locked to the external hostname.
Switching to a direct git clone with token auth embedded in the URL
so the internal Forgejo service URL works for CI clones.

Closes #121

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-03-21 15:55:57 +00:00

fix: use plugin-git netrc_machine setting for internal URL auth ... 22613d18ee

Clone step needs netrc_machine to match the internal hostname so
git auth works with the Woodpecker-provided credentials.

Closes #121

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-03-21 15:57:02 +00:00

fix: revert to default Woodpecker clone (remove internal URL override) ... 6c320f79bc

The custom clone step with internal URL has auth and config issues.
Reverting to default clone behavior — the original TLS issue (#107)
was with the external Tailscale funnel URL, which may be resolved
by the Forgejo IPv4 fix (PR #124).

Closes #121

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin merged commit d046d0f0ee into main 2026-03-21 15:58:21 +00:00

forgejo_admin deleted branch 121-fix-clone-auth 2026-03-21 15:58:21 +00:00

forgejo_admin referenced this pull request from a commit 2026-03-21 15:58:23 +00:00

fix: add CI_NETRC_MACHINE override for internal Forgejo clone (#128)

forgejo_admin referenced this pull request 2026-03-21 17:33:24 +00:00

Bug: CI pipeline broken — default clone uses external TLS URL (66% failure rate) #133

forgejo_admin referenced this pull request from a commit 2026-03-21 17:34:48 +00:00

fix: replace plugin-git clone with alpine/git internal URL (#133)

forgejo_admin referenced this pull request 2026-03-21 17:35:39 +00:00

fix: replace plugin-git clone with alpine/git internal URL #134

forgejo_admin referenced this pull request 2026-03-21 17:38:12 +00:00

fix: replace plugin-git clone with alpine/git internal URL #134

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/pal-e-platform!128

No description provided.