[PR #105] [MERGED] fix: Forgejo 12 compatibility - use separate auth fields for private repos (#102) #131

New issue

Closed

opened 2026-02-27 15:55:15 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 15:55:15 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/RayLabsHQ/gitea-mirror/pull/105
Author: @arunavo4
Created: 9/30/2025
Status: ✅ Merged
Merged: 10/1/2025
Merged by: @arunavo4

Base: main ← Head: fix/forgejo-12-private-repos

---

📝 Commits (2)

• 34f741b fix: Forgejo 12 compatibility - use separate auth fields for private repos (#102)
• 096e0c0 images now tagged lowercase in comments

📊 Changes

2 files changed (+129 additions, -63 deletions)

View changed files

📝 .github/workflows/docker-build.yml (+62 -5)
📝 src/lib/gitea.ts (+67 -58)

📄 Description

Problem

Forgejo 12.0+ rejects migration API calls with credentials embedded in URLs, causing HTTP 422 errors when mirroring private GitHub repositories.

Root Cause

Breaking security change in Forgejo 12.0 (July 2025) enforces credential separation to prevent accidental exposure in logs/errors. Previous versions (Forgejo 11.x, Gitea 1.x) accepted embedded credentials.

Solution

• Use separate auth_username and auth_token fields instead of embedding credentials in clone URLs
• Set auth_username to "oauth2" for GitHub token authentication
• Pass GitHub token via auth_token field

Changes

• src/lib/gitea.ts:

  • mirrorGithubRepoToGitea(): Use separate auth fields for private repos
  • mirrorGitHubRepoToGiteaOrg(): Use separate auth fields for private repos

• .github/workflows/docker-build.yml:

  • Enable PR image building and pushing to GHCR
  • Tag PR images as pr- for easy testing
  • Add automated PR comment with image details and testing instructions
  • Separate load step for security scanning

Backward Compatibility

✅ Works with Forgejo 12.0+
✅ Works with Forgejo 11.x and earlier
✅ Works with Gitea 1.x

Testing

Public repos: ✅ Working (no auth needed)
Private repos: ✅ Fixed (separate auth fields)

Fixes #102

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/RayLabsHQ/gitea-mirror/pull/105 **Author:** [@arunavo4](https://github.com/arunavo4) **Created:** 9/30/2025 **Status:** ✅ Merged **Merged:** 10/1/2025 **Merged by:** [@arunavo4](https://github.com/arunavo4) **Base:** `main` ← **Head:** `fix/forgejo-12-private-repos` --- ### 📝 Commits (2) - [`34f741b`](https://github.com/RayLabsHQ/gitea-mirror/commit/34f741beeface64920bf8fc4a184c50ed21dbc3b) fix: Forgejo 12 compatibility - use separate auth fields for private repos (#102) - [`096e0c0`](https://github.com/RayLabsHQ/gitea-mirror/commit/096e0c03ac0b1b4b96cd29cfc88e3bcee50a69ef) images now tagged lowercase in comments ### 📊 Changes **2 files changed** (+129 additions, -63 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/docker-build.yml` (+62 -5) 📝 `src/lib/gitea.ts` (+67 -58) </details> ### 📄 Description ## Problem Forgejo 12.0+ rejects migration API calls with credentials embedded in URLs, causing HTTP 422 errors when mirroring private GitHub repositories. ## Root Cause Breaking security change in Forgejo 12.0 (July 2025) enforces credential separation to prevent accidental exposure in logs/errors. Previous versions (Forgejo 11.x, Gitea 1.x) accepted embedded credentials. ## Solution - Use separate `auth_username` and `auth_token` fields instead of embedding credentials in clone URLs - Set `auth_username` to "oauth2" for GitHub token authentication - Pass GitHub token via `auth_token` field ## Changes - src/lib/gitea.ts: - mirrorGithubRepoToGitea(): Use separate auth fields for private repos - mirrorGitHubRepoToGiteaOrg(): Use separate auth fields for private repos - .github/workflows/docker-build.yml: - Enable PR image building and pushing to GHCR - Tag PR images as pr-<number> for easy testing - Add automated PR comment with image details and testing instructions - Separate load step for security scanning ## Backward Compatibility ✅ Works with Forgejo 12.0+ ✅ Works with Forgejo 11.x and earlier ✅ Works with Gitea 1.x ## Testing Public repos: ✅ Working (no auth needed) Private repos: ✅ Fixed (separate auth fields) Fixes #102 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-27 15:55:15 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/mirror-sync-bugs-262-263-264

v3.15.5

v3.15.4

v3.15.3

v3.15.2

v3.15.1

v3.15.0

v3.14.2

v3.14.1

v3.14.0

v3.13.4

v3.13.3

v3.13.2

v3.13.1

v3.13.0

v3.12.5

v3.12.4

v3.12.3

v3.12.2

v3.12.1

v3.12.0

v3.11.0

v3.10.1

v3.10.0

v3.9.6

v3.9.5

v3.9.4

v3.9.3

v3.9.2

v3.9.0

v3.8.11

v3.8.10

v3.8.9

v3.8.8

v3.8.7

v3.8.6

v3.8.5

v3.8.4

v3.8.3

v3.8.2

v3.8.1

v3.8.0

v3-sso

v3.7.2

v3.7.1

v3.7.0

v3.6.0

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.1

v3.1.0

v3.0.1

v3.0.0

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.18.0

v2.17.0

v2.16.3

v2.16.2

v2.16.1

v2.16.0

v2.15.0

v2.14.0

v2.13.2

v2.13.1

v2.13.0

v2.12.0

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.1.0

v2.0.0

v1.0.0

Labels

Clear labels   

bug

  

documentation

  

enhancement

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

bug

documentation

enhancement

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/gitea-mirror#131

No description provided.