starred/gitea-mirror
1
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-04-25 07:15:57 +03:00
Code Issues 11 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #171] Mirroring fails but reports success #86

New issue
Closed
opened 2026-02-27 15:55:02 +03:00 by kerem · 5 comments
kerem commented 2026-02-27 15:55:02 +03:00
Owner
Copy link

Originally created by @tylerobara on GitHub (Jan 26, 2026).
Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/171

I set this up last week and it successfully brought in all of my Github repos. For 3 days, and on each manual sync, Gitea Mirror reports it successfully synced but there are errors in Forgejo logs

2026/01/26 20:28:45 ...irror/mirror_pull.go:338:runSync() [E] SyncMirrors [repo: <Repository 20:tylerobara/example>]: failed to update mirror repository:
 Stderr: fatal: could not read Password for 'https://sanitized-credential@github.com': terminal prompts disabled                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Err: exit status 128                                                                                                                                                                                                                                                                                                                                                                                                   2026/01/26 20:28:46 ...c/net/http/server.go:2322:ServeHTTP() [I] PING DATABASE postgresschema                                                                                                                                                                                                                                                                                                                          2026/01/26 20:28:46 .

Note the log line https://sanitized-credential@github.com was not sanitized by me. Exactly how it appears. If I Test credentials for Github and Forgejo, both report successful.

Originally created by @tylerobara on GitHub (Jan 26, 2026). Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/171 I set this up last week and it successfully brought in all of my Github repos. For 3 days, and on each manual sync, Gitea Mirror reports it successfully synced but there are errors in Forgejo logs ``` 2026/01/26 20:28:45 ...irror/mirror_pull.go:338:runSync() [E] SyncMirrors [repo: <Repository 20:tylerobara/example>]: failed to update mirror repository: Stderr: fatal: could not read Password for 'https://sanitized-credential@github.com': terminal prompts disabled Err: exit status 128 2026/01/26 20:28:46 ...c/net/http/server.go:2322:ServeHTTP() [I] PING DATABASE postgresschema 2026/01/26 20:28:46 . ``` Note the log line `https://sanitized-credential@github.com` was not sanitized by me. Exactly how it appears. If I Test credentials for Github and Forgejo, both report successful.
kerem closed this issue 2026-02-27 15:55:03 +03:00
kerem commented 2026-02-27 15:55:03 +03:00
Author
Owner
Copy link

@arunavo4 commented on GitHub (Jan 27, 2026):

@tylerobara need to take a look at this. can you clean up your docker compse and post of you have any unique setup?

<!-- gh-comment-id:3803461815 --> @arunavo4 commented on GitHub (Jan 27, 2026): @tylerobara need to take a look at this. can you clean up your docker compse and post of you have any unique setup?
kerem commented 2026-02-27 15:55:03 +03:00
Author
Owner
Copy link

@tylerobara commented on GitHub (Jan 27, 2026):

@tylerobara need to take a look at this. can you clean up your docker compse and post of you have any unique setup?

I am deploying with this helm chart and these values:

gitea-mirror:
  defaultPodOptions:
    securityContext:
      fsGroup: 1001

  controllers:
    gitea-mirror:
      strategy: Recreate
      containers:
        main:
          image:
            repository: ghcr.io/raylabshq/gitea-mirror
            tag: '2496d6f'
            pullPolicy: IfNotPresent
          env:
            BETTER_AUTH_URL: "https://forgejo-mirror.example.com"
            ENCRYPTION_SECRET:
              valueFrom:
                secretKeyRef:
                  name: gitea-mirror-secrets
                  key: ENCRYPTION_SECRET
            BETTER_AUTH_SECRET:
              valueFrom:
                secretKeyRef:
                  name: gitea-mirror-secrets
                  key: BETTER_AUTH_SECRET
  service:
    gitea-mirror:
      controller: gitea-mirror
      ports:
        http:
          port: 4321

  ingress:
    gitea-mirror:
      annotations: 
        kubernetes.io/ingress.class: traefik
        gethomepage.dev/href: "https://forgejo-mirror.example.com"
        gethomepage.dev/enabled: "true"
        gethomepage.dev/name: "Forgejo Mirror"
        gethomepage.dev/description: "Code Sharing"
        gethomepage.dev/group: "Development"
        gethomepage.dev/icon: "sh-gitea-mirror.png"
        traefik.ingress.kubernetes.io/router.middlewares: traefik-traefik-oidc-auth@kubernetescrd
      className: "traefik"
      hosts:
        - host: forgejo-mirror.example.com
          paths:
            - path: /
              pathType: Prefix
              service:
                identifier: gitea-mirror
                port: http

  persistence:
    data:
      type: persistentVolumeClaim
      accessMode: ReadWriteOnce
      size: 300Mi
      globalMounts:
        - path: /app/data

externalSecrets:
  secretStoreRef:
    name: cluster-secret-store
    kind: ClusterSecretStore
  target:
    name: gitea-mirror-secrets
  data:
  - secretKey: ENCRYPTION_SECRET
    remoteRef:
      key: development/gitea-mirror
      property: ENCRYPTION_SECRET
  - secretKey: BETTER_AUTH_SECRET
    remoteRef:
      key: development/gitea-mirror
      property: BETTER_AUTH_SECRET
<!-- gh-comment-id:3805031871 --> @tylerobara commented on GitHub (Jan 27, 2026): > [@tylerobara](https://github.com/tylerobara) need to take a look at this. can you clean up your docker compse and post of you have any unique setup? I am deploying with [this](https://bjw-s-labs.github.io/helm-charts/docs/app-template/) helm chart and these values: ```yaml gitea-mirror: defaultPodOptions: securityContext: fsGroup: 1001 controllers: gitea-mirror: strategy: Recreate containers: main: image: repository: ghcr.io/raylabshq/gitea-mirror tag: '2496d6f' pullPolicy: IfNotPresent env: BETTER_AUTH_URL: "https://forgejo-mirror.example.com" ENCRYPTION_SECRET: valueFrom: secretKeyRef: name: gitea-mirror-secrets key: ENCRYPTION_SECRET BETTER_AUTH_SECRET: valueFrom: secretKeyRef: name: gitea-mirror-secrets key: BETTER_AUTH_SECRET service: gitea-mirror: controller: gitea-mirror ports: http: port: 4321 ingress: gitea-mirror: annotations: kubernetes.io/ingress.class: traefik gethomepage.dev/href: "https://forgejo-mirror.example.com" gethomepage.dev/enabled: "true" gethomepage.dev/name: "Forgejo Mirror" gethomepage.dev/description: "Code Sharing" gethomepage.dev/group: "Development" gethomepage.dev/icon: "sh-gitea-mirror.png" traefik.ingress.kubernetes.io/router.middlewares: traefik-traefik-oidc-auth@kubernetescrd className: "traefik" hosts: - host: forgejo-mirror.example.com paths: - path: / pathType: Prefix service: identifier: gitea-mirror port: http persistence: data: type: persistentVolumeClaim accessMode: ReadWriteOnce size: 300Mi globalMounts: - path: /app/data externalSecrets: secretStoreRef: name: cluster-secret-store kind: ClusterSecretStore target: name: gitea-mirror-secrets data: - secretKey: ENCRYPTION_SECRET remoteRef: key: development/gitea-mirror property: ENCRYPTION_SECRET - secretKey: BETTER_AUTH_SECRET remoteRef: key: development/gitea-mirror property: BETTER_AUTH_SECRET ```
kerem commented 2026-02-27 15:55:03 +03:00
Author
Owner
Copy link

@tylerobara commented on GitHub (Jan 29, 2026):

Update: I put a fake Github token and hit test, then put my valid token back in and hit test again. It says connected successsfully but I get the same error on sync in the Forgejo logs. But.... if I update the password field in a repo > settings > mirror settings > authorization > password with the same token, the mirror syncs no problem.

<!-- gh-comment-id:3820052206 --> @tylerobara commented on GitHub (Jan 29, 2026): Update: I put a fake Github token and hit test, then put my valid token back in and hit test again. It says connected successsfully but I get the same error on sync in the Forgejo logs. But.... if I update the password field in a repo > settings > mirror settings > authorization > password with the same token, the mirror syncs no problem.
kerem commented 2026-02-27 15:55:03 +03:00
Author
Owner
Copy link

@arunavo4 commented on GitHub (Feb 24, 2026):

Good catch, and thanks for the detailed report.

I dug into this and the behavior lines up with how Gitea/Forgejo handles pull mirrors:

  1. The mirror-sync API call only queues a sync request and returns 200.
  2. The actual pull happens later in Forgejo/Gitea, so it can still fail in server logs after that.
  3. For existing mirrors, changing the GitHub token in Gitea Mirror does not always update the saved mirror credentials on the Forgejo side.

I opened #181 to improve this from our side:

  • we now show "Sync requested" instead of implying the sync fully succeeded
  • added README troubleshooting for token rotation on existing mirror repos

For repos already affected right now, the immediate fix is still:

  • update token in Forgejo repo Settings -> Mirror Settings, or
  • delete and re-mirror from Gitea Mirror so it is recreated with current credentials.
<!-- gh-comment-id:3948932057 --> @arunavo4 commented on GitHub (Feb 24, 2026): Good catch, and thanks for the detailed report. I dug into this and the behavior lines up with how Gitea/Forgejo handles pull mirrors: 1) The mirror-sync API call only queues a sync request and returns 200. 2) The actual pull happens later in Forgejo/Gitea, so it can still fail in server logs after that. 3) For existing mirrors, changing the GitHub token in Gitea Mirror does not always update the saved mirror credentials on the Forgejo side. I opened #181 to improve this from our side: - we now show "Sync requested" instead of implying the sync fully succeeded - added README troubleshooting for token rotation on existing mirror repos For repos already affected right now, the immediate fix is still: - update token in Forgejo repo Settings -> Mirror Settings, or - delete and re-mirror from Gitea Mirror so it is recreated with current credentials.
kerem commented 2026-02-27 15:55:03 +03:00
Author
Owner
Copy link

@arunavo4 commented on GitHub (Feb 24, 2026):

Resolved by #181: sync status wording is now accurate for async mirror pulls, and README now documents token-rotation behavior/workarounds for existing mirrors.

<!-- gh-comment-id:3948964397 --> @arunavo4 commented on GitHub (Feb 24, 2026): Resolved by #181: sync status wording is now accurate for async mirror pulls, and README now documents token-rotation behavior/workarounds for existing mirrors.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/mirror-sync-bugs-262-263-264
v3.15.5
v3.15.4
v3.15.3
v3.15.2
v3.15.1
v3.15.0
v3.14.2
v3.14.1
v3.14.0
v3.13.4
v3.13.3
v3.13.2
v3.13.1
v3.13.0
v3.12.5
v3.12.4
v3.12.3
v3.12.2
v3.12.1
v3.12.0
v3.11.0
v3.10.1
v3.10.0
v3.9.6
v3.9.5
v3.9.4
v3.9.3
v3.9.2
v3.9.0
v3.8.11
v3.8.10
v3.8.9
v3.8.8
v3.8.7
v3.8.6
v3.8.5
v3.8.4
v3.8.3
v3.8.2
v3.8.1
v3.8.0
v3-sso
v3.7.2
v3.7.1
v3.7.0
v3.6.0
v3.5.4
v3.5.3
v3.5.2
v3.5.1
v3.5.0
v3.4.0
v3.3.0
v3.2.6
v3.2.5
v3.2.4
v3.2.3
v3.2.2
v3.2.1
v3.2.0
v3.1.1
v3.1.0
v3.0.1
v3.0.0
v2.22.0
v2.21.0
v2.20.1
v2.20.0
v2.18.0
v2.17.0
v2.16.3
v2.16.2
v2.16.1
v2.16.0
v2.15.0
v2.14.0
v2.13.2
v2.13.1
v2.13.0
v2.12.0
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.0
v2.7.0
v2.6.0
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.1.0
v2.0.0
v1.0.0
Labels
Clear labels   
bug

   
documentation

   
enhancement

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
documentation
enhancement
help wanted
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/gitea-mirror#86
No description provided.