offinfra-onboard: normalize Woodpecker repo to untrusted [ci skip]
Trusted repos get netrc injected into every step container; the non-root bitnami/kubectl deploy step dies with '//.netrc: Permission denied' (hit live on f1-stream's reactivated old-era repo 10, which carried trusted=true; tripit 167 is untrusted and works). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
beac1b57a3
commit
6f41de71fa
1 changed files with 10 additions and 0 deletions
|
|
@ -132,6 +132,16 @@ else
|
|||
log "Woodpecker repo id = $WP_REPO_ID"
|
||||
fi
|
||||
|
||||
# Normalize repo settings: TRUSTED repos get netrc injected into EVERY step
|
||||
# container; bitnami/kubectl (non-root, HOME=/) then dies with
|
||||
# "//.netrc: Permission denied" (hit live on f1-stream repo 10, an old-era
|
||||
# registration that carried trusted=true; tripit 167 is untrusted and works).
|
||||
if [ "$DRY_RUN" = 0 ]; then
|
||||
run WP -X PATCH "$WP_API/repos/$WP_REPO_ID" \
|
||||
-d '{"trusted":{"network":false,"volumes":false,"security":false}}' >/dev/null \
|
||||
&& log "Woodpecker repo settings normalized (untrusted)"
|
||||
fi
|
||||
|
||||
# --- 5) Render workflow + deploy files into the clone ---
|
||||
DEPLOY_CMDS=""
|
||||
for d in "${DEPLOYS[@]}"; do
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue