[ci skip] Fix Woodpecker GitHub forge: add explicit GITHUB_URL to prevent Forgejo URL bleed

When both WOODPECKER_GITHUB and WOODPECKER_FORGEJO are enabled without an explicit WOODPECKER_GITHUB_URL, the GitHub forge inherits the Forgejo URL causing all GitHub API calls to hit forgejo.viktorbarzin.me with GitHub OAuth credentials, resulting in 401 Unauthorized on repo add and cron jobs. Also adds Forgejo forge variables to Terraform.
2026-02-24 23:02:33 +00:00 · 2026-02-24 23:02:33 +00:00 · dcb465a7e5
commit dcb465a7e5
parent e7e4faa57a
2 changed files with 16 additions and 5 deletions
--- a/stacks/woodpecker/main.tf
+++ b/stacks/woodpecker/main.tf
@ -6,6 +6,9 @@ variable "woodpecker_db_password" { type = string }
 variable "dbaas_postgresql_root_password" { type = string }
 variable "nfs_server" { type = string }
 variable "postgresql_host" { type = string }
+variable "woodpecker_forgejo_client_id" { type = string }
+variable "woodpecker_forgejo_client_secret" { type = string }
+variable "woodpecker_forgejo_url" { type = string }


 resource "kubernetes_namespace" "woodpecker" {
@ -122,11 +125,14 @@ resource "helm_release" "woodpecker" {

  values = [
    templatefile("${path.module}/values.yaml", {
-      github_client_id     = var.woodpecker_github_client_id
-      github_client_secret = var.woodpecker_github_client_secret
-      agent_secret         = var.woodpecker_agent_secret
-      db_password          = var.woodpecker_db_password
-      postgresql_host      = var.postgresql_host
+      github_client_id      = var.woodpecker_github_client_id
+      github_client_secret  = var.woodpecker_github_client_secret
+      agent_secret          = var.woodpecker_agent_secret
+      db_password           = var.woodpecker_db_password
+      postgresql_host       = var.postgresql_host
+      forgejo_client_id     = var.woodpecker_forgejo_client_id
+      forgejo_client_secret = var.woodpecker_forgejo_client_secret
+      forgejo_url           = var.woodpecker_forgejo_url
    })
  ]

--- a/stacks/woodpecker/values.yaml
+++ b/stacks/woodpecker/values.yaml
@ -11,6 +11,7 @@ server:
    WOODPECKER_ADMIN: "ViktorBarzin"
    WOODPECKER_OPEN: "false"
    WOODPECKER_GITHUB: "true"
+    WOODPECKER_GITHUB_URL: "https://github.com"
    WOODPECKER_GITHUB_CLIENT: "${github_client_id}"
    WOODPECKER_GITHUB_SECRET: "${github_client_secret}"
    WOODPECKER_AGENT_SECRET: "${agent_secret}"
@ -19,6 +20,10 @@ server:
    WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx,plugins/docker"
    WOODPECKER_PLUGINS_TRUSTED_CLONE: "woodpeckerci/plugin-git,alpine"
    WOODPECKER_LOG_LEVEL: "info"
+    WOODPECKER_FORGEJO: "true"
+    WOODPECKER_FORGEJO_CLIENT: "${forgejo_client_id}"
+    WOODPECKER_FORGEJO_SECRET: "${forgejo_client_secret}"
+    WOODPECKER_FORGEJO_URL: "${forgejo_url}"
  service:
    type: ClusterIP
    port: 80