fix: add write:repository scope to Gitea OAuth for webhook creation#4413
Open
lamualfa wants to merge 3 commits into
Open
fix: add write:repository scope to Gitea OAuth for webhook creation#4413lamualfa wants to merge 3 commits into
lamualfa wants to merge 3 commits into
Conversation
The Gitea OAuth scopes across the codebase only requested read permissions. On Gitea, the `repo` scope maps to `read:repository` only (unlike GitHub where `repo` grants full read/write). Creating webhooks via the Gitea API requires `write:repository`, so Dokploy was silently unable to create webhooks in Gitea repos, causing auto-deploy to never trigger. Closes Dokploy#4412
dosubot
Bot
added
the
size:XS
Add createGiteaWebhook utility that creates push webhooks in Gitea repositories when a Gitea-linked application or compose is saved. Checks for existing hooks to avoid duplicates. Uses correct endpoint path based on resource type (application vs compose). Called from: - saveGiteaProvider (application router) - update handler (compose router, when sourceType is "gitea") Errors are caught and logged to avoid blocking the save operation.
dosubot
Bot
added
size:L
apiUpdateCompose is a partial schema, so giteaOwner and giteaRepository may be undefined when sourceType is "gitea". Add explicit truthy checks instead of falling back to empty strings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
write:repositoryto Gitea OAuth scopes in all three configuration locationscreateGiteaWebhookutility to automatically create push webhooks in Gitea reposProblem
The Gitea OAuth scopes across the codebase only requested read permissions. On GitHub, the
reposcope grants full read/write access to repositories. On Gitea,repomaps toread:repositoryonly. Creating webhooks viaPOST /api/v1/repos/{owner}/{repo}/hooksrequires thewrite:repositoryscope.Additionally, Dokploy never automatically creates webhooks in Gitea repositories (unlike the GitHub integration which uses GitHub Apps). Users had to manually configure webhooks in the Gitea UI pointing to Dokploy's deploy endpoint.
Changes
Scope fix (prerequisite)
apps/dokploy/pages/api/providers/gitea/authorize.tswrite:repositoryto OAuth authorize scopeapps/dokploy/utils/gitea-utils.tswrite:repositoryto client-side OAuth scopepackages/server/src/db/schema/gitea.tswrite:repositoryto default scopesAuto webhook creation (new feature)
packages/server/src/utils/providers/gitea.tscreateGiteaWebhook()utility functionapps/dokploy/server/api/routers/application.tssaveGiteaProviderhandlerapps/dokploy/server/api/routers/compose.tsupdatehandler when sourceType is "gitea"Implementation details
The
createGiteaWebhookfunction:giteaInternalUrlwhen available for Docker co-hosted setupsx-forwarded-proto+host)/api/deploy/{refreshToken}/api/deploy/compose/{refreshToken}Test plan
/api/deploy/compose/{token}path/api/deploy/{token}pathwrite:repositoryscope)Closes #4412