From e7ad54b0a436e7463fb0d8d57b6aa0b7f16a6012 Mon Sep 17 00:00:00 2001
From: Tobias Trabelsi <lerentis@uploadfilter24.eu>
Date: Tue, 30 Aug 2022 21:02:06 +0200
Subject: [PATCH] warn about server side hooks

---
 docs/resources/git_hook.md                        | 10 +++++++++-
 examples/main.tf                                  | 15 +++++++++++++++
 examples/pre-receive.sh                           |  9 +++++++++
 examples/resources/gitea_git_hook/post-receive.sh |  8 ++++++++
 examples/resources/gitea_git_hook/resource.tf     |  2 +-
 gitea/resource_gitea_git_hook.go                  |  7 ++++++-
 scripts/docker-compose.yaml                       |  1 +
 7 files changed, 49 insertions(+), 3 deletions(-)
 create mode 100644 examples/pre-receive.sh
 create mode 100644 examples/resources/gitea_git_hook/post-receive.sh

diff --git a/docs/resources/git_hook.md b/docs/resources/git_hook.md
index a987155..ba12e1e 100644
--- a/docs/resources/git_hook.md
+++ b/docs/resources/git_hook.md
@@ -4,11 +4,19 @@ page_title: "gitea_git_hook Resource - terraform-provider-gitea"
 subcategory: ""
 description: |-
   gitea_git_hook manages git hooks on a repository.
+  import is currently not supported
+  WARNING: using this resource requires to enable server side hookswhich are known to cause security issues https://github.com/go-gitea/gitea/pull/13058!
+  if you want to procede, you need to enable server side hooks as stated here https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
 ---
 
 # gitea_git_hook (Resource)
 
 `gitea_git_hook` manages git hooks on a repository.
+import is currently not supported
+
+WARNING: using this resource requires to enable server side hookswhich are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!
+
+if you want to procede, you need to enable server side hooks as stated [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)
 
 ## Example Usage
 
@@ -22,7 +30,7 @@ resource "gitea_repository" "org_repo" {
   name     = "org-test-repo"
 }
 
-resource "gitea_git_hook" "org_repo_post-receive" {
+resource "gitea_git_hook" "org_repo_post_receive" {
   name    = "post-receive"
   user    = gitea_org.test_org.name
   repo    = gitea_repository.org_repo.name
diff --git a/examples/main.tf b/examples/main.tf
index 05dd821..bf41f7e 100644
--- a/examples/main.tf
+++ b/examples/main.tf
@@ -56,3 +56,18 @@ resource "gitea_team" "test_team" {
   permission   = "write"
   members      = [gitea_user.test.username]
 }
+
+resource "gitea_team" "admin_team" {
+  name         = "Admins"
+  organisation = gitea_org.test_org.name
+  description  = "Admins of Test Org"
+  permission   = "admin"
+  members      = [data.gitea_user.me.username]
+}
+
+resource "gitea_git_hook" "org_repo_pre_receive" {
+  name    = "pre-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/pre-receive.sh")
+}
diff --git a/examples/pre-receive.sh b/examples/pre-receive.sh
new file mode 100644
index 0000000..a0638ed
--- /dev/null
+++ b/examples/pre-receive.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        echo "wrong branch"
+        exit 1
+    fi
+done
\ No newline at end of file
diff --git a/examples/resources/gitea_git_hook/post-receive.sh b/examples/resources/gitea_git_hook/post-receive.sh
new file mode 100644
index 0000000..be7b0bb
--- /dev/null
+++ b/examples/resources/gitea_git_hook/post-receive.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        # Do something
+    fi
+done
\ No newline at end of file
diff --git a/examples/resources/gitea_git_hook/resource.tf b/examples/resources/gitea_git_hook/resource.tf
index a11ee11..8773dda 100644
--- a/examples/resources/gitea_git_hook/resource.tf
+++ b/examples/resources/gitea_git_hook/resource.tf
@@ -7,7 +7,7 @@ resource "gitea_repository" "org_repo" {
   name     = "org-test-repo"
 }
 
-resource "gitea_git_hook" "org_repo_post-receive" {
+resource "gitea_git_hook" "org_repo_post_receive" {
   name    = "post-receive"
   user    = gitea_org.test_org.name
   repo    = gitea_repository.org_repo.name
diff --git a/gitea/resource_gitea_git_hook.go b/gitea/resource_gitea_git_hook.go
index 186482d..8b7e8c1 100644
--- a/gitea/resource_gitea_git_hook.go
+++ b/gitea/resource_gitea_git_hook.go
@@ -110,6 +110,11 @@ func resourceGiteaGitHook() *schema.Resource {
 				Description: "Content of the git hook",
 			},
 		},
-		Description: "`gitea_git_hook` manages git hooks on a repository.",
+		Description: "`gitea_git_hook` manages git hooks on a repository.\n" +
+			"import is currently not supported\n\n" +
+			"WARNING: using this resource requires to enable server side hooks" +
+			"which are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!\n\n" +
+			"if you want to procede, you need to enable server side hooks as stated" +
+			" [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)",
 	}
 }
diff --git a/scripts/docker-compose.yaml b/scripts/docker-compose.yaml
index c128cd3..453bc52 100644
--- a/scripts/docker-compose.yaml
+++ b/scripts/docker-compose.yaml
@@ -11,6 +11,7 @@ services:
     environment:
       - USER_UID=1000
       - USER_GID=1000
+      - DISABLE_GIT_HOOKS=false
     restart: always
     networks:
       - gitea