warn about server side hooks

This commit is contained in:
Tobias Trabelsi 2022-08-30 21:02:06 +02:00
parent 3f67ba1895
commit e7ad54b0a4
No known key found for this signature in database
GPG key ID: FF0C2839718CAF2E
7 changed files with 49 additions and 3 deletions

View file

@ -4,11 +4,19 @@ page_title: "gitea_git_hook Resource - terraform-provider-gitea"
subcategory: "" subcategory: ""
description: |- description: |-
gitea_git_hook manages git hooks on a repository. gitea_git_hook manages git hooks on a repository.
import is currently not supported
WARNING: using this resource requires to enable server side hookswhich are known to cause security issues https://github.com/go-gitea/gitea/pull/13058!
if you want to procede, you need to enable server side hooks as stated here https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
--- ---
# gitea_git_hook (Resource) # gitea_git_hook (Resource)
`gitea_git_hook` manages git hooks on a repository. `gitea_git_hook` manages git hooks on a repository.
import is currently not supported
WARNING: using this resource requires to enable server side hookswhich are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!
if you want to procede, you need to enable server side hooks as stated [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)
## Example Usage ## Example Usage
@ -22,7 +30,7 @@ resource "gitea_repository" "org_repo" {
name = "org-test-repo" name = "org-test-repo"
} }
resource "gitea_git_hook" "org_repo_post-receive" { resource "gitea_git_hook" "org_repo_post_receive" {
name = "post-receive" name = "post-receive"
user = gitea_org.test_org.name user = gitea_org.test_org.name
repo = gitea_repository.org_repo.name repo = gitea_repository.org_repo.name

View file

@ -56,3 +56,18 @@ resource "gitea_team" "test_team" {
permission = "write" permission = "write"
members = [gitea_user.test.username] members = [gitea_user.test.username]
} }
resource "gitea_team" "admin_team" {
name = "Admins"
organisation = gitea_org.test_org.name
description = "Admins of Test Org"
permission = "admin"
members = [data.gitea_user.me.username]
}
resource "gitea_git_hook" "org_repo_pre_receive" {
name = "pre-receive"
user = gitea_org.test_org.name
repo = gitea_repository.org_repo.name
content = file("${path.module}/pre-receive.sh")
}

9
examples/pre-receive.sh Normal file
View file

@ -0,0 +1,9 @@
#!/bin/bash
while read oldrev newrev refname
do
branch=$(git rev-parse --symbolic --abbrev-ref $refname)
if [ "master" = "$branch" ]; then
echo "wrong branch"
exit 1
fi
done

View file

@ -0,0 +1,8 @@
#!/bin/bash
while read oldrev newrev refname
do
branch=$(git rev-parse --symbolic --abbrev-ref $refname)
if [ "master" = "$branch" ]; then
# Do something
fi
done

View file

@ -7,7 +7,7 @@ resource "gitea_repository" "org_repo" {
name = "org-test-repo" name = "org-test-repo"
} }
resource "gitea_git_hook" "org_repo_post-receive" { resource "gitea_git_hook" "org_repo_post_receive" {
name = "post-receive" name = "post-receive"
user = gitea_org.test_org.name user = gitea_org.test_org.name
repo = gitea_repository.org_repo.name repo = gitea_repository.org_repo.name

View file

@ -110,6 +110,11 @@ func resourceGiteaGitHook() *schema.Resource {
Description: "Content of the git hook", Description: "Content of the git hook",
}, },
}, },
Description: "`gitea_git_hook` manages git hooks on a repository.", Description: "`gitea_git_hook` manages git hooks on a repository.\n" +
"import is currently not supported\n\n" +
"WARNING: using this resource requires to enable server side hooks" +
"which are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!\n\n" +
"if you want to procede, you need to enable server side hooks as stated" +
" [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)",
} }
} }

View file

@ -11,6 +11,7 @@ services:
environment: environment:
- USER_UID=1000 - USER_UID=1000
- USER_GID=1000 - USER_GID=1000
- DISABLE_GIT_HOOKS=false
restart: always restart: always
networks: networks:
- gitea - gitea