fix(drone-dep): reset gitea admin password on stale volume re-use

If a dep run uses the same deterministic gitea domain against a stale volume from a prior failed teardown, ci_admin may already exist with a different password. Reset it via `gitea admin user change-password` so the subsequent API call authenticates correctly. This is idempotent and does not affect clean (fresh-volume) runs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-11 21:42:19 +00:00
parent 1adfbd70cb
commit eec29614ae
1 changed files with 21 additions and 2 deletions
--- a/runner/harness/sso.py
+++ b/runner/harness/sso.py
@ -448,11 +448,30 @@ def setup_gitea_oauth(provider_domain: str, parent_domain: str) -> dict:
            ],
            timeout=120,
        )
-        print(f"  gitea dep: admin user created: {out.strip()[:120]}", flush=True)
+        print(f"  gitea dep: admin user created: {out.strip()[:80]}", flush=True)
    except RuntimeError as e:
        msg = str(e)
        if "already exists" in msg.lower() or "user already exists" in msg.lower():
-            print(f"  gitea dep: admin user {admin_user!r} already exists — continuing", flush=True)
+            # Stale volume from a prior run — reset the password to the newly-generated one
+            # so the API call below can authenticate. In production CI, teardown_deps removes
+            # volumes so this branch is only hit in re-runs against a stale volume.
+            print(
+                f"  gitea dep: {admin_user!r} already exists — resetting password", flush=True
+            )
+            lifecycle.exec_in_app(
+                provider_domain,
+                [
+                    "gitea",
+                    "admin",
+                    "user",
+                    "change-password",
+                    "--username",
+                    admin_user,
+                    "--password",
+                    admin_password,
+                ],
+                timeout=60,
+            )
        else:
            raise