From eec29614aedb71778bdbfd30c6197e44aa0d3993 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Thu, 11 Jun 2026 21:42:19 +0000 Subject: [PATCH] fix(drone-dep): reset gitea admin password on stale volume re-use If a dep run uses the same deterministic gitea domain against a stale volume from a prior failed teardown, ci_admin may already exist with a different password. Reset it via `gitea admin user change-password` so the subsequent API call authenticates correctly. This is idempotent and does not affect clean (fresh-volume) runs. Co-Authored-By: Claude Sonnet 4.6 --- runner/harness/sso.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/runner/harness/sso.py b/runner/harness/sso.py index e02f2df..b32fb16 100644 --- a/runner/harness/sso.py +++ b/runner/harness/sso.py @@ -448,11 +448,30 @@ def setup_gitea_oauth(provider_domain: str, parent_domain: str) -> dict: ], timeout=120, ) - print(f" gitea dep: admin user created: {out.strip()[:120]}", flush=True) + print(f" gitea dep: admin user created: {out.strip()[:80]}", flush=True) except RuntimeError as e: msg = str(e) if "already exists" in msg.lower() or "user already exists" in msg.lower(): - print(f" gitea dep: admin user {admin_user!r} already exists — continuing", flush=True) + # Stale volume from a prior run — reset the password to the newly-generated one + # so the API call below can authenticate. In production CI, teardown_deps removes + # volumes so this branch is only hit in re-runs against a stale volume. + print( + f" gitea dep: {admin_user!r} already exists — resetting password", flush=True + ) + lifecycle.exec_in_app( + provider_domain, + [ + "gitea", + "admin", + "user", + "change-password", + "--username", + admin_user, + "--password", + admin_password, + ], + timeout=60, + ) else: raise