I’m seeing werid behaviour when using Drone together with Gitea that I cannot explain. To give an overview, the setup looks like this:
I have a Drone server, integrated with Gitea. In one of the Gitea repositories, there is a script that is executed in a pipeline in Drone. The script does the following:
- Git-pulls the repository itself
- Creates some commits and pushes them
- Opens a pull request inside the Gitea instance. Authentication against GitLab is done using a pre-configured token (using the
Now I saw some peculiar behaviour for the pull request step: When running the script locally (not inside drone), the author of the merge request is the user that owns the API token. This is the desired (and expected!) behaviour.
When running the exact same script inside a Drone pipeline, the author of the pull request is different. There is only one other user in the Gitea instance, and this is the one that is used for the Gitea integration inside Drone (i.e. the one that owns the API client used for integration between Gitea and Drone).
Inside the script, I’m using python’s
request module, doing a
POST to the Gitea API setting an
Authorization HTTP header. Straightforward, nothing fancy.
My question is: Has someone an idea why I see this behaviour? I’m at a loss here, I’d appreciate any hints. As far as I understood the code, the pull request author is implicitly set as the API user that’s used for the API request. As I said, I’m using the
Authentication HTTP header. Is there any other kind of authentication that might override this?
Disclaimer: I raised the same topic also in the Drone Discourse as I’m not really sure whether Gitea or Drone introduces this behaviour.
EDIT with a bit more debugging information:
So, I dived a bit deeper. In the end, the only difference between pull requests with the correct and incorrect author is the
poster_id column in the
issue table. As far as I can tell from the code, it’s set here. I’m cannot tell what this
Context variable actually is, I’m not sure how exactly Gitea handles HTTP requests and cannot really tell from the code.
Can someone help here? How exactly is
ctx.User.ID set, specifically for REST API requests?