About organizations and secrets

[GLozada99]

I see in the documentation that there are 3 levels of secrets:

• Repo
• Organization
• Server

I have added secrets at the repo level, but now I want to move them to the organization level. I figured since currently my woodpecker server is configured with Oauth from Github using a Github organization, it'll be added by default.

But when I checked in settings I got this:

So, there are no organizations and when I go into the API I get these endpoints:

I see no way of adding an organization...

What I find even weirder is that if I go to settings and check the console, I get the response from the users request and both users have an org_id:

But if I try making calls to those organizations on the swagger api I get:

So the name is the same as the user for that name and we have a "is_user" flag set to true, so what I get from that is if you log in with Github and the user is a Github user, it will create an organization with the same name.

But I noticed that I have orgs with ids 1 and 3, so there should be a 2. I tried the request and got this:

This one has the same name as the organization which the two users belong to. It also includes a forge_id... But I guess the issue is that "is_user" is set to true when it should be false. I guess I did something wrong when adding everything, how do I fix things so that this last org gets the "is_user" set to false?

[qwerty287]

The organisations are created if you enable a repo owned by that org.

[qwerty287]

I see. So the problem is that the org has is_user = true but it should be false as it's not a user.

Looks like it was created wrong. You should be able to fix it manually by changing this DB entry...

Can you reproduce this with a fresh org?

[GLozada99]

Just tried it again and got the same. What I did was I deleted the database, logged in and enabled the same repository (which comes from my Github organization). That resulted in the same, it is still flagged as is_user = true.

It also shows up like this on the db. After setting it to False it fixed things, but I do wonder why it is setting it like that by default.

[qwerty287]

OK interesting. I'll try to check it out as soon as possible, maybe you can check if there's anything suspicious in the logs?

[zc-devs]

server/api/repo.go:131
server/api/repo.go:140

GitHub checks/returns repo owner (user) first (server/forge/github/github.go:394).
Gitea checks organizations first (server/forge/gitea/gitea.go:554).

[qwerty287]

Thanks @zc-devs, fixed in #4723