Problem
When cloning a repository from a self-hosted Gitea instance whose hostname doesn't contain the label "gitea", GITEA_TOKEN is silently ignored and the clone fails with:
fatal: could not read Username for 'https://git.example.com': No such device or address
Root Cause
resolveForgeAuth() in packages/core/src/handlers/clone.ts uses two strategies to match a clone URL to a token:
- Exact hostname match against
FORGE_AUTH (e.g. gitea.com → GITEA_TOKEN)
- Label match against
SELF_HOSTED_FORGE — checks if any hostname label contains "gitea", "gitlab", or "forgejo"
For a URL like https://git.example.com/group/app.git, the hostname labels are ["git", "example", "com"]. None match, so the function returns { token: undefined, scheme: '' }.
GITEA_URL is set in .env but is never read by resolveForgeAuth() — it's only used by the Gitea webhook adapter in server/src/index.ts.
Steps to Reproduce
- Set
GITEA_URL=https://git.example.com and GITEA_TOKEN=your_token in .env
- Hostname does NOT contain "gitea" (e.g.
git.example.com, code.example.com, scm.example.com)
- Try to register a codebase via the API with a repo from that same host
- Clone fails — no auth token is injected into the URL
Expected Behavior
GITEA_TOKEN should be used when the clone URL's hostname matches the configured GITEA_URL hostname, even if the hostname doesn't contain "gitea" as a label.
Proposed Fix
Add a fallback in resolveForgeAuth() after the SELF_HOSTED_FORGE loop that compares the clone URL hostname against GITEA_URL:
// 3. Fallback: if GITEA_URL is set and the clone hostname matches it,
// use GITEA_TOKEN. This handles self-hosted instances where the
// hostname doesn't contain "gitea" as a label (e.g. git.example.com).
const giteaUrl = process.env.GITEA_URL;
if (giteaUrl) {
const giteaHostname = safeParseUrl(giteaUrl)?.hostname;
if (giteaHostname && hostname === giteaHostname) {
const token = process.env.GITEA_TOKEN;
if (token) {
return { token, scheme: '' };
}
}
}This is safe because it only matches when the clone URL hostname is identical to the configured GITEA_URL hostname — no risk of leaking GITEA_TOKEN to GitHub or other forges.
Files to Change
packages/core/src/handlers/clone.ts — add fallback in resolveForgeAuth()packages/core/src/handlers/clone.test.ts — add test case for non-standard Gitea hostname that matches GITEA_URL
Environment
- Docker deployment (
docker-compose.yml with env_file: .env)
GITEA_TOKEN confirmed present in container env (dotenv log shows 21 keys loaded)GITEA_URL=https://git.example.com (hostname labels: ["git", "example", "com"])
Problem
When cloning a repository from a self-hosted Gitea instance whose hostname doesn't contain the label "gitea",
GITEA_TOKENis silently ignored and the clone fails with:Root Cause
resolveForgeAuth()inpackages/core/src/handlers/clone.tsuses two strategies to match a clone URL to a token:FORGE_AUTH(e.g.gitea.com→GITEA_TOKEN)SELF_HOSTED_FORGE— checks if any hostname label contains "gitea", "gitlab", or "forgejo"For a URL like
https://git.example.com/group/app.git, the hostname labels are["git", "example", "com"]. None match, so the function returns{ token: undefined, scheme: '' }.GITEA_URLis set in.envbut is never read byresolveForgeAuth()— it's only used by the Gitea webhook adapter inserver/src/index.ts.Steps to Reproduce
GITEA_URL=https://git.example.comandGITEA_TOKEN=your_tokenin.envgit.example.com,code.example.com,scm.example.com)Expected Behavior
GITEA_TOKENshould be used when the clone URL's hostname matches the configuredGITEA_URLhostname, even if the hostname doesn't contain "gitea" as a label.Proposed Fix
Add a fallback in
resolveForgeAuth()after theSELF_HOSTED_FORGEloop that compares the clone URL hostname againstGITEA_URL:This is safe because it only matches when the clone URL hostname is identical to the configured
GITEA_URLhostname — no risk of leakingGITEA_TOKENto GitHub or other forges.Files to Change
packages/core/src/handlers/clone.ts— add fallback inresolveForgeAuth()packages/core/src/handlers/clone.test.ts— add test case for non-standard Gitea hostname that matchesGITEA_URLEnvironment
docker-compose.ymlwithenv_file: .env)GITEA_TOKENconfirmed present in container env (dotenv log shows 21 keys loaded)GITEA_URL=https://git.example.com(hostname labels:["git", "example", "com"])