warn about server side hooks

docs/resources/git_hook.md

@@ -4,11 +4,19 @@ page_title: "gitea_git_hook Resource - terraform-provider-gitea"
 subcategory: ""
 description: |-
   gitea_git_hook manages git hooks on a repository.
+  import is currently not supported
+  WARNING: using this resource requires to enable server side hookswhich are known to cause security issues https://github.com/go-gitea/gitea/pull/13058!
+  if you want to procede, you need to enable server side hooks as stated here https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
 ---
 
 # gitea_git_hook (Resource)
 
 `gitea_git_hook` manages git hooks on a repository.
+import is currently not supported
+
+WARNING: using this resource requires to enable server side hookswhich are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!
+
+if you want to procede, you need to enable server side hooks as stated [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)
 
 ## Example Usage
 
@@ -22,7 +30,7 @@ resource "gitea_repository" "org_repo" {
   name     = "org-test-repo"
 }
 
-resource "gitea_git_hook" "org_repo_post-receive" {
+resource "gitea_git_hook" "org_repo_post_receive" {
   name    = "post-receive"
   user    = gitea_org.test_org.name
   repo    = gitea_repository.org_repo.name

examples/main.tf

@@ -56,3 +56,18 @@ resource "gitea_team" "test_team" {
   permission   = "write"
   members      = [gitea_user.test.username]
 }
+
+resource "gitea_team" "admin_team" {
+  name         = "Admins"
+  organisation = gitea_org.test_org.name
+  description  = "Admins of Test Org"
+  permission   = "admin"
+  members      = [data.gitea_user.me.username]
+}
+
+resource "gitea_git_hook" "org_repo_pre_receive" {
+  name    = "pre-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/pre-receive.sh")
+}

examples/pre-receive.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        echo "wrong branch"
+        exit 1
+    fi
+done

examples/resources/gitea_git_hook/post-receive.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        # Do something
+    fi
+done

examples/resources/gitea_git_hook/resource.tf

@@ -7,7 +7,7 @@ resource "gitea_repository" "org_repo" {
   name     = "org-test-repo"
 }
 
-resource "gitea_git_hook" "org_repo_post-receive" {
+resource "gitea_git_hook" "org_repo_post_receive" {
   name    = "post-receive"
   user    = gitea_org.test_org.name
   repo    = gitea_repository.org_repo.name

gitea/resource_gitea_git_hook.go

@@ -110,6 +110,11 @@ func resourceGiteaGitHook() *schema.Resource {
 				Description: "Content of the git hook",
 			},
 		},
-		Description: "`gitea_git_hook` manages git hooks on a repository.",
+		Description: "`gitea_git_hook` manages git hooks on a repository.\n" +
+			"import is currently not supported\n\n" +
+			"WARNING: using this resource requires to enable server side hooks" +
+			"which are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!\n\n" +
+			"if you want to procede, you need to enable server side hooks as stated" +
+			" [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)",
 	}
 }

scripts/docker-compose.yaml

@@ -11,6 +11,7 @@ services:
     environment:
       - USER_UID=1000
       - USER_GID=1000
+      - DISABLE_GIT_HOOKS=false
     restart: always
     networks:
       - gitea