warn about server side hooks

Makefile

@@ -3,7 +3,7 @@ GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 
 GOFMT ?= gofmt -s
 
-VERSION = 0.7.4
+VERSION = 0.8.0
 
 test: fmt-check
 	go test -i $(TEST) || exit 1

README.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.7.4"
+      version = "0.8.0"
     }
   }
 }

docs/index.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.7.2"
+      version = "0.8.0"
     }
   }
 }

docs/resources/git_hook.md

@@ -0,0 +1,55 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_git_hook Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_git_hook manages git hooks on a repository.
+  import is currently not supported
+  WARNING: using this resource requires to enable server side hookswhich are known to cause security issues https://github.com/go-gitea/gitea/pull/13058!
+  if you want to procede, you need to enable server side hooks as stated here https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
+---
+
+# gitea_git_hook (Resource)
+
+`gitea_git_hook` manages git hooks on a repository.
+import is currently not supported
+
+WARNING: using this resource requires to enable server side hookswhich are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!
+
+if you want to procede, you need to enable server side hooks as stated [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)
+
+## Example Usage
+
+```terraform
+resource "gitea_org" "test_org" {
+  name = "test-org"
+}
+
+resource "gitea_repository" "org_repo" {
+  username = gitea_org.test_org.name
+  name     = "org-test-repo"
+}
+
+resource "gitea_git_hook" "org_repo_post_receive" {
+  name    = "post-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/post-receive.sh")
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `content` (String) Content of the git hook
+- `name` (String) Name of the git hook to configure
+- `repo` (String) The repository that this hook belongs too.
+- `user` (String) The user (or organisation) owning the repo this hook belongs too
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

examples/main.tf

@@ -56,3 +56,18 @@ resource "gitea_team" "test_team" {
   permission   = "write"
   members      = [gitea_user.test.username]
 }
+
+resource "gitea_team" "admin_team" {
+  name         = "Admins"
+  organisation = gitea_org.test_org.name
+  description  = "Admins of Test Org"
+  permission   = "admin"
+  members      = [data.gitea_user.me.username]
+}
+
+resource "gitea_git_hook" "org_repo_pre_receive" {
+  name    = "pre-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/pre-receive.sh")
+}

examples/pre-receive.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        echo "wrong branch"
+        exit 1
+    fi
+done

examples/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitea = {
       source = "terraform.local/lerentis/gitea"
-      version = "0.7.4"
+      version = "0.8.0"
     }
   }
 }

examples/provider/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.7.4"
+      version = "0.8.0"
     }
   }
 }

examples/resources/gitea_git_hook/post-receive.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        # Do something
+    fi
+done

examples/resources/gitea_git_hook/resource.tf

@@ -0,0 +1,15 @@
+resource "gitea_org" "test_org" {
+  name = "test-org"
+}
+
+resource "gitea_repository" "org_repo" {
+  username = gitea_org.test_org.name
+  name     = "org-test-repo"
+}
+
+resource "gitea_git_hook" "org_repo_post_receive" {
+  name    = "post-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/post-receive.sh")
+}

gitea/provider.go

@@ -80,6 +80,7 @@ func Provider() *schema.Provider {
 			"gitea_repository": resourceGiteaRepository(),
 			"gitea_public_key": resourceGiteaPublicKey(),
 			"gitea_team":       resourceGiteaTeam(),
+			"gitea_git_hook":   resourceGiteaGitHook(),
 		},
 
 		ConfigureFunc: providerConfigure,

gitea/resource_gitea_git_hook.go

@@ -0,0 +1,120 @@
+package gitea
+
+import (
+	"fmt"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	GitHookUser    string = "user"
+	GitHookRepo    string = "repo"
+	GitHookName    string = "name"
+	GitHookContent string = "content"
+)
+
+func resourceGitHookRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	gitHook, _, err := client.GetRepoGitHook(user, repo, name)
+
+	if err != nil {
+		return err
+	}
+
+	err = setGitHookResourceData(user, repo, gitHook, d)
+
+	return
+}
+
+func resourceGitHookUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	opts := gitea.EditGitHookOption{
+		Content: d.Get(GitHookContent).(string),
+	}
+
+	_, err = client.EditRepoGitHook(user, repo, name, opts)
+
+	if err != nil {
+		return err
+	}
+
+	// Get gitHook ourselves, EditRepoGitHook does not return it
+	gitHook, _, err := client.GetRepoGitHook(user, repo, name)
+
+	if err != nil {
+		return err
+	}
+
+	err = setGitHookResourceData(user, repo, gitHook, d)
+
+	return
+}
+
+func resourceGitHookDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	_, err = client.DeleteRepoGitHook(user, repo, name)
+
+	return
+}
+
+func setGitHookResourceData(user string, repo string, gitHook *gitea.GitHook, d *schema.ResourceData) (err error) {
+	d.SetId(fmt.Sprintf("%s/%s/%s", user, repo, gitHook.Name))
+	d.Set(GitHookUser, user)
+	d.Set(GitHookRepo, repo)
+	d.Set(GitHookName, gitHook.Name)
+	d.Set(GitHookContent, gitHook.Content)
+	return
+}
+
+func resourceGiteaGitHook() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceGitHookRead,
+		Create: resourceGitHookUpdate, // All hooks already exist, just empty and disabled
+		Update: resourceGitHookUpdate,
+		Delete: resourceGitHookDelete,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Name of the git hook to configure",
+			},
+			"repo": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The repository that this hook belongs too.",
+			},
+			"user": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The user (or organisation) owning the repo this hook belongs too",
+			},
+			"content": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Content of the git hook",
+			},
+		},
+		Description: "`gitea_git_hook` manages git hooks on a repository.\n" +
+			"import is currently not supported\n\n" +
+			"WARNING: using this resource requires to enable server side hooks" +
+			"which are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!\n\n" +
+			"if you want to procede, you need to enable server side hooks as stated" +
+			" [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)",
+	}
+}

scripts/docker-compose.yaml

@@ -6,11 +6,12 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:1.16.8
+    image: gitea/gitea:1.17.1
     container_name: gitea
     environment:
       - USER_UID=1000
       - USER_GID=1000
+      - DISABLE_GIT_HOOKS=false
     restart: always
     networks:
       - gitea