hopefully finally fixed the TLS nil pointer

Reviewed-on: #19

.drone.yml

@@ -15,13 +15,24 @@ steps:
       - push
       - pull_request
       - tag
+  - name: build-dev
+    image: golang:1.18.3-alpine3.16
+    commands:
+      - "apk add --update --no-cache make"
+      - "make build"
+    when:
+      event:
+      - push
+    resources:
+      limits:
+        cpu: 1000
+        memory: 1024MiB
   - name: build
     image: goreleaser/goreleaser
     commands:
       - goreleaser build --snapshot
     when:
       event:
-      - push
       - pull_request
     resources:
       limits:

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Create a report to improve the provider
+title: ''
+labels: 'bug'
+assignees: ''
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Log Output**
+If applicable, add logs to help explain your problem.
+
+**Additional Data**
+Important for reproducability.
+
+- Terraform Version
+
+- Operating System
+
+- Provider Version

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this provider
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+`lerentis at uploadfilter24 dot eu`.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

Makefile

@@ -3,7 +3,7 @@ GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 
 GOFMT ?= gofmt -s
 
-VERSION = 0.7.1
+VERSION = 0.11.1
 
 test: fmt-check
 	go test -i $(TEST) || exit 1

README.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.7.1"
+      version = "0.11.1"
     }
   }
 }

docs/index.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.3.0"
+      version = "0.11.1"
     }
   }
 }

docs/resources/fork.md

@@ -0,0 +1,61 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_fork Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_fork manages repository fork to the current user or an organisation
+  Forking a repository to a dedicated user is currently unsupported
+  Creating a fork using this resource without an organisation will create the fork in the executors name
+---
+
+# gitea_fork (Resource)
+
+`gitea_fork` manages repository fork to the current user or an organisation
+Forking a repository to a dedicated user is currently unsupported
+Creating a fork using this resource without an organisation will create the fork in the executors name
+
+## Example Usage
+
+```terraform
+resource "gitea_org" "org1" {
+  name = "org1"
+}
+
+resource "gitea_org" "org2" {
+  name = "org2"
+}
+
+resource "gitea_repository" "repo1_in_org1" {
+  username = gitea_org.org1.name
+  name     = "repo1-in-org1"
+}
+
+resource "gitea_fork" "user_fork_of_repo1_in_org1" {
+  owner = gitea_org.org1.name
+  repo  = gitea_repository.repo1_in_org1.name
+}
+
+resource "gitea_fork" "org2_fork_of_repo1_in_org1" {
+  owner        = gitea_org.org1.name
+  repo         = gitea_repository.repo1_in_org1.name
+  organization = gitea_org.org2.name
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `owner` (String) The owner or owning organization of the repository to fork
+- `repo` (String) The name of the repository to fork
+
+### Optional
+
+- `organization` (String) The organization that owns the forked repo
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/git_hook.md

@@ -0,0 +1,55 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_git_hook Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_git_hook manages git hooks on a repository.
+  import is currently not supported
+  WARNING: using this resource requires to enable server side hookswhich are known to cause security issues https://github.com/go-gitea/gitea/pull/13058!
+  if you want to procede, you need to enable server side hooks as stated here https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
+---
+
+# gitea_git_hook (Resource)
+
+`gitea_git_hook` manages git hooks on a repository.
+import is currently not supported
+
+WARNING: using this resource requires to enable server side hookswhich are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!
+
+if you want to procede, you need to enable server side hooks as stated [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)
+
+## Example Usage
+
+```terraform
+resource "gitea_org" "test_org" {
+  name = "test-org"
+}
+
+resource "gitea_repository" "org_repo" {
+  username = gitea_org.test_org.name
+  name     = "org-test-repo"
+}
+
+resource "gitea_git_hook" "org_repo_post_receive" {
+  name    = "post-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/post-receive.sh")
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `content` (String) Content of the git hook
+- `name` (String) Name of the git hook to configure
+- `repo` (String) The repository that this hook belongs too.
+- `user` (String) The user (or organisation) owning the repo this hook belongs too
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/repository.md

@@ -72,7 +72,8 @@ Need to exist in the gitea instance
 Need to exist in the gitea instance
 - `license` (String) The license under which the source code of this repository should be.
 Need to exist in the gitea instance
-- `migration_clone_addresse` (String)
+- `migration_clone_address` (String)
+- `migration_clone_addresse` (String) DEPRECATED in favor of `migration_clone_address`
 - `migration_issue_labels` (Boolean)
 - `migration_lfs` (Boolean)
 - `migration_lfs_endpoint` (String)
@@ -92,7 +93,10 @@ Need to exist in the gitea instance
 ### Read-Only
 
 - `created` (String)
+- `clone_url` (String)
+- `html_url` (String)
 - `id` (String) The ID of this resource.
+- `ssh_url` (String)
 - `permission_admin` (Boolean)
 - `permission_pull` (Boolean)
 - `permission_push` (Boolean)

docs/resources/token.md

@@ -0,0 +1,67 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_token Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_token manages gitea Access Tokens.
+  Due to upstream limitations (see https://gitea.com/gitea/go-sdk/issues/610) this resource
+  can only be used with username/password provider configuration.
+  WARNING:
+  Tokens will be stored in the terraform state!
+---
+
+# gitea_token (Resource)
+
+`gitea_token` manages gitea Access Tokens.
+
+Due to upstream limitations (see https://gitea.com/gitea/go-sdk/issues/610) this resource
+can only be used with username/password provider configuration.
+
+WARNING:
+Tokens will be stored in the terraform state!
+
+## Example Usage
+
+```terraform
+provider "gitea" {
+  base_url = var.gitea_url
+  # Token Auth can not be used with this resource
+  username = var.gitea_username
+  password = var.gitea_password
+}
+
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+  admin                = true
+}
+
+resource "gitea_token" "test_token" {
+  username = resource.gitea_user.test.username
+  name     = "test-token"
+}
+
+output "token" {
+  value     = resource.gitea_token.test_token.token
+  sensitive = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the Access Token
+- `username` (String) The owner of the Access Token
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `last_eight` (String)
+- `token` (String, Sensitive) The actual Access Token
+
+

examples/main.tf

@@ -12,13 +12,14 @@ resource "gitea_repository" "mirror" {
   name                         = "terraform-provider-gitea-mirror"
   description                  = "Mirror of Terraform Provider"
   mirror                       = true
-  migration_clone_addresse     = "https://git.uploadfilter24.eu/lerentis/terraform-provider-gitea.git"
+  migration_clone_address      = "https://git.uploadfilter24.eu/lerentis/terraform-provider-gitea.git"
   migration_service            = "gitea"
   migration_service_auth_token = var.gitea_mirror_token
 }
 
 resource "gitea_org" "test_org" {
-  name = "test-org"
+  name        = "test-org"
+  description = "test description"
 }
 
 resource "gitea_repository" "org_repo" {
@@ -55,3 +56,52 @@ resource "gitea_team" "test_team" {
   permission   = "write"
   members      = [gitea_user.test.username]
 }
+
+resource "gitea_team" "admin_team" {
+  name         = "Admins"
+  organisation = gitea_org.test_org.name
+  description  = "Admins of Test Org"
+  permission   = "admin"
+  members      = [data.gitea_user.me.username]
+}
+
+resource "gitea_git_hook" "org_repo_pre_receive" {
+  name    = "pre-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/pre-receive.sh")
+}
+
+resource "gitea_org" "org1" {
+  name = "org1"
+}
+
+resource "gitea_org" "org2" {
+  name = "org2"
+}
+
+resource "gitea_repository" "repo1_in_org1" {
+  username = gitea_org.org1.name
+  name     = "repo1-in-org1"
+}
+
+resource "gitea_fork" "user_fork_of_repo1_in_org1" {
+  owner = gitea_org.org1.name
+  repo  = gitea_repository.repo1_in_org1.name
+}
+
+resource "gitea_fork" "org2_fork_of_repo1_in_org1" {
+  owner        = gitea_org.org1.name
+  repo         = gitea_repository.repo1_in_org1.name
+  organization = gitea_org.org2.name
+}
+
+resource "gitea_token" "test_token" {
+  username = data.gitea_user.me.username
+  name     = "test-token"
+}
+
+output "token" {
+  value = resource.gitea_token.test_token.token
+  sensitive = true
+}

examples/pre-receive.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        echo "wrong branch"
+        exit 1
+    fi
+done

examples/provider.tf

@@ -2,12 +2,14 @@ terraform {
   required_providers {
     gitea = {
       source = "terraform.local/lerentis/gitea"
-      version = "0.7.1"
+      version = "0.11.1"
     }
   }
 }
 
 provider "gitea" {
   base_url = var.gitea_url
-  token    = var.gitea_token
+  username = "lerentis"
+  password = var.gitea_password
+  #token    = var.gitea_token
 }

examples/provider/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.3.0"
+      version = "0.11.1"
     }
   }
 }

examples/resources/gitea_fork/resource.tf

@@ -0,0 +1,23 @@
+resource "gitea_org" "org1" {
+  name = "org1"
+}
+
+resource "gitea_org" "org2" {
+  name = "org2"
+}
+
+resource "gitea_repository" "repo1_in_org1" {
+  username = gitea_org.org1.name
+  name     = "repo1-in-org1"
+}
+
+resource "gitea_fork" "user_fork_of_repo1_in_org1" {
+  owner = gitea_org.org1.name
+  repo  = gitea_repository.repo1_in_org1.name
+}
+
+resource "gitea_fork" "org2_fork_of_repo1_in_org1" {
+  owner        = gitea_org.org1.name
+  repo         = gitea_repository.repo1_in_org1.name
+  organization = gitea_org.org2.name
+}

examples/resources/gitea_git_hook/post-receive.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        # Do something
+    fi
+done

examples/resources/gitea_git_hook/resource.tf

@@ -0,0 +1,15 @@
+resource "gitea_org" "test_org" {
+  name = "test-org"
+}
+
+resource "gitea_repository" "org_repo" {
+  username = gitea_org.test_org.name
+  name     = "org-test-repo"
+}
+
+resource "gitea_git_hook" "org_repo_post_receive" {
+  name    = "post-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/post-receive.sh")
+}

examples/resources/gitea_token/resource.tf

@@ -0,0 +1,25 @@
+provider "gitea" {
+  base_url = var.gitea_url
+  # Token Auth can not be used with this resource
+  username = var.gitea_username
+  password = var.gitea_password
+}
+
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+  admin                = true
+}
+
+resource "gitea_token" "test_token" {
+  username = resource.gitea_user.test.username
+  name     = "test-token"
+}
+
+output "token" {
+  value     = resource.gitea_token.test_token.token
+  sensitive = true
+}

examples/variables.tf

@@ -9,3 +9,7 @@ variable "gitea_token" {
 variable "gitea_mirror_token" {
   
 }
+
+variable "gitea_password" {
+  
+}

gitea/config.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"time"
 
 	"code.gitea.io/sdk/gitea"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging"
@@ -28,8 +29,7 @@ func (c *Config) Client() (interface{}, error) {
 		return nil, fmt.Errorf("either a token or a username needs to be used")
 	}
 	// Configure TLS/SSL
-	tlsConfig := &tls.Config{}
+	var tlsConfig tls.Config
-
 	// If a CACertFile has been specified, use that for cert validation
 	if c.CACertFile != "" {
 		caCert, err := ioutil.ReadFile(c.CACertFile)
@@ -43,13 +43,12 @@ func (c *Config) Client() (interface{}, error) {
 	}
 
 	// If configured as insecure, turn off SSL verification
-	if c.Insecure {
+	tlsConfig.InsecureSkipVerify = c.Insecure
-		tlsConfig.InsecureSkipVerify = true
-	}
 
 	t := http.DefaultTransport.(*http.Transport).Clone()
-	t.TLSClientConfig = tlsConfig
+	t.TLSClientConfig = &tlsConfig
 	t.MaxIdleConnsPerHost = 100
+	t.TLSHandshakeTimeout = 10 * time.Second
 
 	httpClient := &http.Client{
 		Transport: logging.NewTransport("Gitea", t),
@@ -60,16 +59,23 @@ func (c *Config) Client() (interface{}, error) {
 	}
 
 	var client *gitea.Client
+	var err error
 	if c.Token != "" {
-		client, _ = gitea.NewClient(c.BaseURL, gitea.SetToken(c.Token), gitea.SetHTTPClient(httpClient))
+		client, err = gitea.NewClient(c.BaseURL, gitea.SetToken(c.Token), gitea.SetHTTPClient(httpClient))
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if c.Username != "" {
-		client, _ = gitea.NewClient(c.BaseURL, gitea.SetBasicAuth(c.Username, c.Password), gitea.SetHTTPClient(httpClient))
+		client, err = gitea.NewClient(c.BaseURL, gitea.SetBasicAuth(c.Username, c.Password), gitea.SetHTTPClient(httpClient))
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	// Test the credentials by checking we can get information about the authenticated user.
-	_, _, err := client.GetMyUserInfo()
+	_, _, err = client.GetMyUserInfo()
 
 	return client, err
 }

gitea/provider.go

@@ -73,13 +73,16 @@ func Provider() *schema.Provider {
 
 		ResourcesMap: map[string]*schema.Resource{
 			"gitea_org": resourceGiteaOrg(),
-			// "gitea_team": resourceGiteaTeam(),
+			// "gitea_team":       resourceGiteaTeam(),
-			// "gitea_repo": resourceGiteaRepo(),
+			// "gitea_repo":       resourceGiteaRepo(),
 			"gitea_user":       resourceGiteaUser(),
 			"gitea_oauth2_app": resourceGiteaOauthApp(),
 			"gitea_repository": resourceGiteaRepository(),
+			"gitea_fork":       resourceGiteaFork(),
 			"gitea_public_key": resourceGiteaPublicKey(),
 			"gitea_team":       resourceGiteaTeam(),
+			"gitea_git_hook":   resourceGiteaGitHook(),
+			"gitea_token":      resourceGiteaToken(),
 		},
 
 		ConfigureFunc: providerConfigure,

gitea/resource_gitea_fork.go

@@ -0,0 +1,127 @@
+package gitea
+
+import (
+	"fmt"
+	"strconv"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	forkOwner        string = "owner"
+	forkRepo         string = "repo"
+	forkOrganization string = "organization"
+)
+
+func resourceForkCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	var opts gitea.CreateForkOption
+	var org string
+	org = d.Get(forkOrganization).(string)
+	if org != "" {
+		opts.Organization = &org
+	}
+
+	repo, _, err := client.CreateFork(d.Get(forkOwner).(string),
+		d.Get(forkRepo).(string),
+		opts)
+	if err == nil {
+		err = setForkResourceData(repo, d)
+	}
+	return err
+}
+
+func resourceForkRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	var resp *gitea.Response
+
+	if err != nil {
+		return err
+	}
+
+	repo, resp, err := client.GetRepoByID(id)
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return nil
+		} else {
+			return err
+		}
+	}
+
+	err = setForkResourceData(repo, d)
+
+	return
+}
+
+func resourceForkDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	if err != nil {
+		return err
+	}
+
+	repo, _, err := client.GetRepoByID(id)
+	var resp *gitea.Response
+
+	resp, err = client.DeleteRepo(repo.Owner.UserName, repo.Name)
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			return
+		} else {
+			return err
+		}
+	}
+
+	return
+}
+
+func setForkResourceData(repo *gitea.Repository, d *schema.ResourceData) (err error) {
+
+	d.SetId(fmt.Sprintf("%d", repo.ID))
+
+	return
+}
+
+func resourceGiteaFork() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceForkRead,
+		Create: resourceForkCreate,
+		Delete: resourceForkDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"owner": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The owner or owning organization of the repository to fork",
+			},
+			"repo": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The name of the repository to fork",
+			},
+			"organization": {
+				Type:        schema.TypeString,
+				Required:    false,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "The organization that owns the forked repo",
+			},
+		},
+		Description: "`gitea_fork` manages repository fork to the current user or an organisation\n" +
+			"Forking a repository to a dedicated user is currently unsupported\n" +
+			"Creating a fork using this resource without an organisation will create the fork in the executors name",
+	}
+}

gitea/resource_gitea_git_hook.go

@@ -0,0 +1,120 @@
+package gitea
+
+import (
+	"fmt"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	GitHookUser    string = "user"
+	GitHookRepo    string = "repo"
+	GitHookName    string = "name"
+	GitHookContent string = "content"
+)
+
+func resourceGitHookRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	gitHook, _, err := client.GetRepoGitHook(user, repo, name)
+
+	if err != nil {
+		return err
+	}
+
+	err = setGitHookResourceData(user, repo, gitHook, d)
+
+	return
+}
+
+func resourceGitHookUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	opts := gitea.EditGitHookOption{
+		Content: d.Get(GitHookContent).(string),
+	}
+
+	_, err = client.EditRepoGitHook(user, repo, name, opts)
+
+	if err != nil {
+		return err
+	}
+
+	// Get gitHook ourselves, EditRepoGitHook does not return it
+	gitHook, _, err := client.GetRepoGitHook(user, repo, name)
+
+	if err != nil {
+		return err
+	}
+
+	err = setGitHookResourceData(user, repo, gitHook, d)
+
+	return
+}
+
+func resourceGitHookDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	_, err = client.DeleteRepoGitHook(user, repo, name)
+
+	return
+}
+
+func setGitHookResourceData(user string, repo string, gitHook *gitea.GitHook, d *schema.ResourceData) (err error) {
+	d.SetId(fmt.Sprintf("%s/%s/%s", user, repo, gitHook.Name))
+	d.Set(GitHookUser, user)
+	d.Set(GitHookRepo, repo)
+	d.Set(GitHookName, gitHook.Name)
+	d.Set(GitHookContent, gitHook.Content)
+	return
+}
+
+func resourceGiteaGitHook() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceGitHookRead,
+		Create: resourceGitHookUpdate, // All hooks already exist, just empty and disabled
+		Update: resourceGitHookUpdate,
+		Delete: resourceGitHookDelete,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Name of the git hook to configure",
+			},
+			"repo": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The repository that this hook belongs too.",
+			},
+			"user": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The user (or organisation) owning the repo this hook belongs too",
+			},
+			"content": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Content of the git hook",
+			},
+		},
+		Description: "`gitea_git_hook` manages git hooks on a repository.\n" +
+			"import is currently not supported\n\n" +
+			"WARNING: using this resource requires to enable server side hooks" +
+			"which are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!\n\n" +
+			"if you want to procede, you need to enable server side hooks as stated" +
+			" [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)",
+	}
+}

gitea/resource_gitea_organisation.go

@@ -2,6 +2,7 @@ package gitea
 
 import (
 	"fmt"
+	"strconv"
 
 	"code.gitea.io/sdk/gitea"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -17,21 +18,47 @@ const (
 	RepoAdminChangeTeamAccess string = "repo_admin_change_team_access"
 )
 
+// might come in handy if we want to stick to numeric IDs
+func searchOrgByClientId(c *gitea.Client, id int64) (res *gitea.Organization, err error) {
+
+	page := 1
+
+	for {
+		orgs, _, err := c.AdminListOrgs(gitea.AdminListOrgsOptions{
+			ListOptions: gitea.ListOptions{
+				Page:     page,
+				PageSize: 50,
+			},
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		if len(orgs) == 0 {
+			return nil, fmt.Errorf("Organisation with ID %d could not be found", id)
+		}
+
+		for _, org := range orgs {
+			if org.ID == id {
+				return org, nil
+			}
+		}
+
+		page += 1
+	}
+}
+
 func resourceOrgRead(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 
 	var org *gitea.Organization
-	var resp *gitea.Response
 
-	org, resp, err = client.GetOrg(d.Get(orgName).(string))
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	org, err = searchOrgByClientId(client, id)
 
 	if err != nil {
-		if resp.StatusCode == 404 {
+		return err
-			d.SetId("")
-			return nil
-		} else {
-			return err
-		}
 	}
 
 	err = setOrgResourceData(org, d)
@@ -133,7 +160,7 @@ func resourceGiteaOrg() *schema.Resource {
 		Update: resourceOrgUpdate,
 		Delete: resourceOrgDelete,
 		Importer: &schema.ResourceImporter{
-			State: schema.ImportStatePassthrough,
+			StateContext: schema.ImportStatePassthroughContext,
 		},
 		Schema: map[string]*schema.Schema{
 			"name": {

gitea/resource_gitea_repository.go

@@ -34,7 +34,8 @@ const (
 	repoAllowManualMerge         string = "allow_manual_merge"
 	repoAutodetectManualMerge    string = "autodetect_manual_merge"
 	repoMirror                   string = "mirror"
-	migrationCloneAddress        string = "migration_clone_addresse"
+	migrationCloneAddresse       string = "migration_clone_addresse"
+	migrationCloneAddress        string = "migration_clone_address"
 	migrationService             string = "migration_service"
 	migrationServiceAuthName     string = "migration_service_auth_username"
 	migrationServiceAuthPassword string = "migration_service_auth_password"
@@ -77,22 +78,20 @@ func resourceRepoCreate(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 
 	var repo *gitea.Repository
-	var resp *gitea.Response
-	var orgRepo bool
-
-	_, resp, err = client.GetOrg(d.Get(repoOwner).(string))
-
-	if resp.StatusCode == 404 {
-		orgRepo = false
-	} else {
-		orgRepo = true
-	}
 
 	if (d.Get(repoMirror)).(bool) {
+
+		var cloneAddr string
+		if d.Get(migrationCloneAddresse).(string) != "" {
+			cloneAddr = d.Get(migrationCloneAddresse).(string)
+		} else {
+			cloneAddr = d.Get(migrationCloneAddress).(string)
+		}
+
 		opts := gitea.MigrateRepoOption{
 			RepoName:       d.Get(repoName).(string),
 			RepoOwner:      d.Get(repoOwner).(string),
-			CloneAddr:      d.Get(migrationCloneAddress).(string),
+			CloneAddr:      cloneAddr,
 			Service:        gitea.GitServiceType(d.Get(migrationService).(string)),
 			Mirror:         d.Get(repoMirror).(bool),
 			Private:        d.Get(repoPrivateFlag).(bool),
@@ -135,15 +134,11 @@ func resourceRepoCreate(d *schema.ResourceData, meta interface{}) (err error) {
 			TrustModel:    "default",
 		}
 
-		if orgRepo {
+		repo, _, err = client.CreateOrgRepo(d.Get(repoOwner).(string), opts)
-			repo, _, err = client.CreateOrgRepo(d.Get(repoOwner).(string), opts)
-		} else {
-			repo, _, err = client.CreateRepo(opts)
-		}
 	}
 
 	if err != nil {
-		return
+		return err
 	}
 
 	err = setRepoResourceData(repo, d)
@@ -223,6 +218,7 @@ func respurceRepoDelete(d *schema.ResourceData, meta interface{}) (err error) {
 
 func setRepoResourceData(repo *gitea.Repository, d *schema.ResourceData) (err error) {
 	d.SetId(fmt.Sprintf("%d", repo.ID))
+	d.Set("username", repo.Owner.UserName)
 	d.Set("name", repo.Name)
 	d.Set("description", repo.Description)
 	d.Set("full_name", repo.FullName)
@@ -239,8 +235,8 @@ func setRepoResourceData(repo *gitea.Repository, d *schema.ResourceData) (err er
 	d.Set("watchers", repo.Watchers)
 	d.Set("open_issue_count", repo.OpenIssues)
 	d.Set("default_branch", repo.DefaultBranch)
-	d.Set("created", repo.Created)
+	d.Set("created", repo.Created.String())
-	d.Set("updated", repo.Updated)
+	d.Set("updated", repo.Updated.String())
 	d.Set("permission_admin", repo.Permissions.Admin)
 	d.Set("permission_push", repo.Permissions.Push)
 	d.Set("permission_pull", repo.Permissions.Pull)
@@ -255,7 +251,7 @@ func resourceGiteaRepository() *schema.Resource {
 		Update: resourceRepoUpdate,
 		Delete: respurceRepoDelete,
 		Importer: &schema.ResourceImporter{
-			State: schema.ImportStatePassthrough,
+			StateContext: schema.ImportStatePassthroughContext,
 		},
 		Schema: map[string]*schema.Schema{
 			"username": {
@@ -445,6 +441,13 @@ func resourceGiteaRepository() *schema.Resource {
 				Default:  false,
 			},
 			"migration_clone_addresse": {
+				Type:        schema.TypeString,
+				Required:    false,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "DEPRECATED in favor of `migration_clone_address`",
+			},
+			"migration_clone_address": {
 				Type:     schema.TypeString,
 				Required: false,
 				Optional: true,
@@ -513,6 +516,18 @@ func resourceGiteaRepository() *schema.Resource {
 				Optional: true,
 				Default:  "",
 			},
+			"clone_url": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"html_url": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"ssh_url": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 		Description: "`gitea_repository` manages a gitea repository.\n\n" +
 			"Per default this repository will be initializiled with the provided configuration (gitignore, License etc.).\n" +

gitea/resource_gitea_token.go

@@ -0,0 +1,151 @@
+package gitea
+
+import (
+	"fmt"
+	"strconv"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	TokenUsername  string = "username"
+	TokenName      string = "name"
+	TokenHash      string = "token"
+	TokenLastEight string = "last_eight"
+)
+
+func searchTokenById(c *gitea.Client, id int64) (res *gitea.AccessToken, err error) {
+	page := 1
+
+	for {
+		tokens, _, err := c.ListAccessTokens(gitea.ListAccessTokensOptions{
+			ListOptions: gitea.ListOptions{
+				Page:     page,
+				PageSize: 50,
+			},
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		if len(tokens) == 0 {
+			return nil, fmt.Errorf("Token with ID %d could not be found", id)
+		}
+
+		for _, token := range tokens {
+			if token.ID == id {
+				return token, nil
+			}
+		}
+
+		page += 1
+	}
+}
+
+func resourceTokenCreate(d *schema.ResourceData, meta interface{}) (err error) {
+
+	client := meta.(*gitea.Client)
+
+	var opt gitea.CreateAccessTokenOption
+	opt.Name = d.Get(TokenName).(string)
+
+	token, _, err := client.CreateAccessToken(opt)
+
+	if err != nil {
+		return err
+	}
+
+	err = setTokenResourceData(token, d)
+
+	return
+}
+
+func resourceTokenRead(d *schema.ResourceData, meta interface{}) (err error) {
+
+	client := meta.(*gitea.Client)
+
+	var token *gitea.AccessToken
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	token, err = searchTokenById(client, id)
+
+	if err != nil {
+		return err
+	}
+
+	err = setTokenResourceData(token, d)
+
+	return
+}
+
+func resourceTokenDelete(d *schema.ResourceData, meta interface{}) (err error) {
+
+	client := meta.(*gitea.Client)
+	var resp *gitea.Response
+
+	resp, err = client.DeleteAccessToken(d.Get(TokenName).(string))
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			return
+		} else {
+			return err
+		}
+	}
+
+	return
+}
+
+func setTokenResourceData(token *gitea.AccessToken, d *schema.ResourceData) (err error) {
+
+	d.SetId(fmt.Sprintf("%d", token.ID))
+	d.Set(TokenName, token.Name)
+	if token.Token != "" {
+		d.Set(TokenHash, token.Token)
+	}
+	d.Set(TokenLastEight, token.TokenLastEight)
+
+	return
+}
+
+func resourceGiteaToken() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceTokenRead,
+		Create: resourceTokenCreate,
+		Delete: resourceTokenDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The owner of the Access Token",
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The name of the Access Token",
+			},
+			"token": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Sensitive:   true,
+				Description: "The actual Access Token",
+			},
+			"last_eight": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+		Description: "`gitea_token` manages gitea Access Tokens.\n\n" +
+			"Due to upstream limitations (see https://gitea.com/gitea/go-sdk/issues/610) this resource\n" +
+			"can only be used with username/password provider configuration.\n\n" +
+			"WARNING:\n" +
+			"Tokens will be stored in the terraform state!",
+	}
+}

scripts/docker-compose.yaml

@@ -6,11 +6,12 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:1.16.8
+    image: gitea/gitea:1.17.1
     container_name: gitea
     environment:
       - USER_UID=1000
       - USER_GID=1000
+      - DISABLE_GIT_HOOKS=false
     restart: always
     networks:
       - gitea