Kevin Web
894ba77d94
Fix OAuth token refresh in webhook handling for Bitbucket and GitHub ( #6059 )
...
## Summary
Fixes #5590
Fixes #5713
This PR fixes an issue where webhook handling fails with "failure to parse hook" error when the user's OAuth access token has expired. The root cause is that the Bitbucket and GitHub forge implementations make API calls during webhook processing without first refreshing the OAuth token.
## Problem
When a webhook arrives from Bitbucket or GitHub, the `Hook()` function (and its helper functions) make API calls to fetch additional data (changed files, repo info, etc.). These API calls use the stored OAuth access token, which may have expired.
**Before this fix:**
1. Webhook arrives
2. `Hook()` makes API calls with potentially expired token
3. API call fails with "OAuth2 access token expired"
4. Error bubbles up as HTTP 400 "failure to parse hook"
5. `forge.Refresh()` is called later in `PostHook()` - but it's too late
**Example error from logs:**
`failure to parse hook error="OAuth2 access token expired. Use your refresh token to obtain a new access token."`
## Solution
Add `forge.Refresh()` calls before making API calls in the webhook handling code paths. This follows the same pattern already used by:
- Bitbucket Data Center forge (`server/forge/bitbucketdatacenter/bitbucketdatacenter.go`)
- Other code paths like `pipeline.Create()`, `cron.go`, etc.
### Changes
**Bitbucket** (`server/forge/bitbucket/bitbucket.go`):
- Added `forge.Refresh()` in `Hook()` before API calls
**GitHub** (`server/forge/github/github.go`):
- Added `forge.Refresh()` in `loadChangedFilesFromPullRequest()`
- Added `forge.Refresh()` in `getTagCommitSHA()`
- Added `forge.Refresh()` in `loadChangedFilesFromCommits()`
## Testing
- All existing Bitbucket and GitHub forge tests pass
- Tested in production environment with Bitbucket (waited for token expiry, webhook succeeded after fix)
2026-02-03 13:34:01 +01:00
renovate[bot]
6a33483647
fix(deps): update module github.com/google/go-github/v81 to v82 ( #6047 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <qwerty287@posteo.de >
2026-01-31 08:52:23 +01:00
6543
c3d1849673
Delete/Deactivate repo ignores missing repo at forge ( #5953 )
2026-01-11 13:00:27 +02:00
renovate[bot]
8810f9722c
fix(deps): update module github.com/google/go-github/v80 to v81 ( #5946 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-10 14:22:28 +01:00
qwerty287
2f0684f502
Revert repos pagination for GH and BB ( #5924 )
2026-01-08 12:32:32 +01:00
renovate[bot]
9cb353e103
fix(deps): update module github.com/google/go-github/v79 to v80 ( #5838 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-12-06 20:46:28 +01:00
6543
21ef4cac53
On set/get of repo make sure forge_id is set and on fetch respected ( #5717 )
2025-11-27 09:39:41 +01:00
renovate[bot]
2279bb71cb
fix(deps): update module github.com/google/go-github/v78 to v79 ( #5757 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-15 16:00:37 +01:00
renovate[bot]
6d48274e07
fix(deps): update module github.com/google/go-github/v77 to v78 ( #5739 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-08 19:47:19 +01:00
renovate[bot]
df941c788a
fix(deps): update module github.com/google/go-github/v76 to v77 ( #5737 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com >
2025-11-08 14:45:23 +01:00
Han Cen
14320372e3
Fix workflow path filter for GitHub ( #5721 )
...
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com >
2025-11-06 08:52:50 +01:00
LUKIEYF
40f847b944
Add Header User-Agent for request client ( #5664 )
...
add Header User-Agent for request client for more precise in recognized the http request from.
close #3778
2025-11-05 11:41:48 +01:00
6543
fbaa339863
Fix nil pointer dereference during GitHub Hook parsing ( #5681 )
2025-10-23 20:44:41 +02:00
renovate[bot]
0a5ceec40e
fix(deps): update module github.com/google/go-github/v75 to v76 ( #5652 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-18 09:06:05 +02:00
6543
f93ef16fe3
Add pagination for Repos() and Teams() in Forge interface ( #5638 )
2025-10-15 22:21:24 +02:00
Robert Kaussow
dd06fbcc61
Switch to GitHub REST API to load changed files ( #5618 )
...
Co-authored-by: 6543 <6543@obermui.de >
```
// GitHub has removed commit summaries from Events API payloads from 7th October 2025 onwards.
```
- switch to rest api to load changed files
- added some small wording/var name adjustment
- added test cases using GitHub mock client
2025-10-10 14:19:41 +02:00
6543
388557d94a
New event pull request metadata ( #5214 )
...
Co-authored-by: qwerty287 <qwerty287@posteo.de >
2025-09-25 00:07:45 +02:00
Anbraten
24ebcb8cf8
Rename oauth variables ( #5435 )
...
Co-authored-by: Anton Bracke <anton.bracke@fastleansmart.com >
2025-08-20 22:47:43 +02:00
renovate[bot]
dd4b2897a8
fix(deps): update module github.com/google/go-github/v73 to v74 ( #5363 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-07-26 08:27:36 +03:00
renovate[bot]
43d7455983
fix(deps): update module github.com/google/go-github/v72 to v73 ( #5285 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-29 08:17:14 +03:00
renovate[bot]
c6229ad333
fix(deps): update module github.com/google/go-github/v71 to v72 ( #5167 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-11 10:11:13 +03:00
renovate[bot]
84acf380cb
fix(deps): update module github.com/google/go-github/v70 to v71 ( #5090 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-15 07:19:02 +03:00
renovate[bot]
94441f6eeb
fix(deps): update module github.com/google/go-github/v69 to v70 ( #4990 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Robert Kaussow <mail@thegeeklab.de >
2025-03-22 13:59:08 +01:00
qwerty287
434670ddbd
Include forge type in netrc ( #4908 )
2025-02-28 15:07:30 +02:00
renovate[bot]
b78427e8b5
fix(deps): update module github.com/google/go-github/v68 to v69 ( #4826 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-08 08:30:52 +02:00
qwerty287
8779086224
Check organization first ( #4723 )
2025-01-13 15:54:05 +02:00
renovate[bot]
828298bcf3
fix(deps): update module github.com/google/go-github/v67 to v68 ( #4635 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <qwerty287@posteo.de >
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com >
2024-12-28 09:28:01 +01:00
qwerty287
81b74025d4
Update Go imports paths ( #4605 )
...
Co-authored-by: Robert Kaussow <mail@thegeeklab.de >
2024-12-22 10:44:34 +01:00
renovate[bot]
6c641ae28d
fix(deps): update module github.com/google/go-github/v66 to v67 ( #4487 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-11-30 08:56:17 +02:00
Robert Kaussow
359e3af817
Add option to limit the resultset returned by paginate helper ( #4475 )
2024-11-29 10:39:01 +01:00
Anbraten
53d6421940
Support github refresh tokens ( #3811 )
2024-11-22 19:12:43 +01:00
renovate[bot]
254310556a
fix(deps): update module github.com/google/go-github/v65 to v66 ( #4205 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-07 07:56:59 +03:00
renovate[bot]
bc74af507e
fix(deps): update module github.com/google/go-github/v64 to v65 ( #4185 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-05 15:46:36 +03:00
renovate[bot]
8e0af15e85
fix(deps): update module github.com/google/go-github/v63 to v64 ( #4073 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-01 17:41:02 +02:00
renovate[bot]
8aef8d2af9
fix(deps): update module github.com/google/go-github/v62 to v63 ( #3910 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-14 07:58:35 +02:00
Anbraten
1a39d57f71
Enhance authentication UX ( #3807 )
2024-06-21 09:55:30 +02:00
6543
4ec046e415
Spellcheck "server/*" ( #3753 )
...
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com >
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com >
2024-06-04 08:30:54 +02:00
renovate[bot]
bf4061b72d
fix(deps): update module github.com/google/go-github/v61 to v62 ( #3730 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-26 18:18:34 +02:00
Anbraten
5527d9bf86
Cleanup server env settings ( #3670 )
...
Co-authored-by: Robert Kaussow <mail@thegeeklab.de >
Co-authored-by: Robert Kaussow <xoxys@rknet.org >
2024-05-15 15:45:08 +02:00
Robert Kaussow
89e100cfd1
Add godot linter to harmonitze toplevel comments ( #3650 )
2024-05-13 22:58:21 +02:00
qwerty287
c9a3bfb321
Fix spellcheck and enable more dirs ( #3603 )
2024-04-09 09:04:53 +02:00
renovate[bot]
50ddc61576
Update module github.com/google/go-github/v60 to v61 ( #3595 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[github.com/google/go-github/v60](https://togithub.com/google/go-github )
| `v60.0.0` -> `v61.0.0` |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
---
### Release Notes
<details>
<summary>google/go-github (github.com/google/go-github/v60)</summary>
###
[`v61.0.0`](https://togithub.com/google/go-github/releases/tag/v61.0.0 )
[Compare
Source](https://togithub.com/google/go-github/compare/v60.0.0...v61.0.0 )
This release contains the following breaking API changes:
- feat!: Update deprecated endpoints in github/action_variables.go
([#​3104](https://togithub.com/google/go-github/issues/3104 ))
...and the following additional changes:
- Bump go-github from v59 to v60 in /scrape
([#​3087](https://togithub.com/google/go-github/issues/3087 ))
- Allow querying rule set information by ID with information returned
from GetRulesFromBranch
([#​3089](https://togithub.com/google/go-github/issues/3089 ))
- Bump codecov/codecov-action from 4.0.2 to 4.1.0
([#​3091](https://togithub.com/google/go-github/issues/3091 ))
- Bump github.com/PuerkitoBio/goquery from 1.9.0 to 1.9.1 in /scrape
([#​3092](https://togithub.com/google/go-github/issues/3092 ))
- Add Protection to Branch struct
([#​3095](https://togithub.com/google/go-github/issues/3095 ))
- Bump github.com/alecthomas/kong from 0.8.1 to 0.9.0 in /tools
([#​3097](https://togithub.com/google/go-github/issues/3097 ))
- Bump golang.org/x/net from 0.21.0 to 0.22.0 in /scrape
([#​3096](https://togithub.com/google/go-github/issues/3096 ))
- Bump google.golang.org/protobuf from 1.28.0 to 1.33.0 in /example
([#​3099](https://togithub.com/google/go-github/issues/3099 ))
- Add audit log rate limit category and make rate limit category getter
public
([#​3088](https://togithub.com/google/go-github/issues/3088 ))
- Update README.md
([#​3110](https://togithub.com/google/go-github/issues/3110 ))
- Allow Installation of Custom Properties Permissions
([#​3108](https://togithub.com/google/go-github/issues/3108 ))
- Add NotificationSetting to NewTeam
([#​3111](https://togithub.com/google/go-github/issues/3111 ))
- Fix pagination for ListCopilotSeats
([#​3112](https://togithub.com/google/go-github/issues/3112 ))
- Add .\*.local to .gitignore
([#​3115](https://togithub.com/google/go-github/issues/3115 ))
- Add CreateOrUpdateRepoCustomPropertyValues
([#​3109](https://togithub.com/google/go-github/issues/3109 ))
- Bump version of go-github to v61.0.0
([#​3118](https://togithub.com/google/go-github/issues/3118 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge -
"before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/woodpecker-ci/woodpecker ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-06 08:00:59 +02:00
Aumetra Weisman
20b84a1aee
Add flag to only access public repositories on GitHub ( #3566 )
2024-03-29 14:36:48 +01:00
renovate[bot]
5d98a717ac
fix(deps): update module github.com/google/go-github/v59 to v60 ( #3493 )
2024-03-16 09:37:08 +01:00
Robert Kaussow
a779eed3df
Enable golangci linter gomnd ( #3171 )
2024-03-15 18:00:25 +01:00
renovate[bot]
4e44dd0e76
fix(deps): update module github.com/google/go-github/v58 to v59 ( #3398 )
2024-02-17 09:04:33 +01:00
qwerty287
451af535d3
Replace http types on forge interface ( #3374 )
2024-02-13 16:19:02 +01:00
qwerty287
e1521ef460
Set correct link for commit ( #3368 )
...
Closes https://github.com/woodpecker-ci/woodpecker/issues/2657
Closes https://github.com/woodpecker-ci/woodpecker/issues/906
2024-02-11 10:44:50 +01:00
qwerty287
9df572ef31
Add release event trigger ( #3226 )
...
Supersedes #764
Bitbucket does not support release webhooks.
---------
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com >
2024-01-30 17:39:00 +01:00
renovate[bot]
57dd88f94a
fix(deps): update module github.com/google/go-github/v57 to v58 ( #3187 )
2024-01-13 08:13:22 +01:00
