- Notifications
You must be signed in to change notification settings - Fork116
Open
Labels
Description
I'm experimenting with Pipelines as Code using Forgejo/Gitea as git repository. Any attempt to trigger the pipeline results in error that I'm not allowed to trigger the pipeline.
It does trigger for push to main.
There are two users in the forgejo instance: whummelink (member of both owners and privatcloud) and a bot account which is member of a CI team with access to all repositories.
{"level":"info","ts":"2025-05-26T09:59:07.083Z","logger":"pipelinesascode","caller":"events/emit.go:48","msg":"policy check: retest, user: whummelink is not a member of any of the allowed teams: [owners privatcloud]","commit":"d5a550a-dirty","provider":"gitea","event-id":"ad709951-b198-4415-acec-6759f553754a","event-sha":"","event-type":"test-all-comment","namespace":"demo"}{"level":"info","ts":"2025-05-26T09:59:07.089Z","logger":"pipelinesascode","caller":"events/emit.go:48","msg":"User whummelink is not allowed to trigger CI via pull_request on this repo.","commit":"d5a550a-dirty","provider":"gitea","event-id":"ad709951-b198-4415-acec-6759f553754a","event-sha":"","event-type":"test-all-comment","namespace":"demo"}I have the following repository config:
apiVersion:pipelinesascode.tekton.dev/v1alpha1kind:Repositorymetadata:name:git-test-pipelines-as-code-gitnamespace:demospec:git_provider:secret:key:provider.tokenname:git-test-pipelines-as-code-git-token-6ttfqurl:'https://forgejo-http-default.apps.example.com'webhook_secret:key:webhook.secretname:git-test-pipelines-as-code-git-token-6ttfqsettings:policy:ok_to_test: -owners -privatcloudpull_request: -owners -privatcloudurl:'https://forgejo-http-default.apps.example.com/privatcloud/test-pipelines-as-code'
And pipelinerun:
---apiVersion: tekton.dev/v1kind: PipelineRunmetadata: annotations: pipelinesascode.tekton.dev/on-event: "[pull_request,pull_request_comment,push]" pipelinesascode.tekton.dev/on-target-branch: "[main]" pipelinesascode.tekton.dev/on-source-branch: "[feature/*]" labels: pipelinesascode.tekton.dev/owner: whummelink name: test-pipelines-as-codespec: serviceAccountName: default params: - name: GO_VERSION value: "1.24.3" - name: GIT_REPOSITORY_URL value: "{{repo_url}}" - name: GIT_REVISION value: "{{revision}}" pipelineSpec: params: - name: GO_VERSION - name: GIT_REPOSITORY_URL - name: GIT_REVISION tasks: - name: fetch-repo taskRef: params: - name: kind value: task - name: name value: git-clone - name: namespace value: openshift-pipelines resolver: cluster params: - name: URL value: $(params.GIT_REPOSITORY_URL) - name: REVISION value: $(params.GIT_REVISION) - name: DEPTH value: '0' workspaces: - name: output workspace: source workspaces: - name: source volumeClaimTemplate: spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi - name: basic-auth secret: secretName: gitlab-token