Gitea API authentication inside pipelines


I’m seeing werid behaviour when using Drone together with Gitea that I cannot explain. To give an overview, the setup looks like this:

I have a Drone server, integrated with Gitea. In one of the Gitea repositories, there is a script that is executed in a pipeline (i.e. inside .drone.yml). The script does the following:

  • Git-pulls the repository itself
  • Creates some commits and pushes them
  • Opens a pull request inside the Gitea instance. Authentication against GitLab is done using a pre-configured token (see the Gitea API documentation)

Now I saw some peculiar behaviour for the pull request step: When running the script locally (not inside drone), the author of the merge request is the user that owns the API token. This is the desired (and expected!) behaviour.

When running the exact same script inside a Drone pipeline, the author of the pull request is different. There is only one other user in the Gitea instance, and this is the one that is used for the Gitea integration inside Drone (i.e. the one that owns the API client configured via DRONE_GITEA_CLIENT_ID and DRONE_GITEA_CLIENT_SECRET).

Inside the script, I’m using python’s request module, doing a POST to the Gitea API setting an Authorization HTTP header. Straightforward, nothing fancy.

My question is: Has someone an idea why I see this behaviour? I’m at a loss here, I’d appreciate any hints. Also, is there maybe a better way to achieve all of this?

I solved it:

requests was using the .netrc file injected by Drone. I used this solution to disable .netrc authentication.