After upgrading Gitea to the latest version, the actions secrets are lost #14115

New Issue

Closed

opened 2025-11-02 11:03:20 -06:00 by GiteaMirror · 10 comments

GiteaMirror commented 2025-11-02 11:03:20 -06:00

Owner

Copy Link

Originally created by @ysicing on GitHub (Feb 8, 2025).

Description

After upgrading Gitea to the latest version, the pipeline keys are lost, but the database records are still present.

Gitea Version

1.23.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

The screenshots show my YAML configuration and the historical execution records, which were working fine before the upgrade. After the upgrade, I found that the environment variables are missing, so I manually added one. Finally, there is a screenshot of the database.

Git Version

No response

Operating System

docker

How are you running Gitea?

docker compose

Database

MySQL/MariaDB

Originally created by @ysicing on GitHub (Feb 8, 2025). ### Description After upgrading Gitea to the latest version, the pipeline keys are lost, but the database records are still present. ### Gitea Version 1.23.3 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots      The screenshots show my YAML configuration and the historical execution records, which were working fine before the upgrade. After the upgrade, I found that the environment variables are missing, so I manually added one. Finally, there is a screenshot of the database. ### Git Version _No response_ ### Operating System docker ### How are you running Gitea? docker compose ### Database MySQL/MariaDB

GiteaMirror added the issue/needs-feedbacktype/bug labels 2025-11-02 11:03:20 -06:00

GiteaMirror closed this issue 2025-11-02 11:03:20 -06:00

GiteaMirror commented 2025-11-02 11:03:20 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 8, 2025):

Please check whether you changed the security key in the app.ini.

@lunny commented on GitHub (Feb 8, 2025): Please check whether you changed the security key in the app.ini.

GiteaMirror commented 2025-11-02 11:03:21 -06:00

Author

Owner

Copy Link

@ysicing commented on GitHub (Feb 8, 2025):

I checked the app.ini file, and the last change was on July 28, 2024.

@ysicing commented on GitHub (Feb 8, 2025): I checked the app.ini file, and the last change was on July 28, 2024. 

GiteaMirror commented 2025-11-02 11:03:21 -06:00

Author

Owner

Copy Link

@ysicing commented on GitHub (Feb 8, 2025):

But I noticed that the value of security.SECRET_KEY seems to be empty. How should I fix this? There are hundreds of repositories! 😂

[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *

@ysicing commented on GitHub (Feb 8, 2025): But I noticed that the value of security.SECRET_KEY seems to be empty. How should I fix this? There are hundreds of repositories! 😂 ``` [security] INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * ```

GiteaMirror commented 2025-11-02 11:03:21 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 8, 2025):

If it's empty, a default value will be given and the code hasn't been changed in two years.

@lunny commented on GitHub (Feb 8, 2025): If it's empty, a default value will be given and the code hasn't been changed in two years.

GiteaMirror commented 2025-11-02 11:03:21 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Feb 8, 2025):

Which version did you upgrade from?

@techknowlogick commented on GitHub (Feb 8, 2025): Which version did you upgrade from?

GiteaMirror commented 2025-11-02 11:03:21 -06:00

Author

Owner

Copy Link

@ysicing commented on GitHub (Feb 9, 2025):

There was no problem in version 1.22. This issue did not exist before the upgrade, and this Gitea service has been running for quite a while. The recent upgrade path is as follows:

You look at the database records. The owner of version 1.22 is 11, which is the organization ID. After upgrading to version 1.23, the value here is changed to 0.

@ysicing commented on GitHub (Feb 9, 2025): There was no problem in version 1.22. This issue did not exist before the upgrade, and this Gitea service has been running for quite a while. The recent upgrade path is as follows:  You look at the database records. The owner of version 1.22 is 11, which is the organization ID. After upgrading to version 1.23, the value here is changed to 0. 

GiteaMirror commented 2025-11-02 11:03:21 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 9, 2025):

There was no problem in version 1.22. This issue did not exist before the upgrade, and this Gitea service has been running for quite a while. The recent upgrade path is as follows:

You look at the database records. The owner of version 1.22 is 11, which is the organization ID. After upgrading to version 1.23, the value here is changed to 0.

OK. Maybe that's the bug? maybe caused by #31724 @wolfogre

@lunny commented on GitHub (Feb 9, 2025): > There was no problem in version 1.22. This issue did not exist before the upgrade, and this Gitea service has been running for quite a while. The recent upgrade path is as follows: > >  > > You look at the database records. The owner of version 1.22 is 11, which is the organization ID. After upgrading to version 1.23, the value here is changed to 0. > >  OK. Maybe that's the bug? maybe caused by #31724 @wolfogre

GiteaMirror commented 2025-11-02 11:03:22 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 9, 2025):

As a workaround, maybe update all owner_id = 0 if repo_id > 0 manually. Please backup this table before you do any operations.

@lunny commented on GitHub (Feb 9, 2025): As a workaround, maybe update all owner_id = 0 if repo_id > 0 manually. Please backup this table before you do any operations.

GiteaMirror commented 2025-11-02 11:03:22 -06:00

Author

Owner

Copy Link

@ysicing commented on GitHub (Feb 11, 2025):

@wolfogre Is there any time you can take a look at this issue?

@ysicing commented on GitHub (Feb 11, 2025): @wolfogre Is there any time you can take a look at this issue?

GiteaMirror commented 2025-11-02 11:03:22 -06:00

Author

Owner

Copy Link

@wolfogre commented on GitHub (Feb 11, 2025):

Yes, it is caused by #31724, but it's not a bug; it's by design.

Due to the special nature of secrets, I would rather choose to let Gitea forget some secrets as dirty data (which may bring some inconsistencies, sorry about that) than to let the secrets leak.

@ysicing So please update the database table manually, or recreate those secrets.

@lunny Maybe we can have a doctor tool to fix those dirty data, {OwnerID: x, RepoID: y} -> {OwnerID: 0, RepoID: y}

@wolfogre commented on GitHub (Feb 11, 2025): Yes, it is caused by #31724, but it's not a bug; it's by design. <img width="683" alt="Image" src="https://github.com/user-attachments/assets/fcbf0745-2818-4a5a-8db2-5c78dcbe23da" /> Due to the special nature of secrets, I would rather choose to let Gitea forget some secrets as dirty data (which may bring some inconsistencies, sorry about that) than to let the secrets leak. @ysicing So please update the database table manually, or recreate those secrets. @lunny Maybe we can have a doctor tool to fix those dirty data, `{OwnerID: x, RepoID: y}` -> `{OwnerID: 0, RepoID: y}`

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label issue/needs-feedback type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#14115