API authentication inside DroneCI pipelines


I’m seeing werid behaviour when using Drone together with Gitea that I cannot explain. To give an overview, the setup looks like this:

I have a Drone server, integrated with Gitea. In one of the Gitea repositories, there is a script that is executed in a pipeline in Drone. The script does the following:

  • Git-pulls the repository itself
  • Creates some commits and pushes them
  • Opens a pull request inside the Gitea instance. Authentication against GitLab is done using a pre-configured token (using the Authentication header)

Now I saw some peculiar behaviour for the pull request step: When running the script locally (not inside drone), the author of the merge request is the user that owns the API token. This is the desired (and expected!) behaviour.

When running the exact same script inside a Drone pipeline, the author of the pull request is different. There is only one other user in the Gitea instance, and this is the one that is used for the Gitea integration inside Drone (i.e. the one that owns the API client used for integration between Gitea and Drone).

Inside the script, I’m using python’s request module, doing a POST to the Gitea API setting an Authorization HTTP header. Straightforward, nothing fancy.

My question is: Has someone an idea why I see this behaviour? I’m at a loss here, I’d appreciate any hints. As far as I understood the code, the pull request author is implicitly set as the API user that’s used for the API request. As I said, I’m using the Authentication HTTP header. Is there any other kind of authentication that might override this?

Disclaimer: I raised the same topic also in the Drone Discourse as I’m not really sure whether Gitea or Drone introduces this behaviour.

EDIT with a bit more debugging information:

So, I dived a bit deeper. In the end, the only difference between pull requests with the correct and incorrect author is the poster_id column in the issue table. As far as I can tell from the code, it’s set here. I’m cannot tell what this ctx/Context variable actually is, I’m not sure how exactly Gitea handles HTTP requests and cannot really tell from the code.

Can someone help here? How exactly is ctx.User.ID set, specifically for REST API requests?

I solved it:

requests was using the .netrc file injected by Drone. I used this solution to disable .netrc authentication.