And here,
The gitea has a token refresher,
see: cmd/drone-server/inject_client.go#L153,
But none for the gitlab,
See: cmd/drone-server/inject_client.go#L183.
Also, for your reference, the gitlab OAuth2 token now has a default 2 hours expiration policy.
Gitlab OAuth Ref, https:docs.gitlab.com/ee/api/oauth2.html
Since I am more working in the Java ecosystem and not so familar with Go code, I am not going to create a PR for this issue. (It may takes me days to get started. )
Finally, itās sad to restrict new users to add only two links in posts which cause the post a little bit weird.
We face the same issue. I donāt know the internals of Gitlab (cloud) but I guess they changed the duration over the last weekend down to 2h. It does not make drone useless, but pretty annoying.
I wonder if there are any settings on the Gitlab side we could tweak as I expected to see a lot more people complaining / mentioning this issue.
It would be interesting to know if there already is a plan to fix it?
Same, we are affected by it as well since this week and it does make Drone unusable since without manually logging in on the account whose API credentials Drone uses every once in a while, builds simply donāt trigger.
We face same issue since last week. Canāt see pipeline detail after few hours and need to re-login. Also, from Gitlab webhook dashboard we found timeout response sometimes.
There is now a PR that claims to fix this issue by simply copying the Gitea refresher. As we are already building Drone from source for other reasons, we have tried it and it seems to work. We are still getting an occasional build failure with fatal: could not read Username for 'https://gitlab.com': terminal prompts disabled during clone stage - not sure yet if this error related, though, but at least no more 404!
I finally found a solution for it.
Since I am fresh to GO and I just made some changes to make gitlab work without testing on others, I didnāt create a PR for the project.
A pre-build image with the fix can be found at gluxhappy/drone-server-gitlab. If you have any (security) concerns, you can build your own from scripts at gluxhappy/drone-gitlab .
As you can see from the Github repo I mentioned in the previews reply, beside the same change in the PR for the drone main repo, some additional changes are also need in the go-scm repo which is a sub-module of the main drone-server project. The changes in that repo is to add client_id and client_secret parameters when requesting a token refresh. This is documented in the Gitlab documentation but seems not the standard way of the OAuth2. Thatās why I didnāt create a PR for the go-scm repo since this change could break the refresh of tho platforms.
The DRONE_GIT_USERNAME should be a userās name and DRONE_GIT_PASSWORD should be an Personal Access Token with long expiration time. The access token should has been grant at least read access to all repositories you want to build via the Drone.
We have rebuilt Drone with the go-scm change you proposed. Sadly, it doesnāt seem to change anything, some builds still randomly fail with the fatal: could not read Username for 'https://gitlab.com': terminal prompts disabled error.
Iām not sure that it does. As I have mentioned, we have tried the change in that PR and it seems to fix authentication timeout in Drone web UI and webhooks not arriving, but we still kept getting intermittent build failures with another error.
What did fully fix it is using DRONE_GIT_USERNAME and DRONE_GIT_PASSWORD with a personal token as suggested in this thread. (The additional change to go-scm, however, didnāt help, we tried it too.) Still, itās better than nothing. Perhaps now that the PR is merged, more people will get the same clone step error we did, report it, and prompt another fix
)