Woodpecker 2.7.1 reporting "an unknown error occured" in repo settings

[Daniel451]

Component

web-ui

Describe the bug

Whenever I navigate to the settings of a repo (same behavior for all repos) woodpecker reports "an unknown error occured". However, as far as I can tell, repo settings are interpreted correctly and I can also still update settings. Pipelines also execute normally. Even the server logs do not show any errors.

Since I did not experience major issues yet and do not see any errors reported in the server logs (server is running with debug mode on currently), I am not sure how to debug further and thus wanted to report the issue. Probably a low priority issue with (hopefully) no major implications?

Steps to reproduce

1. Click on any repository in Woodpecker's WebUI
2. Click on settings icon
3. Error shows up

Expected behavior

No response

System Info

Woodpecker v2.7.1
Bitbucket Datacenter v9.1.1

Woodpecker is running via docker compose:

  ...
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:v2.7.1
    depends_on:
      - traefik
    container_name: woodpecker-server
    restart: always
    environment:
      - WOODPECKER_OPEN=true
      - WOODPECKER_SERVER_ADDR=:8000
      - WOODPECKER_HOST=<our-woodpecker-url>
        # OAuth setup for Bitbucket Datacenter
      - WOODPECKER_BITBUCKET_DC=true
      - WOODPECKER_BITBUCKET_DC_GIT_USERNAME=<dedicated-woodpecker-account>
      - WOODPECKER_BITBUCKET_DC_GIT_PASSWORD=<password>
      - WOODPECKER_BITBUCKET_DC_CLIENT_ID=<client-id>
      - WOODPECKER_BITBUCKET_DC_CLIENT_SECRET=<client-secret>
      - WOODPECKER_BITBUCKET_DC_URL=<bitbucket-dc-url>
      - WOODPECKER_BITBUCKET_DC_SKIP_VERIFY=true
        # Agent
      - WOODPECKER_AGENT_SECRET=<agent-secret>
        # Optional: Additional configurations
      - WOODPECKER_LOG_LEVEL=debug
    volumes:
      - woodpecker_server_data:/var/lib/woodpecker  # Persist data across restarts
    networks:
      - harbor
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.woodpecker.rule=Host(`<woodpecker-url>`)"
      - "traefik.http.routers.woodpecker.entrypoints=websecure"
      - "traefik.http.routers.woodpecker.tls.certresolver=le"
      - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
      - "traefik.docker.network=harbor"

Additional context

No response

Validations

• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Checked that the bug isn't fixed in the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]

[zc-devs]

I am not sure how to debug further

Open browser console, look for errors in console and network tabs.

[Daniel451]

@zc-devs

I get this when opening the settings of a repo:

index-BYiKEgE7.js:14 TypeError: n is not iterable (cannot read property null)
    at M (usePaginate-ChAyhlMT.js:1:137)
    at async RepoWrapper-DGzZh9LI.js:1:1375
od @ index-BYiKEgE7.js:14
/api/stream/logs/5/3/39:1 
        
        
       Failed to load resource: the server responded with a status of 401 ()
2index-BYiKEgE7.js:14 TypeError: n is not iterable (cannot read property null)
    at M (usePaginate-ChAyhlMT.js:1:137)
    at async RepoWrapper-DGzZh9LI.js:1:1375
od @ index-BYiKEgE7.js:14
index-BYiKEgE7.js:44 
        
        
       GET <our-url>/api/orgs/3/secrets?page=1 403 (Forbidden)
_request @ index-BYiKEgE7.js:44
_get @ index-BYiKEgE7.js:44
getOrgSecretList @ index-BYiKEgE7.js:44
h @ RepoSettings-CkGwfXEq.js:3
r @ usePaginate-ChAyhlMT.js:1
r @ usePaginate-ChAyhlMT.js:1
await in r
(anonymous) @ index-BYiKEgE7.js:14
oa @ index-BYiKEgE7.js:14
yt @ index-BYiKEgE7.js:14
As.t.__weh.t.__weh @ index-BYiKEgE7.js:14
sl @ index-BYiKEgE7.js:14
nl @ index-BYiKEgE7.js:14
Promise.then
rl @ index-BYiKEgE7.js:14
Qn @ index-BYiKEgE7.js:14
(anonymous) @ index-BYiKEgE7.js:14
Hn @ index-BYiKEgE7.js:10
Ui @ index-BYiKEgE7.js:10
ir @ index-BYiKEgE7.js:10
set value @ index-BYiKEgE7.js:10
I @ index-BYiKEgE7.js:44
(anonymous) @ index-BYiKEgE7.js:44
Promise.then
h @ index-BYiKEgE7.js:44
L @ index-BYiKEgE7.js:44
f @ index-BYiKEgE7.js:44
oa @ index-BYiKEgE7.js:14
yt @ index-BYiKEgE7.js:14
a @ index-BYiKEgE7.js:18
index-BYiKEgE7.js:14 Error
    at Rk._request (index-BYiKEgE7.js:44:58766)
    at async r (usePaginate-ChAyhlMT.js:1:446)
    at async r (usePaginate-ChAyhlMT.js:1:680)
od @ index-BYiKEgE7.js:14
zs @ index-BYiKEgE7.js:14
(anonymous) @ index-BYiKEgE7.js:14
Promise.catch
yt @ index-BYiKEgE7.js:14
As.t.__weh.t.__weh @ index-BYiKEgE7.js:14
sl @ index-BYiKEgE7.js:14
nl @ index-BYiKEgE7.js:14
Promise.then
rl @ index-BYiKEgE7.js:14
Qn @ index-BYiKEgE7.js:14
(anonymous) @ index-BYiKEgE7.js:14
Hn @ index-BYiKEgE7.js:10
Ui @ index-BYiKEgE7.js:10
ir @ index-BYiKEgE7.js:10
set value @ index-BYiKEgE7.js:10
I @ index-BYiKEgE7.js:44
(anonymous) @ index-BYiKEgE7.js:44
Promise.then
h @ index-BYiKEgE7.js:44
L @ index-BYiKEgE7.js:44
f @ index-BYiKEgE7.js:44
oa @ index-BYiKEgE7.js:14
yt @ index-BYiKEgE7.js:14
a @ index-BYiKEgE7.js:18
usePaginate-ChAyhlMT.js:1 Uncaught (in promise) TypeError: n is not iterable (cannot read property null)
    at M (usePaginate-ChAyhlMT.js:1:137)
    at async s (RepoSettings-CkGwfXEq.js:1:3632)

This here when I change something, for example, adding and deleting a secret:

index-BYiKEgE7.js:44 
        
        
       GET <our-url>/api/orgs/3/secrets?page=1 403 (Forbidden)
_request @ index-BYiKEgE7.js:44
_get @ index-BYiKEgE7.js:44
getOrgSecretList @ index-BYiKEgE7.js:44
h @ RepoSettings-CkGwfXEq.js:3
r @ usePaginate-ChAyhlMT.js:1
r @ usePaginate-ChAyhlMT.js:1
await in r
m @ usePaginate-ChAyhlMT.js:1
(anonymous) @ RepoSettings-CkGwfXEq.js:3
await in (anonymous)
e @ useAsyncAction-BCMHfBss.js:1
oa @ index-BYiKEgE7.js:14
yt @ index-BYiKEgE7.js:14
ep @ index-BYiKEgE7.js:14
$ @ SecretList.vue_vue_type_script_setup_true_lang-CqWGmVQc.js:1
a.<computed>.a.<computed> @ index-BYiKEgE7.js:18
oa @ index-BYiKEgE7.js:14
yt @ index-BYiKEgE7.js:14
a @ index-BYiKEgE7.js:18
index-BYiKEgE7.js:44 
        
        
       GET <our-url>/api/orgs/3/secrets?page=1 403 (Forbidden)

However, the secret gets created and is usable in pipelines. Also deleting the secret works. As far as I can say, all settings (so far) work correctly and can be updated.

Network tab shows lots of 403 Forbidden, for example:

Request URL:
<our-url>/api/orgs/3/secrets?page=1
Request Method:
GET
Status Code:
403 Forbidden
Remote Address:
<our-ip>:443
Referrer Policy:
strict-origin-when-cross-origin
access-control-allow-origin:
*
cache-control:
no-cache, no-store, max-age=0, must-revalidate, value
content-length:
19
content-type:
text/plain; charset=utf-8
date:
Sun, 20 Oct 2024 20:04:58 GMT
expires:
Thu, 01 Jan 1970 00:00:00 GMT
last-modified:
Sun, 20 Oct 2024 20:04:58 GMT
x-content-type-options:
nosniff
x-frame-options:
DENY
x-woodpecker-version:
2.7.1
x-xss-protection:
1; mode=block
:authority:
<our-url>
:method:
GET
:path:
/api/orgs/3/secrets?page=1
:scheme:
https
accept:
*/*
accept-encoding:
gzip, deflate, br, zstd
accept-language:
de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
cookie:
(...)
priority:
u=1, i
referer:
<our-url>/repos/5/settings
sec-ch-ua:
"Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"
sec-ch-ua-mobile:
?0
sec-ch-ua-platform:
"macOS"
sec-fetch-dest:
empty
sec-fetch-mode:
cors
sec-fetch-site:
same-origin
user-agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

[zc-devs]

the secret gets created and is usable in pipelines

It's a repo's secret. There also might be organization and global secrets. On settings page all of them try to load, but you don't have access to org secrets, therefore the error:

getOrgSecretList @ index-BYiKEgE7.js:44
GET <our-url>/api/orgs/3/secrets?page=1 403 (Forbidden)

There was similar error for global secrets (#3013).

orgs/3

What is ID of your user? Are you member of some organization? Does your org have ID=3? What is your role/permissions in the org (like org admin, developer, read-only) in Bitbucket?

---

Probably this is Bitbucket forge issue, cause I don't have it with Gitea.

[Daniel451]

@zc-devs it looks to me that #3013 was closed in 2.5.0? So the fix is not effective (for some forges or at least Bitbucket Datacenter)?

Probably this is Bitbucket forge issue, cause I don't have it with Gitea.

I just stumbled upon Woodpecker yesterday, thus I cannot tell if this behavior is new or exclusive to Bitbucket. Anyways, enjoying Woodpecker a lot and definitely open to help improve on Bitbucket integration, especially testing stuff. Woodpecker is definitely the cleanest CI solution I have ever seen. Very straightforward yaml files, very organized UI. We had Jenkins and GitLab CI before & also tried Atlassian's Bamboo, Woodpecker will definitely stay around for long.

What is ID of your user? Are you member of some organization? Does your org have ID=3? What is your role/permissions in the org (like org admin, developer, read-only) in Bitbucket?

How would I find out the ID of my user? Yes, we use Bitbucket Datacenter together with Crowd Datacenter (Atlassian's user directory & SSO service), so Bitbucket synchronizes it's user database via our Crowd server, where we configured different groups. I am admin in both.

Thank you very much for assisting :)

[zc-devs]

#3013 was closed in 2.5.0?

Yes, it was just an example of similar "unknown error" in secrets. Symptoms were the same, but it was because of global secrets. Your issue is with organization's secrets.

How would I find out the ID of my user?

Do you have access to database? Then something like

# psql
postgres=# \c woodpecker
woodpecker=# select id,login,org_id from users;
woodpecker=# select id,name,is_user,private from orgs;

Or can open User settings and look at requests in browser's Network tab:

GET https://domain.tld/api/orgs/2/secrets?page=1
GET https://domain.tld/api/orgs/2/registries?page=1

2 is my user org ID #3360.

Then in Repository settings I see 3 requests

GET https://domain.tld/api/repos/5/secrets?page=1 - repository
GET https://domain.tld/api/orgs/7/secrets?page=1 - organization
GET https://domain.tld/api/secrets?page=1 - global

there 7 is organization ID.

I wanted to compare user org ID with org ID. Database approach is probably better, cause it have more potential useful info.

server is running with debug mode

Maybe trace will show something interesting?

---

I think there are two problems here:

1. You don't have access to org secrets (HTTP 401)
2. As consequence UI's null pointer exception