From b8dc240a8ae884b74832b2284965f718f6aa386b Mon Sep 17 00:00:00 2001
From: Jakob Scheid <jakob.scheid@icloud.com>
Date: Mon, 11 May 2026 22:53:12 +0200
Subject: [PATCH] Add support for disabling the Gitea webhook secret

---
 config/server.conf                         |  4 ++--
 src/jcloud_deployment_server/api/config.py | 15 ++++++++++-----
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/config/server.conf b/config/server.conf
index 62cd2b8..95c214e 100644
--- a/config/server.conf
+++ b/config/server.conf
@@ -46,6 +46,6 @@
 # false.
 # enabled=
 
-# The file for the Gitea webhook secret. Must be set if Gitea webhooks
-# are enabled.
+# The file for the Gitea webhook secret. Leave it empty to disable the
+# secret (warning: very insecure).
 # webhook_secret_file=
\ No newline at end of file
diff --git a/src/jcloud_deployment_server/api/config.py b/src/jcloud_deployment_server/api/config.py
index afff7f5..178e7a3 100644
--- a/src/jcloud_deployment_server/api/config.py
+++ b/src/jcloud_deployment_server/api/config.py
@@ -20,6 +20,7 @@ import ipaddress
 import pathlib
 import logging
 import argparse
+from typing import Optional
 
 __all__ = [
     'load_config',
@@ -118,7 +119,7 @@ def process_host_and_port(
 @dataclass
 class GiteaConfig:
     enabled: bool
-    webhook_secret_file_path: pathlib.Path
+    webhook_secret_file_path: Optional[pathlib.Path]
 
 def _is_readable_file(path: pathlib.Path) -> bool:
     '''
@@ -161,10 +162,14 @@ def process_gitea_config(
     if configuration['gitea'].enabled not in ('true', 'yes', 't', 'y'):
         return GiteaConfig(False, None)
 
-    secret_file_path = pathlib.Path(configuration['gitea'].webhook_secret_file)
+    secret_file_path = configuration['gitea'].webhook_secret_file
 
-    if not _is_readable_file(secret_file_path):
-        logger.critical(f'{secret_file_path}: Cannot read Gitea webhook secret file')
-        raise Fail(f'{secret_file_path}: Cannot read Gitea webhook secret file', exit_code = 2)
+    if not secret_file_path: # disable secret
+        secret_file_path = None
+    else:
+        secret_file_path = pathlib.Path(secret_file_path)
+        if not _is_readable_file(secret_file_path):
+            logger.critical(f'{secret_file_path}: Cannot read Gitea webhook secret file')
+            raise Fail(f'{secret_file_path}: Cannot read Gitea webhook secret file', exit_code = 2)
     
     return GiteaConfig(True, secret_file_path)
\ No newline at end of file