Add read-only flag for deploy keys (default true)

pjeby · pjeby · commit f55d51f72b31 · 2018-12-30T14:00:57.000-05:00
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ You can install the tool by copying [the binary](bin/gitea) onto your `PATH`, or
 
 * `gitea new` *repo [create-opts...]*  -- create *repo* with the specified options
 * `gitea delete` *repo* -- delete the named repo (use with caution!)
-* `gitea deploy-key` *repo keytitle publickey* -- add the named key as a deployment key for *repo*
+* `gitea deploy-key` *repo keytitle publickey [readonly=true]* -- add the named key as a deployment key for *repo*
 * `gitea exists` *repo* -- return success if *repo* exists, otherwise fail
 * `gitea vendor` *[create-opts...]* -- import current directory to a vendor branch, optionally creating a repository; for full details see [Vendor Imports](#vendor-imports) below.
 
@@ -104,7 +104,7 @@ In order for the predefined subcommands to access your gitea instance, you must
 These variables can also be set via config file(s) or runtime environment:
 
 * `GITEA_GIT_URL` -- the URL prefix used by the `vendor` command for `git clone` operations; defaults to `GITEA_URL` if not specified.  Can be a hostname and `:` for simple ssh URLs, or a full URL base like `git+ssh://user@host`.
-* `GITEA_DEPLOY_KEY`, `GITEA_DEPLOY_KEY_TITLE`  -- if set, new repositories will have this key automatically added to their deploy keys
+* `GITEA_DEPLOY_KEY`, `GITEA_DEPLOY_KEY_TITLE`  -- if set, new repositories will have this key automatically added to their deploy keys.  `GITEA_DEPLOY_READONLY` is a boolean that defaults to `true`; you must explicitly set it to `false` if you want the key to be read/write.
 * `GITEA_CREATE` -- an array of options used as defaults for repository creation.  For example setting `GITEA_CREATE=("private=" "true")` will make new repositories private by default, unless you do `gitea new some/repo private= false` (or the equivalent, `gitea --public new some/repo`) to override it.
 
 ### Creating Custom Commands
diff --git a/bin/gitea b/bin/gitea
@@ -185,14 +185,16 @@ gitea.exists() { split_repo "$1" && auth api 200 404 "repos/$REPLY" ; }
 gitea.delete() { split_repo "$1" && auth api 204 "" "/repos/$REPLY" -X DELETE; }
 gitea.deploy-key() {
     split_repo "$1"
-    jmap title "$2" key "$3" | json auth api 201 "" /repos/$REPLY/keys
+    jmap title "$2" key "$3" read_only= "${4-true}" | json auth api 201 "" /repos/$REPLY/keys
 }
 gitea.new() {
     split_repo "$1"; local org="${REPLY[1]}" repo="${REPLY[2]}"
     if [[ $org == "$GITEA_USER" ]]; then org=user; else org="org/$org"; fi
     jmap name "$repo" ${GITEA_CREATE[@]+"${GITEA_CREATE[@]}"} "${@:2}" |
         json api "200|201" "" "$org/repos?token=$GITEA_API_TOKEN"
-    [[ ! "${GITEA_DEPLOY_KEY-}" ]] || gitea deploy-key "$1" "${GITEA_DEPLOY_KEY_TITLE:-default}" "$GITEA_DEPLOY_KEY"
+    [[ ! "${GITEA_DEPLOY_KEY-}" ]] ||
+        gitea deploy-key "$1" "${GITEA_DEPLOY_KEY_TITLE:-default}" \
+            "$GITEA_DEPLOY_KEY" "${GITEA_DEPLOY_READONLY:-true}"
 }
 gitea.vendor-merge() { :; }
 
diff --git a/gitea.md b/gitea.md
@@ -24,7 +24,7 @@
   * [Commands](#commands)
     + [gitea exists *repo*](#gitea-exists-repo)
     + [gitea delete *repo*](#gitea-delete-repo)
-    + [gitea deploy-key *repo keytitle key*](#gitea-deploy-key-repo-keytitle-key)
+    + [gitea deploy-key *repo keytitle key [readonly=true]*](#gitea-deploy-key-repo-keytitle-key-readonlytrue)
     + [gitea new *repo [opts...]*](#gitea-new-repo-opts)
     + [gitea vendor [create-opts...]](#gitea-vendor-create-opts)
   * [Utilities](#utilities)
@@ -222,23 +222,24 @@ gitea.delete() { split_repo "$1" && auth api 204 "" "/repos/$REPLY" -X DELETE; }
     [0]
 ~~~
 
-### gitea deploy-key *repo keytitle key*
+### gitea deploy-key *repo keytitle key [readonly=true]*
 
 Add a deployment key *key* named *keytitle* to *repo*.  Returns success if the key was successfully added.
 
 ```shell
 gitea.deploy-key() {
     split_repo "$1"
-    jmap title "$2" key "$3" | json auth api 201 "" /repos/$REPLY/keys
+    jmap title "$2" key "$3" read_only= "${4-true}" | json auth api 201 "" /repos/$REPLY/keys
 }
 ```
 
 ~~~shell
-    $ curl_status=201 gitea deploy-key foo/bar baz spam
+    $ curl_status=201 gitea deploy-key foo/bar baz spam false
     curl --silent --write-out %\{http_code\} --output /dev/null -X POST -H Content-Type:\ application/json -d @- -H Authorization:\ token\ EXAMPLE_TOKEN https://example.com/gitea/api/v1/repos/foo/bar/keys
     {
       "title": "baz",
-      "key": "spam"
+      "key": "spam",
+      "read_only": false
     }
 ~~~
 
@@ -252,7 +253,9 @@ gitea.new() {
     if [[ $org == "$GITEA_USER" ]]; then org=user; else org="org/$org"; fi
     jmap name "$repo" ${GITEA_CREATE[@]+"${GITEA_CREATE[@]}"} "${@:2}" |
         json api "200|201" "" "$org/repos?token=$GITEA_API_TOKEN"
-    [[ ! "${GITEA_DEPLOY_KEY-}" ]] || gitea deploy-key "$1" "${GITEA_DEPLOY_KEY_TITLE:-default}" "$GITEA_DEPLOY_KEY"
+    [[ ! "${GITEA_DEPLOY_KEY-}" ]] ||
+        gitea deploy-key "$1" "${GITEA_DEPLOY_KEY_TITLE:-default}" \
+            "$GITEA_DEPLOY_KEY" "${GITEA_DEPLOY_READONLY:-true}"
 }
 ```
 
@@ -287,11 +290,16 @@ gitea.new() {
     curl --silent --write-out %\{http_code\} --output /dev/null -X POST -H Content-Type:\ application/json -d @- -H Authorization:\ token\ EXAMPLE_TOKEN https://example.com/gitea/api/v1/repos/foo/bar/keys
     {
       "title": "default",
-      "key": "example-key"
+      "key": "example-key",
+      "read_only": true
     }
 
-# and it can have a GITEA_DEPLOY_KEY_TITLE
-    $ GITEA_DEPLOY_KEY=example-key GITEA_DEPLOY_KEY_TITLE=sample-title curl_status=201 gitea new foo/bar
+# and it can have a GITEA_DEPLOY_KEY_TITLE and GITEA_DEPLOY_KEY_READONLY
+    $ GITEA_DEPLOY_KEY=example-key \
+    > GITEA_DEPLOY_KEY_TITLE=sample-title \
+    > GITEA_DEPLOY_READONLY=false \
+    > curl_status=201 \
+    > gitea new foo/bar
     curl --silent --write-out %\{http_code\} --output /dev/null -X POST -H Content-Type:\ application/json -d @- https://example.com/gitea/api/v1/org/foo/repos\?token=EXAMPLE_TOKEN
     {
       "name": "bar",
@@ -300,7 +308,8 @@ gitea.new() {
     curl --silent --write-out %\{http_code\} --output /dev/null -X POST -H Content-Type:\ application/json -d @- -H Authorization:\ token\ EXAMPLE_TOKEN https://example.com/gitea/api/v1/repos/foo/bar/keys
     {
       "title": "sample-title",
-      "key": "example-key"
+      "key": "example-key",
+      "read_only": false
     }
 ~~~
 
