setup_gitea: blocked log output when cloning reference repo

[nsilla]

SUMMARY

The setup_gitea role, may be used to create a gitea instance on an OCP cluster and even mirror a reference git repository as the default repository in the gitea instance.

To mirror this reference repository, the role takes the variable sg_repo_mirror_url, which may contain the git account user credentials in the format:

https://:@git.server/org/repo.git

This is not a problem if the cloning task succeeds, since the output is not too verbose. However in case of failures in the task the URL may be displayed in clear.

This change enables the no_log option in the task.

ISSUE TYPE

• Enhanced Feature

Tests

• TestBos2Sno: sno -

---

TestBos2Sno: sno sno:ansible_extravars=enable_gitea:true sno:ansible_extravars=sg_username:gituser sno:ansible_extravars=sg_password:Git_Ops_123 sno:ansible_extravars=sg_email:[email protected] sg_repository:gitops sno:ansible_extravars=sg_repo_mirror_url:[email protected]:redhatci/ansible-collection-redhatci-ocp.git sno:ansible_extravars=sg_repo_sshkey:/var/lib/dci-openshift-agent/.ssh/id_dcibot

[coderabbitai]

📝 Walkthrough

Walkthrough

Added no_log: true to the ansible.builtin.git task in the Gitea setup role's install tasks to suppress sensitive output from Ansible logs during the repository clone operation.

Changes

Cohort / File(s)	Summary
Git clone logging suppression roles/setup_gitea/tasks/install.yml	Added no_log: true to the ansible.builtin.git task that clones the reference repository to prevent sensitive data from being printed in Ansible logs.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• setup_gitea | Mirror all branches from reference repository #690: Modifies git clone/push behavior in roles/setup_gitea/tasks/install.yml (mirror/branch handling and cleanup), which may overlap with the clone task changed here.

Suggested reviewers

• fredericlepied

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title "setup_gitea: blocked log output when cloning reference repo" directly describes the main change in the changeset: adding no_log: true to the Ansible task that clones the reference repository. The title is concise, specific, and avoids vague terminology. A developer reviewing commit history would immediately understand that this PR suppresses log output during repository cloning. The title accurately reflects the changeset's primary purpose.
Description Check	✅ Passed	The pull request description is well-related to the changeset. It provides helpful context by explaining the setup_gitea role's purpose, identifies the specific problem (credentials in sg_repo_mirror_url being exposed in logs during task failures), and clearly states the solution (enabling no_log). The description includes the issue type and test information, all of which pertain to the actual change being made. The description is neither vague nor generic—it meaningfully explains the motivation behind adding log suppression.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch setup_gitea_no_log

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b40960 and b4f8d7f.

📒 Files selected for processing (1)

• roles/setup_gitea/tasks/install.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• roles/setup_gitea/tasks/install.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: dci/check
• GitHub Check: Ansible-lint Check
• GitHub Check: Sanity Check (stable-2.9)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nsilla]

recheck

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/15d0a9ff82f544828b8786901169bbfd

✔️ dci-rpm-build-el8 SUCCESS in 2m 48s
✔️ dci-rpm-build-el9 SUCCESS in 2m 20s

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/25b526484ab34182a63183cccbaed646

✔️ dci-rpm-build-el8 SUCCESS in 2m 51s
✔️ dci-rpm-build-el9 SUCCESS in 2m 19s

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/2b2fe340e9fa43f4a391cb5e3c9b1a6c

✔️ dci-rpm-build-el8 SUCCESS in 2m 50s
✔️ dci-rpm-build-el9 SUCCESS in 2m 21s