feat: Allow custom user agent for Forgejo/Gitea

Added the ability to specify a custom User-Agent header for API requests
to Gitea/Forgejo instances. This is useful for instances protected by AI
scraping protection proxies that may block requests lacking a recognized
User-Agent.

The User-Agent can be configured per repository in the `Repository` CRD
under `spec.settings.gitea.user_agent`. If not specified, it defaults to
"pipelines-as-code/<version>". This functionality was implemented by
adding a new field to the `GiteaSettings` struct and updating the
`gitea.go` provider to utilize this new setting when initializing the
Gitea client. Documentation and tests were also updated to reflect this
change.

Jira: https://issues.redhat.com/browse/SRVKP-10579
AI-assisted-by: Google Gemini
Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>

Author: chmouel

config/300-repositories.yaml

@@ -448,6 +448,17 @@ spec:
                         - roles
                         - secret_ref
                       type: object
+                    forgejo:
+                      description: Forgejo contains Forgejo/Gitea-specific settings.
+                      properties:
+                        user_agent:
+                          description: |-
+                            UserAgent sets the User-Agent header on API requests to the Gitea/Forgejo instance.
+                            This is useful when the instance is behind an AI scraping protection proxy (e.g. Anubis)
+                            that blocks requests without a recognized User-Agent.
+                            Defaults to "pipelines-as-code/<version>" when left empty.
+                          type: string
+                      type: object
                     github:
                       properties:
                         comment_strategy:

docs/content/docs/guide/repositorycrd.md

@@ -192,6 +192,23 @@ spec:
       comment_strategy: "disable_all"
 ```
 
+### Forgejo/Gitea
+
+You can configure a custom `User-Agent` header for API requests to
+Forgejo/Gitea instances. This is useful when the instance is behind an AI
+scraping protection proxy (such as [Anubis](https://anubis.techaro.lol/)) that
+blocks requests without a recognized `User-Agent`.
+
+By default, Pipelines-as-Code sends `pipelines-as-code/<version>` as the
+`User-Agent`. You can override it per repository:
+
+```yaml
+spec:
+  settings:
+    forgejo:
+      user_agent: "my-custom-agent"
+```
+
 ## Concurrency
 
 `concurrency_limit` allows you to define the maximum number of PipelineRuns running at any time for a Repository.

pkg/apis/pipelinesascode/v1alpha1/types.go

@@ -161,6 +161,10 @@ type Settings struct {
 
 	Github *GithubSettings `json:"github,omitempty"`
 
+	// Forgejo contains Forgejo/Gitea-specific settings.
+	// +optional
+	Forgejo *ForgejoSettings `json:"forgejo,omitempty"`
+
 	// AIAnalysis contains AI/LLM analysis configuration for automated CI/CD pipeline analysis.
 	// +optional
 	AIAnalysis *AIAnalysisConfig `json:"ai,omitempty"`
@@ -186,6 +190,15 @@ type GithubSettings struct {
 	CommentStrategy string `json:"comment_strategy,omitempty"`
 }
 
+type ForgejoSettings struct {
+	// UserAgent sets the User-Agent header on API requests to the Gitea/Forgejo instance.
+	// This is useful when the instance is behind an AI scraping protection proxy (e.g. Anubis)
+	// that blocks requests without a recognized User-Agent.
+	// Defaults to "pipelines-as-code/<version>" when left empty.
+	// +optional
+	UserAgent string `json:"user_agent,omitempty"`
+}
+
 func (s *Settings) Merge(newSettings *Settings) {
 	if newSettings.PipelineRunProvenance != "" && s.PipelineRunProvenance == "" {
 		s.PipelineRunProvenance = newSettings.PipelineRunProvenance
@@ -196,6 +209,9 @@ func (s *Settings) Merge(newSettings *Settings) {
 	if newSettings.GithubAppTokenScopeRepos != nil && s.GithubAppTokenScopeRepos == nil {
 		s.GithubAppTokenScopeRepos = newSettings.GithubAppTokenScopeRepos
 	}
+	if newSettings.Forgejo != nil && s.Forgejo == nil {
+		s.Forgejo = newSettings.Forgejo
+	}
 	if newSettings.AIAnalysis != nil && s.AIAnalysis == nil {
 		s.AIAnalysis = newSettings.AIAnalysis
 	}

pkg/apis/pipelinesascode/v1alpha1/types_test.go

@@ -117,6 +117,56 @@ func TestMergeSpecs(t *testing.T) {
 				ConcurrencyLimit: &two,
 			},
 		},
+		{
+			name: "forgejo settings from global",
+			local: &RepositorySpec{
+				Settings:    &Settings{},
+				GitProvider: &GitProvider{},
+			},
+			global: RepositorySpec{
+				Settings: &Settings{
+					Forgejo: &ForgejoSettings{
+						UserAgent: "my-custom-agent",
+					},
+				},
+				GitProvider: &GitProvider{},
+			},
+			expected: &RepositorySpec{
+				Settings: &Settings{
+					Forgejo: &ForgejoSettings{
+						UserAgent: "my-custom-agent",
+					},
+				},
+				GitProvider: &GitProvider{},
+			},
+		},
+		{
+			name: "local forgejo settings take precedence",
+			local: &RepositorySpec{
+				Settings: &Settings{
+					Forgejo: &ForgejoSettings{
+						UserAgent: "local-agent",
+					},
+				},
+				GitProvider: &GitProvider{},
+			},
+			global: RepositorySpec{
+				Settings: &Settings{
+					Forgejo: &ForgejoSettings{
+						UserAgent: "global-agent",
+					},
+				},
+				GitProvider: &GitProvider{},
+			},
+			expected: &RepositorySpec{
+				Settings: &Settings{
+					Forgejo: &ForgejoSettings{
+						UserAgent: "local-agent",
+					},
+				},
+				GitProvider: &GitProvider{},
+			},
+		},
 		{
 			name: "different git providers",
 			local: &RepositorySpec{

pkg/provider/gitea/gitea.go

@@ -24,6 +24,7 @@ import (
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/info"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/triggertype"
+	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/versiondata"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/provider"
 	providerMetrics "github.com/openshift-pipelines/pipelines-as-code/pkg/provider/providermetrics"
 	providerstatus "github.com/openshift-pipelines/pipelines-as-code/pkg/provider/status"
@@ -200,14 +201,18 @@ func (v *Provider) GetConfig() *info.ProviderConfig {
 func (v *Provider) SetClient(_ context.Context, run *params.Run, runevent *info.Event, repo *v1alpha1.Repository, emitter *events.EventEmitter) error {
 	var err error
 	apiURL := runevent.Provider.URL
+	userAgent := "pipelines-as-code/" + strings.TrimSpace(versiondata.Version)
+	if repo != nil && repo.Spec.Settings != nil && repo.Spec.Settings.Forgejo != nil && repo.Spec.Settings.Forgejo.UserAgent != "" {
+		userAgent = repo.Spec.Settings.Forgejo.UserAgent
+	}
 	// password is not exposed to CRD, it's only used from the e2e tests
 	if v.Password != "" && runevent.Provider.User != "" {
-		v.giteaClient, err = forgejo.NewClient(apiURL, forgejo.SetBasicAuth(runevent.Provider.User, v.Password))
+		v.giteaClient, err = forgejo.NewClient(apiURL, forgejo.SetBasicAuth(runevent.Provider.User, v.Password), forgejo.SetUserAgent(userAgent))
 	} else {
 		if runevent.Provider.Token == "" {
 			return fmt.Errorf("no git_provider.secret has been set in the repo crd")
 		}
-		v.giteaClient, err = forgejo.NewClient(apiURL, forgejo.SetToken(runevent.Provider.Token))
+		v.giteaClient, err = forgejo.NewClient(apiURL, forgejo.SetToken(runevent.Provider.Token), forgejo.SetUserAgent(userAgent))
 	}
 	if err != nil {
 		return err