Allow the use of another secret defined for the same repo

repositories.go

@@ -264,7 +264,7 @@ func declareCallbacksRoutes(router *gin.RouterGroup) {
 	router.POST("/callbacks/trigger.json", func(c *gin.Context) {
 		// Check event type
 		if c.Request.Header.Get("X-Gitlab-Event") != "Tag Push Hook" {
-			c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": "This trigger is limited to Tag Push event. Please edit your trigger."})
+			c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": "This trigger is limited to Tag Push event. Please edit your trigger on GitLab."})
 			return
 		}
 
@@ -284,7 +284,6 @@ func declareCallbacksRoutes(router *gin.RouterGroup) {
 
 		var repo *Repository
 		for _, r := range repos {
-			log.Println("Received trigger")
 			if len(r.Secret) == 0 || base64.StdEncoding.EncodeToString(r.Secret) == c.Request.Header.Get("X-Gitlab-Token") {
 				repo = r
 				break
@@ -319,8 +318,27 @@ func declareCallbacksRoutes(router *gin.RouterGroup) {
 		}
 
 		if !strings.HasPrefix(tmp[2], work.Tag) {
-			c.AbortWithStatusJSON(http.StatusOK, gin.H{"errmsg": fmt.Sprintf("Ignore ref %q has it doesn't start with %s. Check submission instructions if this is not expected.", tmp[2], work.Tag)})
-			return
+			// Allow to use a secret for another tag
+			if len(repos) > 1 {
+				for _, r := range repos {
+					w, err := getWork(int(r.IdWork))
+					if err != nil {
+						log.Println("Unable to getWork:", err.Error())
+						continue
+					}
+
+					if strings.HasPrefix(tmp[2], w.Tag) {
+						repo = r
+						work = w
+						break
+					}
+				}
+			}
+
+			if !strings.HasPrefix(tmp[2], work.Tag) {
+				c.AbortWithStatusJSON(http.StatusOK, gin.H{"errmsg": fmt.Sprintf("Ignore ref %q has it doesn't start with %s. Check submission instructions if this is not expected.", tmp[2], work.Tag)})
+				return
+			}
 		}
 
 		TriggerTagUpdate(c, work, repo, user, &tmp[2])