source.dussan.org Git - gitea.git/commit

author	Rowan Bohde <rowan.bohde@gmail.com>
	Wed, 20 Nov 2024 15:24:09 +0000 (09:24 -0600)
committer	GitHub <noreply@github.com>
	Wed, 20 Nov 2024 15:24:09 +0000 (15:24 +0000)
commit	407b6e6dfc7ee9ebb8a16c7f1a786e4c24d0516e
tree	a3868b39f5a1e3c5d1b05cd83e88b052fd5d7e7d	tree \| snapshot
parent	56bff7ae234ee21d0e4524e401a49385c383ccaf	commit \| diff

allow the actions user to login via the jwt token (#32527)

We have some actions that leverage the Gitea API that began receiving
401 errors, with a message that the user was not found. These actions
use the `ACTIONS_RUNTIME_TOKEN` env var in the actions job to
authenticate with the Gitea API. The format of this env var in actions
jobs changed with go-gitea/gitea/pull/28885 to be a JWT (with a
corresponding update to `act_runner`) Since it was a JWT, the OAuth
parsing logic attempted to parse it as an OAuth token, and would return
user not found, instead of falling back to look up the running task and
assigning it to the actions user.

Make ACTIONS_RUNTIME_TOKEN in action runners could be used,
attempting to parse Oauth JWTs. The code to parse potential old
`ACTION_RUNTIME_TOKEN` was kept in case someone is running an older
version of act_runner that doesn't support the Actions JWT.

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

RSS Atom

models/fixtures/action_task.yml		diff \| blob \| history
services/actions/auth.go		diff \| blob \| history
services/auth/oauth2.go		diff \| blob \| history
services/auth/oauth2_test.go	[new file with mode: 0644]	blob