source.dussan.org Git - gitea.git/commit

author	Jason Song <i@wolfogre.com>
	Fri, 30 Jun 2023 07:26:36 +0000 (15:26 +0800)
committer	GitHub <noreply@github.com>
	Fri, 30 Jun 2023 07:26:36 +0000 (07:26 +0000)
commit	67bd9d4f1eedb4728031504d0dd09d014c0f3e6f
tree	85aebbd4bca5439230744646f94ea082ec5f14d6	tree \| snapshot
parent	254a82842addb1475611789107c3720e37394879	commit \| diff

Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581)

Resolve #24789

## :warning: BREAKING :warning:

Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.

But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.

If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.

Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.

Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.

Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.

Follow-up on the runner side:

- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70

custom/conf/app.example.ini		diff \| blob \| history
docs/content/doc/administration/config-cheat-sheet.en-us.md		diff \| blob \| history
modules/setting/actions.go		diff \| blob \| history
modules/setting/actions_test.go		diff \| blob \| history
routers/api/actions/runner/utils.go		diff \| blob \| history