diff options
author | Jason Song <i@wolfogre.com> | 2023-06-30 15:26:36 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-30 07:26:36 +0000 |
commit | 67bd9d4f1eedb4728031504d0dd09d014c0f3e6f (patch) | |
tree | 85aebbd4bca5439230744646f94ea082ec5f14d6 /custom | |
parent | 254a82842addb1475611789107c3720e37394879 (diff) | |
download | gitea-67bd9d4f1eedb4728031504d0dd09d014c0f3e6f.tar.gz gitea-67bd9d4f1eedb4728031504d0dd09d014c0f3e6f.zip |
Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581)
Resolve #24789
## :warning: BREAKING :warning:
Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.
But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.
If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.
Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.
Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.
Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.
Follow-up on the runner side:
- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70
Diffstat (limited to 'custom')
-rw-r--r-- | custom/conf/app.example.ini | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 57adce83c0..b2b6739f38 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -2541,8 +2541,8 @@ LEVEL = Info ;; Enable/Disable actions capabilities ;ENABLED = false ;; -;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3" -;DEFAULT_ACTIONS_URL = https://gitea.com +;; Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance. +;DEFAULT_ACTIONS_URL = github ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |