aboutsummaryrefslogtreecommitdiffstats
path: root/custom
diff options
context:
space:
mode:
authorJason Song <i@wolfogre.com>2023-06-30 15:26:36 +0800
committerGitHub <noreply@github.com>2023-06-30 07:26:36 +0000
commit67bd9d4f1eedb4728031504d0dd09d014c0f3e6f (patch)
tree85aebbd4bca5439230744646f94ea082ec5f14d6 /custom
parent254a82842addb1475611789107c3720e37394879 (diff)
downloadgitea-67bd9d4f1eedb4728031504d0dd09d014c0f3e6f.tar.gz
gitea-67bd9d4f1eedb4728031504d0dd09d014c0f3e6f.zip
Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581)
Resolve #24789 ## :warning: BREAKING :warning: Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`. But now, `DEFAULT_ACTIONS_URL` supports only `github`(`https://github.com`) or `self`(the root url of current Gitea instance), and the default value is `github`. If it has configured with a URL, an error log will be displayed and it will fallback to `github`. Actually, what we really want to do is always make it `https://github.com`, however, this may not be acceptable for some instances of internal use, so there's extra support for `self`, but no more, even `https://gitea.com`. Please note that `uses: https://xxx/yyy/zzz` always works and it does exactly what it is supposed to do. Although it's breaking, I belive it should be backported to `v1.20` due to some security issues. Follow-up on the runner side: - https://gitea.com/gitea/act_runner/pulls/262 - https://gitea.com/gitea/act/pulls/70
Diffstat (limited to 'custom')
-rw-r--r--custom/conf/app.example.ini4
1 files changed, 2 insertions, 2 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 57adce83c0..b2b6739f38 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2541,8 +2541,8 @@ LEVEL = Info
;; Enable/Disable actions capabilities
;ENABLED = false
;;
-;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
-;DEFAULT_ACTIONS_URL = https://gitea.com
+;; Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance.
+;DEFAULT_ACTIONS_URL = github
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;