Treat PRs with agit flow as fork PRs when triggering actions. (#23884)

There is no fork concept in agit flow, anyone with read permission can push `refs/for/<target-branch>/<topic-branch>` to the repo. So we should treat it as a fork pull request because it may be from an untrusted user.
author: Jason Song <i@wolfogre.com> 2023-04-07 04:57:30 +0800
committer: GitHub <noreply@github.com> 2023-04-06 16:57:30 -0400
commit: d92909fa8b4427cb3e6fca4ec18487ab506e34bf (patch)
tree: 8c09fc83e7e57fd4e5fc5f3721d9b6b61f597322 /models
parent: 9b416b2e36a035672226d4b83c6b7e87578b17fe (diff)
download: gitea-d92909fa8b4427cb3e6fca4ec18487ab506e34bf.tar.gz
gitea-d92909fa8b4427cb3e6fca4ec18487ab506e34bf.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/models/actions/run.go b/models/actions/run.go
index 22041b65a9..b58683dd36 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -36,7 +36,7 @@ type ActionRun struct {
 	TriggerUser       *user_model.User       `xorm:"-"`
 	Ref               string
 	CommitSHA         string
-	IsForkPullRequest bool
+	IsForkPullRequest bool  // If this is triggered by a PR from a forked repository or an untrusted user, we need to check if it is approved and limit permissions when running the workflow.
 	NeedApproval      bool  // may need approval if it's a fork pull request
 	ApprovedBy        int64 `xorm:"index"` // who approved
 	Event             webhook_module.HookEventType
author	Jason Song <i@wolfogre.com>	2023-04-07 04:57:30 +0800
committer	GitHub <noreply@github.com>	2023-04-06 16:57:30 -0400
commit	d92909fa8b4427cb3e6fca4ec18487ab506e34bf (patch)
tree	8c09fc83e7e57fd4e5fc5f3721d9b6b61f597322 /models
parent	9b416b2e36a035672226d4b83c6b7e87578b17fe (diff)
download	gitea-d92909fa8b4427cb3e6fca4ec18487ab506e34bf.tar.gz gitea-d92909fa8b4427cb3e6fca4ec18487ab506e34bf.zip