diff options
author | zeripath <art27@cantab.net> | 2019-10-21 09:21:45 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-21 09:21:45 +0100 |
commit | 0bfe5eb10b1953cb1f85f7a7b6eb5f24724b8021 (patch) | |
tree | 8844040cf40b0f37c9457eade166a8bff1a91152 /modules | |
parent | b1c1e1549b50bbd5929e2c4dd72a1dbf4b511b50 (diff) | |
download | gitea-0bfe5eb10b1953cb1f85f7a7b6eb5f24724b8021.tar.gz gitea-0bfe5eb10b1953cb1f85f7a7b6eb5f24724b8021.zip |
Allow Protected Branches to Whitelist Deploy Keys (#8483)
Add an option to protected branches to add writing deploy keys to the whitelist for pushing.
Please note this is technically a breaking change: previously if the owner of a repository was on the whitelist then any writing deploy key was effectively on the whitelist. This option will now need to be set if that is desired.
Closes #8472
Details:
* Allow Protected Branches to Whitelist Deploy Keys
* Add migration
* Ensure that IsDeployKey is set to false on the http pushes
* add not null default false
Diffstat (limited to 'modules')
-rw-r--r-- | modules/auth/repo_form.go | 1 | ||||
-rw-r--r-- | modules/private/hook.go | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/modules/auth/repo_form.go b/modules/auth/repo_form.go index 5a8ac5934f..2280666114 100644 --- a/modules/auth/repo_form.go +++ b/modules/auth/repo_form.go @@ -152,6 +152,7 @@ type ProtectBranchForm struct { EnableWhitelist bool WhitelistUsers string WhitelistTeams string + WhitelistDeployKeys bool EnableMergeWhitelist bool MergeWhitelistUsers string MergeWhitelistTeams string diff --git a/modules/private/hook.go b/modules/private/hook.go index 67496b5132..cc9703cc77 100644 --- a/modules/private/hook.go +++ b/modules/private/hook.go @@ -31,11 +31,12 @@ type HookOptions struct { GitAlternativeObjectDirectories string GitQuarantinePath string ProtectedBranchID int64 + IsDeployKey bool } // HookPreReceive check whether the provided commits are allowed func HookPreReceive(ownerName, repoName string, opts HookOptions) (int, string) { - reqURL := setting.LocalURL + fmt.Sprintf("api/internal/hook/pre-receive/%s/%s?old=%s&new=%s&ref=%s&userID=%d&gitObjectDirectory=%s&gitAlternativeObjectDirectories=%s&gitQuarantinePath=%s&prID=%d", + reqURL := setting.LocalURL + fmt.Sprintf("api/internal/hook/pre-receive/%s/%s?old=%s&new=%s&ref=%s&userID=%d&gitObjectDirectory=%s&gitAlternativeObjectDirectories=%s&gitQuarantinePath=%s&prID=%d&isDeployKey=%t", url.PathEscape(ownerName), url.PathEscape(repoName), url.QueryEscape(opts.OldCommitID), @@ -46,6 +47,7 @@ func HookPreReceive(ownerName, repoName string, opts HookOptions) (int, string) url.QueryEscape(opts.GitAlternativeObjectDirectories), url.QueryEscape(opts.GitQuarantinePath), opts.ProtectedBranchID, + opts.IsDeployKey, ) resp, err := newInternalRequest(reqURL, "GET").Response() |