diff options
| author | Giteabot <teabot@gitea.io> | 2023-06-30 03:53:00 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-30 07:53:00 +0000 |
| commit | 24cf06592e258c1de251da29ad04b2c95316a408 (patch) | |
| tree | 30f2f093d9509dae8a863c671ffc0837d730e200 /package-lock.json | |
| parent | 0b6f7fb60709a499fe4f5d69ff77ed8337e05b8e (diff) | |
| download | gitea-24cf06592e258c1de251da29ad04b2c95316a408.tar.gz gitea-24cf06592e258c1de251da29ad04b2c95316a408.zip | |
Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581) (#25604)
Backport #25581 by @wolfogre
Resolve #24789
## :warning: BREAKING :warning:
Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.
But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.
If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.
Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.
Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.
Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.
Follow-up on the runner side:
- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70
Co-authored-by: Jason Song <i@wolfogre.com>
Diffstat (limited to 'package-lock.json')
0 files changed, 0 insertions, 0 deletions