diff options
| author | js6pak <me@6pak.dev> | 2023-08-30 00:13:16 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-29 22:13:16 +0000 |
| commit | 4f5a2117c37f1bf89d1686f407dff600a8783a97 (patch) | |
| tree | 20316b7e03973a8029ff7346322f5eed3a8a01d4 /routers | |
| parent | b91057b172dea07a9db1bf96a32d2ab25a0e030d (diff) | |
| download | gitea-4f5a2117c37f1bf89d1686f407dff600a8783a97.tar.gz gitea-4f5a2117c37f1bf89d1686f407dff600a8783a97.zip | |
Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759)
Include `GITHUB_TOKEN`/`GITEA_TOKEN` secrets for actions triggered by
pull requests
This makes it consistent with the environment variables which you can
already access
```shell
echo env: $GITHUB_TOKEN
echo expression: ${{ secrets.GITHUB_TOKEN }}
```
before
after
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/actions/runner/utils.go | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/routers/api/actions/runner/utils.go b/routers/api/actions/runner/utils.go index e95df7a00f..b8c7ca842a 100644 --- a/routers/api/actions/runner/utils.go +++ b/routers/api/actions/runner/utils.go @@ -55,8 +55,12 @@ func pickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[string]string { secrets := map[string]string{} + + secrets["GITHUB_TOKEN"] = task.Token + secrets["GITEA_TOKEN"] = task.Token + if task.Job.Run.IsForkPullRequest && task.Job.Run.TriggerEvent != actions_module.GithubEventPullRequestTarget { - // ignore secrets for fork pull request + // ignore secrets for fork pull request, except GITHUB_TOKEN and GITEA_TOKEN which are automatically generated. // for the tasks triggered by pull_request_target event, they could access the secrets because they will run in the context of the base branch // see the documentation: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target return secrets @@ -82,13 +86,6 @@ func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[s } } - if _, ok := secrets["GITHUB_TOKEN"]; !ok { - secrets["GITHUB_TOKEN"] = task.Token - } - if _, ok := secrets["GITEA_TOKEN"]; !ok { - secrets["GITEA_TOKEN"] = task.Token - } - return secrets } |