aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--routers/api/actions/runner/utils.go13
1 files changed, 5 insertions, 8 deletions
diff --git a/routers/api/actions/runner/utils.go b/routers/api/actions/runner/utils.go
index e95df7a00f..b8c7ca842a 100644
--- a/routers/api/actions/runner/utils.go
+++ b/routers/api/actions/runner/utils.go
@@ -55,8 +55,12 @@ func pickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv
func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[string]string {
secrets := map[string]string{}
+
+ secrets["GITHUB_TOKEN"] = task.Token
+ secrets["GITEA_TOKEN"] = task.Token
+
if task.Job.Run.IsForkPullRequest && task.Job.Run.TriggerEvent != actions_module.GithubEventPullRequestTarget {
- // ignore secrets for fork pull request
+ // ignore secrets for fork pull request, except GITHUB_TOKEN and GITEA_TOKEN which are automatically generated.
// for the tasks triggered by pull_request_target event, they could access the secrets because they will run in the context of the base branch
// see the documentation: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
return secrets
@@ -82,13 +86,6 @@ func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[s
}
}
- if _, ok := secrets["GITHUB_TOKEN"]; !ok {
- secrets["GITHUB_TOKEN"] = task.Token
- }
- if _, ok := secrets["GITEA_TOKEN"]; !ok {
- secrets["GITEA_TOKEN"] = task.Token
- }
-
return secrets
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-12 07:36:21 +0000