From 0bfe5eb10b1953cb1f85f7a7b6eb5f24724b8021 Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 21 Oct 2019 09:21:45 +0100 Subject: Allow Protected Branches to Whitelist Deploy Keys (#8483) Add an option to protected branches to add writing deploy keys to the whitelist for pushing. Please note this is technically a breaking change: previously if the owner of a repository was on the whitelist then any writing deploy key was effectively on the whitelist. This option will now need to be set if that is desired. Closes #8472 Details: * Allow Protected Branches to Whitelist Deploy Keys * Add migration * Ensure that IsDeployKey is set to false on the http pushes * add not null default false --- cmd/hook.go | 2 ++ cmd/serv.go | 2 ++ 2 files changed, 4 insertions(+) (limited to 'cmd') diff --git a/cmd/hook.go b/cmd/hook.go index f5b7962aab..f07568dd8b 100644 --- a/cmd/hook.go +++ b/cmd/hook.go @@ -66,6 +66,7 @@ func runHookPreReceive(c *cli.Context) error { reponame := os.Getenv(models.EnvRepoName) userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64) prID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchPRID), 10, 64) + isDeployKey, _ := strconv.ParseBool(os.Getenv(models.EnvIsDeployKey)) buf := bytes.NewBuffer(nil) scanner := bufio.NewScanner(os.Stdin) @@ -98,6 +99,7 @@ func runHookPreReceive(c *cli.Context) error { GitObjectDirectory: os.Getenv(private.GitObjectDirectory), GitQuarantinePath: os.Getenv(private.GitQuarantinePath), ProtectedBranchID: prID, + IsDeployKey: isDeployKey, }) switch statusCode { case http.StatusInternalServerError: diff --git a/cmd/serv.go b/cmd/serv.go index 6533b0371c..1ac6b21e53 100644 --- a/cmd/serv.go +++ b/cmd/serv.go @@ -191,6 +191,8 @@ func runServ(c *cli.Context) error { os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10)) os.Setenv(models.ProtectedBranchRepoID, strconv.FormatInt(results.RepoID, 10)) os.Setenv(models.ProtectedBranchPRID, fmt.Sprintf("%d", 0)) + os.Setenv(models.EnvIsDeployKey, fmt.Sprintf("%t", results.IsDeployKey)) + os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID)) //LFS token authentication if verb == lfsAuthenticateVerb { -- cgit v1.2.3