2014-04-16 03:37:07 -05:00
// Copyright 2014 The Gogs Authors. All rights reserved.
2019-04-25 17:42:50 -05:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2022-11-27 13:20:29 -05:00
// SPDX-License-Identifier: MIT
2014-04-16 03:37:07 -05:00
2014-04-10 13:20:58 -05:00
package repo
import (
2014-04-10 21:27:13 -05:00
"bytes"
2014-10-15 15:28:38 -05:00
"compress/gzip"
2022-01-19 18:26:57 -05:00
gocontext "context"
2014-04-10 13:20:58 -05:00
"fmt"
"net/http"
"os"
"path"
"regexp"
"strconv"
"strings"
2020-01-15 21:40:13 -05:00
"sync"
2014-04-10 13:20:58 -05:00
"time"
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 20:45:19 -05:00
actions_model "code.gitea.io/gitea/models/actions"
2023-04-26 19:24:03 -05:00
auth_model "code.gitea.io/gitea/models/auth"
2021-11-28 06:58:28 -05:00
"code.gitea.io/gitea/models/perm"
2022-05-11 05:09:36 -05:00
access_model "code.gitea.io/gitea/models/perm/access"
2021-12-09 20:27:50 -05:00
repo_model "code.gitea.io/gitea/models/repo"
2021-11-09 14:57:58 -05:00
"code.gitea.io/gitea/models/unit"
2016-11-10 11:24:48 -05:00
"code.gitea.io/gitea/modules/context"
2019-06-26 13:15:26 -05:00
"code.gitea.io/gitea/modules/git"
2016-11-10 11:24:48 -05:00
"code.gitea.io/gitea/modules/log"
2022-05-08 11:46:32 -05:00
repo_module "code.gitea.io/gitea/modules/repository"
2016-11-10 11:24:48 -05:00
"code.gitea.io/gitea/modules/setting"
2020-05-29 09:47:17 -05:00
"code.gitea.io/gitea/modules/structs"
2020-08-11 15:05:34 -05:00
"code.gitea.io/gitea/modules/util"
2019-12-14 21:49:52 -05:00
repo_service "code.gitea.io/gitea/services/repository"
2023-04-25 13:35:50 -05:00
"github.com/go-chi/cors"
2014-04-10 13:20:58 -05:00
)
2023-04-25 13:35:50 -05:00
func HTTPGitEnabledHandler ( ctx * context . Context ) {
2021-01-26 10:36:53 -05:00
if setting . Repository . DisableHTTPGit {
ctx . Resp . WriteHeader ( http . StatusForbidden )
2023-04-25 13:35:50 -05:00
_ , _ = ctx . Resp . Write ( [ ] byte ( "Interacting with repositories by HTTP protocol is not allowed" ) )
2021-01-26 10:36:53 -05:00
}
2023-04-25 13:35:50 -05:00
}
2021-01-26 10:36:53 -05:00
2023-04-25 13:35:50 -05:00
func CorsHandler ( ) func ( next http . Handler ) http . Handler {
if setting . Repository . AccessControlAllowOrigin != "" {
return cors . Handler ( cors . Options {
AllowedOrigins : [ ] string { setting . Repository . AccessControlAllowOrigin } ,
AllowedHeaders : [ ] string { "Content-Type" , "Authorization" , "User-Agent" } ,
} )
}
return func ( next http . Handler ) http . Handler {
return next
2019-01-14 16:05:27 -05:00
}
2023-04-25 13:35:50 -05:00
}
2019-01-14 16:05:27 -05:00
2023-04-25 13:35:50 -05:00
// httpBase implementation git smart HTTP protocol
func httpBase ( ctx * context . Context ) ( h * serviceHandler ) {
2014-07-25 23:24:27 -05:00
username := ctx . Params ( ":username" )
2015-11-30 20:45:55 -05:00
reponame := strings . TrimSuffix ( ctx . Params ( ":reponame" ) , ".git" )
2017-04-20 21:43:29 -05:00
2021-08-10 19:31:13 -05:00
if ctx . FormString ( "go-get" ) == "1" {
2017-09-23 08:24:24 -05:00
context . EarlyResponseForGoGetMeta ( ctx )
2017-04-20 21:43:29 -05:00
return
}
2014-04-10 13:20:58 -05:00
2020-01-15 21:40:13 -05:00
var isPull , receivePack bool
2021-08-10 19:31:13 -05:00
service := ctx . FormString ( "service" )
2014-04-10 13:20:58 -05:00
if service == "git-receive-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-receive-pack" ) {
isPull = false
2020-01-15 21:40:13 -05:00
receivePack = true
2014-04-10 13:20:58 -05:00
} else if service == "git-upload-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-pack" ) {
isPull = true
2017-02-21 10:02:10 -05:00
} else if service == "git-upload-archive" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-archive" ) {
isPull = true
2014-04-10 13:20:58 -05:00
} else {
2021-04-09 02:40:34 -05:00
isPull = ctx . Req . Method == "GET"
2014-04-10 13:20:58 -05:00
}
2021-11-28 06:58:28 -05:00
var accessMode perm . AccessMode
2017-02-21 10:02:10 -05:00
if isPull {
2021-11-28 06:58:28 -05:00
accessMode = perm . AccessModeRead
2017-02-21 10:02:10 -05:00
} else {
2021-11-28 06:58:28 -05:00
accessMode = perm . AccessModeWrite
2017-02-21 10:02:10 -05:00
}
2015-11-30 20:45:55 -05:00
isWiki := false
2022-01-20 12:46:10 -05:00
unitType := unit . TypeCode
2021-04-15 13:57:19 -05:00
var wikiRepoName string
2015-11-30 20:45:55 -05:00
if strings . HasSuffix ( reponame , ".wiki" ) {
isWiki = true
2021-11-09 14:57:58 -05:00
unitType = unit . TypeWiki
2021-04-15 13:57:19 -05:00
wikiRepoName = reponame
2017-02-25 09:54:40 -05:00
reponame = reponame [ : len ( reponame ) - 5 ]
2015-11-30 20:45:55 -05:00
}
2022-03-26 04:04:22 -05:00
owner := ctx . ContextUser
2020-11-18 04:58:25 -05:00
if ! owner . IsOrganization ( ) && ! owner . IsActive {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusForbidden , "Repository cannot be accessed. You cannot push or open issues/pull-requests." )
2020-11-12 18:29:11 -05:00
return
}
2019-04-25 00:51:40 -05:00
2019-12-14 21:49:52 -05:00
repoExist := true
2021-12-09 20:27:50 -05:00
repo , err := repo_model . GetRepositoryByName ( owner . ID , reponame )
2019-04-25 00:51:40 -05:00
if err != nil {
2021-12-09 20:27:50 -05:00
if repo_model . IsErrRepoNotExist ( err ) {
2021-12-12 10:48:20 -05:00
if redirectRepoID , err := repo_model . LookupRedirect ( owner . ID , reponame ) ; err == nil {
2023-05-20 20:50:53 -05:00
context . RedirectToRepo ( ctx . Base , redirectRepoID )
2019-12-14 21:49:52 -05:00
return
2019-04-25 00:51:40 -05:00
}
2019-12-14 21:49:52 -05:00
repoExist = false
2019-04-25 00:51:40 -05:00
} else {
ctx . ServerError ( "GetRepositoryByName" , err )
2019-12-14 21:49:52 -05:00
return
2019-04-25 00:51:40 -05:00
}
2014-04-10 13:20:58 -05:00
}
2019-01-23 13:58:38 -05:00
// Don't allow pushing if the repo is archived
2019-12-14 21:49:52 -05:00
if repoExist && repo . IsArchived && ! isPull {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusForbidden , "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests." )
2019-01-23 13:58:38 -05:00
return
}
2015-02-07 15:47:23 -05:00
// Only public pull don't need auth.
2019-12-14 21:49:52 -05:00
isPublicPull := repoExist && ! repo . IsPrivate && isPull
2015-02-07 15:47:23 -05:00
var (
2021-05-15 10:32:09 -05:00
askAuth = ! isPublicPull || setting . Service . RequireSignInView
environ [ ] string
2015-02-07 15:47:23 -05:00
)
2014-04-10 21:27:13 -05:00
2020-05-29 09:47:17 -05:00
// don't allow anonymous pulls if organization is not public
if isPublicPull {
2023-02-18 07:11:03 -05:00
if err := repo . LoadOwner ( ctx ) ; err != nil {
ctx . ServerError ( "LoadOwner" , err )
2020-05-29 09:47:17 -05:00
return
}
askAuth = askAuth || ( repo . Owner . Visibility != structs . VisibleTypePublic )
}
2014-04-10 13:20:58 -05:00
// check access
if askAuth {
2021-05-15 10:32:09 -05:00
// rely on the results of Contexter
if ! ctx . IsSigned {
// TODO: support digit auth - which would be Authorization header with digit
ctx . Resp . Header ( ) . Set ( "WWW-Authenticate" , "Basic realm=\".\"" )
ctx . Error ( http . StatusUnauthorized )
return
}
2016-12-28 16:33:59 -05:00
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
- `activitypub`
- `admin` (hidden if user is not a site admin)
- `misc`
- `notification`
- `organization`
- `package`
- `issue`
- `repository`
- `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
- `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
- `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection
### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">
## tokenRequiresScopes Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error
## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
- _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
- _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
- _This should be addressed in this PR_
- For example:
```go
m.Group("/users/{username}/orgs", func() {
m.Get("", reqToken(), org.ListUserOrgs)
m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
```
## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default
Closes #24501
Closes #24799
Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 13:57:16 -05:00
context . CheckRepoScopedToken ( ctx , repo , auth_model . GetScopeLevelFromAccessMode ( accessMode ) )
2023-04-26 19:24:03 -05:00
if ctx . Written ( ) {
return
}
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 20:45:19 -05:00
if ctx . IsBasicAuth && ctx . Data [ "IsApiToken" ] != true && ctx . Data [ "IsActionsToken" ] != true {
2023-04-26 19:24:03 -05:00
_ , err = auth_model . GetTwoFactorByUID ( ctx . Doer . ID )
2021-05-15 10:32:09 -05:00
if err == nil {
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusUnauthorized , "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page" )
2016-12-28 16:33:59 -05:00
return
2023-04-26 19:24:03 -05:00
} else if ! auth_model . IsErrTwoFactorNotEnrolled ( err ) {
2021-05-15 10:32:09 -05:00
ctx . ServerError ( "IsErrTwoFactorNotEnrolled" , err )
2015-01-08 09:16:38 -05:00
return
}
2018-03-28 20:39:51 -05:00
}
2014-04-10 13:20:58 -05:00
2022-03-22 02:03:22 -05:00
if ! ctx . Doer . IsActive || ctx . Doer . ProhibitLogin {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusForbidden , "Your account is disabled." )
2020-11-12 18:29:11 -05:00
return
}
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 20:45:19 -05:00
environ = [ ] string {
repo_module . EnvRepoUsername + "=" + username ,
repo_module . EnvRepoName + "=" + reponame ,
repo_module . EnvPusherName + "=" + ctx . Doer . Name ,
repo_module . EnvPusherID + fmt . Sprintf ( "=%d" , ctx . Doer . ID ) ,
repo_module . EnvAppURL + "=" + setting . AppURL ,
}
2018-03-28 20:39:51 -05:00
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 20:45:19 -05:00
if repoExist {
2021-07-28 04:42:56 -05:00
// Because of special ref "refs/for" .. , need delay write permission check
if git . SupportProcReceive {
2021-11-28 06:58:28 -05:00
accessMode = perm . AccessModeRead
2021-07-28 04:42:56 -05:00
}
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 20:45:19 -05:00
if ctx . Data [ "IsActionsToken" ] == true {
taskID := ctx . Data [ "ActionsTaskID" ] . ( int64 )
task , err := actions_model . GetTaskByID ( ctx , taskID )
if err != nil {
ctx . ServerError ( "GetTaskByID" , err )
return
}
if task . RepoID != repo . ID {
ctx . PlainText ( http . StatusForbidden , "User permission denied" )
return
}
if task . IsForkPullRequest {
if accessMode > perm . AccessModeRead {
ctx . PlainText ( http . StatusForbidden , "User permission denied" )
return
}
environ = append ( environ , fmt . Sprintf ( "%s=%d" , repo_module . EnvActionPerm , perm . AccessModeRead ) )
} else {
if accessMode > perm . AccessModeWrite {
ctx . PlainText ( http . StatusForbidden , "User permission denied" )
return
}
environ = append ( environ , fmt . Sprintf ( "%s=%d" , repo_module . EnvActionPerm , perm . AccessModeWrite ) )
}
} else {
p , err := access_model . GetUserRepoPermission ( ctx , repo , ctx . Doer )
if err != nil {
ctx . ServerError ( "GetUserRepoPermission" , err )
return
}
if ! p . CanAccess ( accessMode , unitType ) {
2023-02-26 05:22:42 -05:00
ctx . PlainText ( http . StatusNotFound , "Repository not found" )
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-30 20:45:19 -05:00
return
}
2019-12-14 21:49:52 -05:00
}
2014-04-10 13:20:58 -05:00
2019-12-14 21:49:52 -05:00
if ! isPull && repo . IsMirror {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusForbidden , "mirror repository is read-only" )
2019-12-14 21:49:52 -05:00
return
}
2017-05-18 09:54:24 -05:00
}
2022-03-22 02:03:22 -05:00
if ! ctx . Doer . KeepEmailPrivate {
2022-05-08 11:46:32 -05:00
environ = append ( environ , repo_module . EnvPusherEmail + "=" + ctx . Doer . Email )
2018-07-26 11:38:55 -05:00
}
2017-02-25 09:54:40 -05:00
if isWiki {
2022-05-08 11:46:32 -05:00
environ = append ( environ , repo_module . EnvRepoIsWiki + "=true" )
2017-02-25 09:54:40 -05:00
} else {
2022-05-08 11:46:32 -05:00
environ = append ( environ , repo_module . EnvRepoIsWiki + "=false" )
2017-02-21 10:02:10 -05:00
}
}
2019-12-14 21:49:52 -05:00
if ! repoExist {
2020-01-15 21:40:13 -05:00
if ! receivePack {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusNotFound , "Repository not found" )
2020-01-15 21:40:13 -05:00
return
}
2021-04-15 13:57:19 -05:00
if isWiki { // you cannot send wiki operation before create the repository
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusNotFound , "Repository not found" )
2021-04-15 13:57:19 -05:00
return
}
2019-12-14 21:49:52 -05:00
if owner . IsOrganization ( ) && ! setting . Repository . EnablePushCreateOrg {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusForbidden , "Push to create is not enabled for organizations." )
2019-12-14 21:49:52 -05:00
return
}
if ! owner . IsOrganization ( ) && ! setting . Repository . EnablePushCreateUser {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusForbidden , "Push to create is not enabled for users." )
2019-12-14 21:49:52 -05:00
return
}
2020-01-15 21:40:13 -05:00
// Return dummy payload if GET receive-pack
if ctx . Req . Method == http . MethodGet {
dummyInfoRefs ( ctx )
return
}
2023-02-28 17:17:51 -05:00
repo , err = repo_service . PushCreateRepo ( ctx , ctx . Doer , owner , reponame )
2019-12-14 21:49:52 -05:00
if err != nil {
log . Error ( "pushCreateRepo: %v" , err )
ctx . Status ( http . StatusNotFound )
return
}
}
2020-04-19 09:26:58 -05:00
if isWiki {
// Ensure the wiki is enabled before we allow access to it
2022-12-09 21:46:31 -05:00
if _ , err := repo . GetUnit ( ctx , unit . TypeWiki ) ; err != nil {
2021-12-09 20:27:50 -05:00
if repo_model . IsErrUnitTypeNotExist ( err ) {
2021-12-15 01:59:57 -05:00
ctx . PlainText ( http . StatusForbidden , "repository wiki is disabled" )
2020-04-19 09:26:58 -05:00
return
}
log . Error ( "Failed to get the wiki unit in %-v Error: %v" , repo , err )
ctx . ServerError ( "GetUnit(UnitTypeWiki) for " + repo . FullName ( ) , err )
return
}
}
2022-05-08 11:46:32 -05:00
environ = append ( environ , repo_module . EnvRepoID + fmt . Sprintf ( "=%d" , repo . ID ) )
2019-12-14 21:49:52 -05:00
2019-11-21 11:24:43 -05:00
w := ctx . Resp
2021-01-26 10:36:53 -05:00
r := ctx . Req
2019-11-21 11:24:43 -05:00
cfg := & serviceConfig {
2016-06-01 06:19:01 -05:00
UploadPack : true ,
ReceivePack : true ,
2017-02-25 09:54:40 -05:00
Env : environ ,
2019-11-21 11:24:43 -05:00
}
2020-06-10 10:26:28 -05:00
r . URL . Path = strings . ToLower ( r . URL . Path ) // blue: In case some repo name has upper case name
2021-12-09 20:27:50 -05:00
dir := repo_model . RepoPath ( username , reponame )
2021-04-15 13:57:19 -05:00
if isWiki {
2021-12-09 20:27:50 -05:00
dir = repo_model . RepoPath ( username , wikiRepoName )
2021-04-15 13:57:19 -05:00
}
2019-11-21 11:24:43 -05:00
2021-01-26 10:36:53 -05:00
return & serviceHandler { cfg , w , r , dir , cfg . Env }
2014-04-10 13:20:58 -05:00
}
2020-01-15 21:40:13 -05:00
var (
infoRefsCache [ ] byte
infoRefsOnce sync . Once
)
func dummyInfoRefs ( ctx * context . Context ) {
infoRefsOnce . Do ( func ( ) {
2021-09-22 00:38:34 -05:00
tmpDir , err := os . MkdirTemp ( os . TempDir ( ) , "gitea-info-refs-cache" )
2020-01-15 21:40:13 -05:00
if err != nil {
log . Error ( "Failed to create temp dir for git-receive-pack cache: %v" , err )
return
}
defer func ( ) {
2020-08-11 15:05:34 -05:00
if err := util . RemoveAll ( tmpDir ) ; err != nil {
2020-01-15 21:40:13 -05:00
log . Error ( "RemoveAll: %v" , err )
}
} ( )
2022-01-19 18:26:57 -05:00
if err := git . InitRepository ( ctx , tmpDir , true ) ; err != nil {
2020-01-15 21:40:13 -05:00
log . Error ( "Failed to init bare repo for git-receive-pack cache: %v" , err )
return
}
2022-03-31 21:55:30 -05:00
refs , _ , err := git . NewCommand ( ctx , "receive-pack" , "--stateless-rpc" , "--advertise-refs" , "." ) . RunStdBytes ( & git . RunOpts { Dir : tmpDir } )
2020-01-15 21:40:13 -05:00
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( refs ) ) )
}
log . Debug ( "populating infoRefsCache: \n%s" , string ( refs ) )
infoRefsCache = refs
} )
2021-12-15 01:59:57 -05:00
ctx . RespHeader ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
ctx . RespHeader ( ) . Set ( "Pragma" , "no-cache" )
ctx . RespHeader ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
ctx . RespHeader ( ) . Set ( "Content-Type" , "application/x-git-receive-pack-advertisement" )
2020-01-15 21:40:13 -05:00
_ , _ = ctx . Write ( packetWrite ( "# service=git-receive-pack\n" ) )
_ , _ = ctx . Write ( [ ] byte ( "0000" ) )
_ , _ = ctx . Write ( infoRefsCache )
}
2016-06-01 06:19:01 -05:00
type serviceConfig struct {
UploadPack bool
ReceivePack bool
2017-02-25 09:54:40 -05:00
Env [ ] string
2014-04-10 13:20:58 -05:00
}
2016-06-01 06:19:01 -05:00
type serviceHandler struct {
2017-02-25 09:54:40 -05:00
cfg * serviceConfig
w http . ResponseWriter
r * http . Request
dir string
environ [ ] string
2016-06-01 06:19:01 -05:00
}
func ( h * serviceHandler ) setHeaderNoCache ( ) {
h . w . Header ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
h . w . Header ( ) . Set ( "Pragma" , "no-cache" )
h . w . Header ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
}
func ( h * serviceHandler ) setHeaderCacheForever ( ) {
now := time . Now ( ) . Unix ( )
expires := now + 31536000
h . w . Header ( ) . Set ( "Date" , fmt . Sprintf ( "%d" , now ) )
h . w . Header ( ) . Set ( "Expires" , fmt . Sprintf ( "%d" , expires ) )
h . w . Header ( ) . Set ( "Cache-Control" , "public, max-age=31536000" )
}
2021-06-09 07:53:12 -05:00
func containsParentDirectorySeparator ( v string ) bool {
if ! strings . Contains ( v , ".." ) {
return false
}
for _ , ent := range strings . FieldsFunc ( v , isSlashRune ) {
if ent == ".." {
return true
}
}
return false
}
func isSlashRune ( r rune ) bool { return r == '/' || r == '\\' }
2021-01-26 10:36:53 -05:00
func ( h * serviceHandler ) sendFile ( contentType , file string ) {
2021-06-09 07:53:12 -05:00
if containsParentDirectorySeparator ( file ) {
log . Error ( "request file path contains invalid path: %v" , file )
h . w . WriteHeader ( http . StatusBadRequest )
return
}
2021-01-26 10:36:53 -05:00
reqFile := path . Join ( h . dir , file )
2016-06-01 06:19:01 -05:00
fi , err := os . Stat ( reqFile )
if os . IsNotExist ( err ) {
h . w . WriteHeader ( http . StatusNotFound )
return
}
h . w . Header ( ) . Set ( "Content-Type" , contentType )
h . w . Header ( ) . Set ( "Content-Length" , fmt . Sprintf ( "%d" , fi . Size ( ) ) )
h . w . Header ( ) . Set ( "Last-Modified" , fi . ModTime ( ) . Format ( http . TimeFormat ) )
http . ServeFile ( h . w , h . r , reqFile )
2014-04-10 13:20:58 -05:00
}
2020-07-07 17:31:49 -05:00
// one or more key=value pairs separated by colons
var safeGitProtocolHeader = regexp . MustCompile ( ` ^[0-9a-zA-Z]+=[0-9a-zA-Z]+(:[0-9a-zA-Z]+=[0-9a-zA-Z]+)*$ ` )
2023-02-05 21:23:17 -05:00
func prepareGitCmdWithAllowedService ( service string , h * serviceHandler ) ( * git . Command , error ) {
if service == "receive-pack" && h . cfg . ReceivePack {
return git . NewCommand ( h . r . Context ( ) , "receive-pack" ) , nil
2014-04-10 13:20:58 -05:00
}
2023-02-05 21:23:17 -05:00
if service == "upload-pack" && h . cfg . UploadPack {
return git . NewCommand ( h . r . Context ( ) , "upload-pack" ) , nil
2016-06-01 06:19:01 -05:00
}
2014-04-10 13:20:58 -05:00
2023-02-05 21:23:17 -05:00
return nil , fmt . Errorf ( "service %q is not allowed" , service )
2014-04-10 13:20:58 -05:00
}
2023-02-05 21:23:17 -05:00
func serviceRPC ( h * serviceHandler , service string ) {
2019-06-12 14:41:28 -05:00
defer func ( ) {
if err := h . r . Body . Close ( ) ; err != nil {
log . Error ( "serviceRPC: Close: %v" , err )
}
} ( )
2014-04-10 13:20:58 -05:00
2023-02-05 21:23:17 -05:00
expectedContentType := fmt . Sprintf ( "application/x-git-%s-request" , service )
if h . r . Header . Get ( "Content-Type" ) != expectedContentType {
log . Error ( "Content-Type (%q) doesn't match expected: %q" , h . r . Header . Get ( "Content-Type" ) , expectedContentType )
h . w . WriteHeader ( http . StatusUnauthorized )
return
}
cmd , err := prepareGitCmdWithAllowedService ( service , h )
if err != nil {
log . Error ( "Failed to prepareGitCmdWithService: %v" , err )
2016-06-01 06:19:01 -05:00
h . w . WriteHeader ( http . StatusUnauthorized )
2014-04-10 13:20:58 -05:00
return
}
2017-02-21 10:02:10 -05:00
2016-06-01 06:19:01 -05:00
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-result" , service ) )
2014-04-10 13:20:58 -05:00
2022-01-20 12:46:10 -05:00
reqBody := h . r . Body
2014-10-15 15:28:38 -05:00
// Handle GZIP.
2016-06-01 06:19:01 -05:00
if h . r . Header . Get ( "Content-Encoding" ) == "gzip" {
2014-10-15 15:28:38 -05:00
reqBody , err = gzip . NewReader ( reqBody )
if err != nil {
2019-06-01 10:00:21 -05:00
log . Error ( "Fail to create gzip reader: %v" , err )
2016-06-01 06:19:01 -05:00
h . w . WriteHeader ( http . StatusInternalServerError )
2014-10-15 15:28:38 -05:00
return
}
}
2017-02-25 09:54:40 -05:00
// set this for allow pre-receive and post-receive execute
h . environ = append ( h . environ , "SSH_ORIGINAL_COMMAND=" + service )
2017-02-21 10:02:10 -05:00
2020-07-07 17:31:49 -05:00
if protocol := h . r . Header . Get ( "Git-Protocol" ) ; protocol != "" && safeGitProtocolHeader . MatchString ( protocol ) {
h . environ = append ( h . environ , "GIT_PROTOCOL=" + protocol )
}
2017-02-25 09:54:40 -05:00
var stderr bytes . Buffer
2023-02-05 21:23:17 -05:00
cmd . AddArguments ( "--stateless-rpc" ) . AddDynamicArguments ( h . dir )
2022-01-23 00:57:52 -05:00
cmd . SetDescription ( fmt . Sprintf ( "%s %s %s [repo_path: %s]" , git . GitExecutable , service , "--stateless-rpc" , h . dir ) )
2022-03-31 21:55:30 -05:00
if err := cmd . Run ( & git . RunOpts {
2022-08-06 08:13:11 -05:00
Dir : h . dir ,
Env : append ( os . Environ ( ) , h . environ ... ) ,
Stdout : h . w ,
Stdin : reqBody ,
Stderr : & stderr ,
UseContextTimeout : true ,
2022-01-23 00:57:52 -05:00
} ) ; err != nil {
2022-02-22 03:32:25 -05:00
if err . Error ( ) != "signal: killed" {
log . Error ( "Fail to serve RPC(%s) in %s: %v - %s" , service , h . dir , err , stderr . String ( ) )
}
2014-04-10 13:20:58 -05:00
return
}
}
2021-01-26 10:36:53 -05:00
// ServiceUploadPack implements Git Smart HTTP protocol
func ServiceUploadPack ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
2023-02-05 21:23:17 -05:00
serviceRPC ( h , "upload-pack" )
2021-01-26 10:36:53 -05:00
}
2014-04-10 13:20:58 -05:00
}
2021-01-26 10:36:53 -05:00
// ServiceReceivePack implements Git Smart HTTP protocol
func ServiceReceivePack ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
2023-02-05 21:23:17 -05:00
serviceRPC ( h , "receive-pack" )
2021-01-26 10:36:53 -05:00
}
2014-04-10 13:20:58 -05:00
}
func getServiceType ( r * http . Request ) string {
serviceType := r . FormValue ( "service" )
2016-06-01 06:19:01 -05:00
if ! strings . HasPrefix ( serviceType , "git-" ) {
2014-04-10 13:20:58 -05:00
return ""
}
2023-02-05 21:23:17 -05:00
return strings . TrimPrefix ( serviceType , "git-" )
2014-04-10 13:20:58 -05:00
}
2022-01-19 18:26:57 -05:00
func updateServerInfo ( ctx gocontext . Context , dir string ) [ ] byte {
2022-03-31 21:55:30 -05:00
out , _ , err := git . NewCommand ( ctx , "update-server-info" ) . RunStdBytes ( & git . RunOpts { Dir : dir } )
2019-06-26 13:15:26 -05:00
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( out ) ) )
}
return out
2014-04-10 13:20:58 -05:00
}
2016-06-01 06:19:01 -05:00
func packetWrite ( str string ) [ ] byte {
2017-02-25 09:54:40 -05:00
s := strconv . FormatInt ( int64 ( len ( str ) + 4 ) , 16 )
2016-06-01 06:19:01 -05:00
if len ( s ) % 4 != 0 {
s = strings . Repeat ( "0" , 4 - len ( s ) % 4 ) + s
2014-04-10 13:20:58 -05:00
}
2016-06-01 06:19:01 -05:00
return [ ] byte ( s + str )
2014-04-10 13:20:58 -05:00
}
2021-01-26 10:36:53 -05:00
// GetInfoRefs implements Git dumb HTTP
func GetInfoRefs ( ctx * context . Context ) {
h := httpBase ( ctx )
if h == nil {
return
}
2016-06-01 06:19:01 -05:00
h . setHeaderNoCache ( )
2023-02-05 21:23:17 -05:00
service := getServiceType ( h . r )
cmd , err := prepareGitCmdWithAllowedService ( service , h )
if err == nil {
2020-07-07 17:31:49 -05:00
if protocol := h . r . Header . Get ( "Git-Protocol" ) ; protocol != "" && safeGitProtocolHeader . MatchString ( protocol ) {
h . environ = append ( h . environ , "GIT_PROTOCOL=" + protocol )
}
h . environ = append ( os . Environ ( ) , h . environ ... )
2023-02-05 21:23:17 -05:00
refs , _ , err := cmd . AddArguments ( "--stateless-rpc" , "--advertise-refs" , "." ) . RunStdBytes ( & git . RunOpts { Env : h . environ , Dir : h . dir } )
2019-06-26 13:15:26 -05:00
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( refs ) ) )
}
2016-06-01 06:19:01 -05:00
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-advertisement" , service ) )
h . w . WriteHeader ( http . StatusOK )
2019-06-12 14:41:28 -05:00
_ , _ = h . w . Write ( packetWrite ( "# service=git-" + service + "\n" ) )
_ , _ = h . w . Write ( [ ] byte ( "0000" ) )
_ , _ = h . w . Write ( refs )
2016-06-01 06:19:01 -05:00
} else {
2022-01-19 18:26:57 -05:00
updateServerInfo ( ctx , h . dir )
2021-01-26 10:36:53 -05:00
h . sendFile ( "text/plain; charset=utf-8" , "info/refs" )
2014-04-10 13:20:58 -05:00
}
}
2021-01-26 10:36:53 -05:00
// GetTextFile implements Git dumb HTTP
func GetTextFile ( p string ) func ( * context . Context ) {
return func ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderNoCache ( )
file := ctx . Params ( "file" )
if file != "" {
h . sendFile ( "text/plain" , "objects/info/" + file )
} else {
h . sendFile ( "text/plain" , p )
}
}
}
2014-04-10 13:20:58 -05:00
}
2021-01-26 10:36:53 -05:00
// GetInfoPacks implements Git dumb HTTP
func GetInfoPacks ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "text/plain; charset=utf-8" , "objects/info/packs" )
}
2016-06-01 06:19:01 -05:00
}
2014-04-10 13:20:58 -05:00
2021-01-26 10:36:53 -05:00
// GetLooseObject implements Git dumb HTTP
func GetLooseObject ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-loose-object" , fmt . Sprintf ( "objects/%s/%s" ,
ctx . Params ( "head" ) , ctx . Params ( "hash" ) ) )
}
2014-04-10 13:20:58 -05:00
}
2021-01-26 10:36:53 -05:00
// GetPackFile implements Git dumb HTTP
func GetPackFile ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects" , "objects/pack/pack-" + ctx . Params ( "file" ) + ".pack" )
2016-06-01 06:19:01 -05:00
}
2021-01-26 10:36:53 -05:00
}
2014-04-10 13:20:58 -05:00
2021-01-26 10:36:53 -05:00
// GetIdxFile implements Git dumb HTTP
func GetIdxFile ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects-toc" , "objects/pack/pack-" + ctx . Params ( "file" ) + ".idx" )
2014-04-10 13:20:58 -05:00
}
}