0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-28 02:14:06 -05:00
forgejo/routers
Giteabot 24cf06592e
Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) (#25604)
Backport #25581 by @wolfogre

Resolve #24789

## ⚠️ BREAKING ⚠️

Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.

But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.

If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.

Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.

Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.

Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.

Follow-up on the runner side:

- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-30 07:53:00 +00:00
..
api Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) (#25604) 2023-06-30 07:53:00 +00:00
common Fix admin config page error, use tests to cover the admin config and 500 error page (#24965) 2023-05-29 15:00:21 +00:00
install Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
private Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00
utils Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
web Redirect to package after version deletion (#25594) (#25599) 2023-06-30 00:14:57 +02:00
init.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00