mirror of
1
Fork 0
forgejo/modules/setting
Giteabot 24cf06592e
Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581) (#25604)
Backport #25581 by @wolfogre

Resolve #24789

## ⚠️ BREAKING ⚠️

Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.

But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.

If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.

Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.

Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.

Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.

Follow-up on the runner side:

- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-30 07:53:00 +00:00
..
actions.go Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581) (#25604) 2023-06-30 07:53:00 +00:00
actions_test.go Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581) (#25604) 2023-06-30 07:53:00 +00:00
admin.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
api.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
asset_dynamic.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
asset_static.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
attachment.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
attachment_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
cache.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
camo.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
config_env.go Refactor INI package (first step) (#25024) 2023-06-02 17:27:30 +08:00
config_env_test.go Refactor INI package (first step) (#25024) 2023-06-02 17:27:30 +08:00
config_provider.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
config_provider_test.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
cors.go Fix incorrect CORS default values (#24206) 2023-04-19 15:30:10 -04:00
cron.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
cron_test.go Rewrite queue (#24505) 2023-05-08 19:49:59 +08:00
database.go Use "utf8mb4" for MySQL by default (#25432) 2023-06-22 07:38:23 +02:00
database_sqlite.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
database_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
federation.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
git.go Use `[git.config]` for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
git_test.go Use `[git.config]` for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
highlight.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
i18n.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
incoming_email.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
indexer.go Allow skipping forks and mirrors from being indexed (#23187) 2023-05-25 16:13:47 +08:00
indexer_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
lfs.go Avoid polluting config file when "save" (#25395) (#25406) 2023-06-21 04:51:26 +00:00
lfs_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
log.go Fix sub-command log level (#25537) (#25553) 2023-06-28 17:35:20 +08:00
log_test.go Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
mailer.go Make mailer SMTP check have timed context (#24751) 2023-05-16 22:55:51 +02:00
mailer_test.go Remove unnecessary code (#24610) 2023-05-10 04:57:06 +00:00
markup.go Add .livemd as a markdown extension (#22730) 2023-04-26 11:22:54 -04:00
metrics.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
migrations.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
mime_type_map.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
mirror.go Avoid polluting the config (#25345) (#25354) 2023-06-18 20:56:50 +00:00
oauth2.go Do not prepare oauth2 config if it is not enabled, do not write config in some sub-commands (#25567) (#25576) 2023-06-29 06:30:40 +02:00
other.go Refactor `setting.Other` and remove unused `SHOW_FOOTER_BRANDING` (#24270) 2023-04-22 19:38:25 -04:00
packages.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
packages_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
path.go Use InitWorkPathAndCfgProvider for environment-to-ini to avoid unnecessary checks (#25480) (#25488) 2023-06-24 14:04:50 +00:00
path_test.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
picture.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
project.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
proxy.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
queue.go Rewrite queue (#24505) 2023-05-08 19:49:59 +08:00
repository.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
repository_archive.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
repository_archive_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
security.go Avoid polluting config file when "save" (#25395) (#25406) 2023-06-21 04:51:26 +00:00
server.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
service.go Support wildcard in email domain allow/block list (#24831) 2023-05-22 00:05:44 +00:00
service_test.go Support wildcard in email domain allow/block list (#24831) 2023-05-22 00:05:44 +00:00
session.go Refactor cookie (#24107) 2023-04-13 15:45:33 -04:00
setting.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
setting_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
ssh.go Prefer native parser for SSH public key parsing (#23798) 2023-04-11 14:34:28 +08:00
storage.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
storage_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
task.go handle deprecated settings (#22992) 2023-02-20 16:18:26 -06:00
time.go Remove unused setting `time.FORMAT` (#24430) 2023-04-29 22:51:43 +02:00
ui.go Remove the service worker (#25010) 2023-05-31 02:07:04 +00:00
webhook.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00