aniani/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2024-10-16 06:13:43 -04:00
Code
67bd9d4f1e
gitea/modules/setting
History
Jason Song 67bd9d4f1e
Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) 
Resolve #24789

## ⚠️ BREAKING ⚠️

Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.

But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.

If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.

Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.

Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.

Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.

Follow-up on the runner side:

- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70
2023-06-30 07:26:36 +00:00
..
actions_test.go Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) 2023-06-30 07:26:36 +00:00
actions.go Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) 2023-06-30 07:26:36 +00:00
admin.go
api.go
asset_dynamic.go
asset_static.go
attachment_test.go
attachment.go
cache.go
camo.go
config_env_test.go
config_env.go
config_provider_test.go Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
config_provider.go Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
cors.go
cron_test.go
cron.go
database_sqlite.go
database_test.go
database.go Remove "CHARSET" config option for MySQL, always use "utf8mb4" (#25413) 2023-06-21 10:49:25 +00:00
federation.go
git_test.go
git.go
highlight.go
i18n.go
incoming_email.go
indexer_test.go
indexer.go
lfs_test.go
lfs.go Import additional secrets via file uri (#25408) 2023-06-23 00:16:12 +00:00
log_test.go
log.go Fix sub-command log level (#25537) 2023-06-28 08:02:06 +02:00
mailer_test.go
mailer.go
markup.go
metrics.go
migrations.go
mime_type_map.go
mirror.go
oauth2.go Do not prepare oauth2 config if it is not enabled, do not write config in some sub-commands (#25567) 2023-06-28 23:30:06 +02:00
other.go
packages_test.go
packages.go
path_test.go Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
path.go Use InitWorkPathAndCfgProvider for environment-to-ini to avoid unnecessary checks (#25480) 2023-06-24 09:13:35 +00:00
picture.go
project.go
proxy.go
queue.go
repository_archive_test.go
repository_archive.go
repository.go
security.go Import additional secrets via file uri (#25408) 2023-06-23 00:16:12 +00:00
server.go Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
service_test.go
service.go
session.go
setting_test.go
setting.go Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
ssh.go
storage_test.go
storage.go
task.go
time.go
ui.go
webhook.go