Revert "Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) (#25604)"

This reverts commit 24cf06592e.

(cherry picked from commit bf8853299d)
(cherry picked from commit cd1b258e3e)
This commit is contained in:
Earl Warren 2023-07-03 10:31:27 +02:00
parent 8ec046fb08
commit 4085181bd9
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
5 changed files with 33 additions and 139 deletions

View file

@ -2541,8 +2541,8 @@ LEVEL = Info
;; Enable/Disable actions capabilities ;; Enable/Disable actions capabilities
;ENABLED = false ;ENABLED = false
;; ;;
;; Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance. ;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
;DEFAULT_ACTIONS_URL = github ;DEFAULT_ACTIONS_URL = https://gitea.com
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

View file

@ -1374,22 +1374,39 @@ PROXY_HOSTS = *.github.com
## Actions (`actions`) ## Actions (`actions`)
- `ENABLED`: **false**: Enable/Disable actions capabilities - `ENABLED`: **false**: Enable/Disable actions capabilities
- `DEFAULT_ACTIONS_URL`: **github**: Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance. - `DEFAULT_ACTIONS_URL`: **https://gitea.com**: Default address to get action plugins, e.g. the default value means downloading from "<https://gitea.com/actions/checkout>" for "uses: actions/checkout@v3"
- `STORAGE_TYPE`: **local**: Storage type for actions logs, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]` - `STORAGE_TYPE`: **local**: Storage type for actions logs, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
- `MINIO_BASE_PATH`: **actions_log/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio` - `MINIO_BASE_PATH`: **actions_log/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
`DEFAULT_ACTIONS_URL` indicates where the Gitea Actions runners should find the actions with relative path. `DEFAULT_ACTIONS_URL` indicates where should we find the relative path action plugin. i.e. when use an action in a workflow file like
For example, `uses: actions/checkout@v3` means `https://github.com/actions/checkout@v3` since the value of `DEFAULT_ACTIONS_URL` is `github`.
And it can be changed to `self` to make it `root_url_of_your_gitea/actions/checkout@v3`.
Please note that using `self` is not recommended for most cases, as it could make names globally ambiguous. ```yaml
Additionally, it requires you to mirror all the actions you need to your Gitea instance, which may not be worth it. name: versions
Therefore, please use `self` only if you understand what you are doing. on:
push:
branches:
- main
- releases/*
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
```
In earlier versions (<= 1.19), `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`. Now we need to know how to get actions/checkout, this configuration is the default git server to get it. That means we will get the repository via git clone ${DEFAULT_ACTIONS_URL}/actions/checkout and fetch tag v3.
However, later updates removed those options, and now the only options are `github` and `self`, with the default value being `github`.
However, if you want to use actions from other git server, you can use a complete URL in `uses` field, it's supported by Gitea (but not GitHub). To help people who don't want to mirror these actions in their git instances, the default value is https://gitea.com
Like `uses: https://gitea.com/actions/checkout@v3` or `uses: http://your-git-server/actions/checkout@v3`. To help people run actions totally in their network, they can change the value and copy all necessary action repositories into their git server.
Of course we should support the form in future PRs like
```yaml
steps:
- uses: gitea.com/actions/checkout@v3
```
although Github don't support this form.
## Other (`other`) ## Other (`other`)

View file

@ -5,9 +5,6 @@ package setting
import ( import (
"fmt" "fmt"
"strings"
"code.gitea.io/gitea/modules/log"
) )
// Actions settings // Actions settings
@ -16,36 +13,13 @@ var (
LogStorage *Storage // how the created logs should be stored LogStorage *Storage // how the created logs should be stored
ArtifactStorage *Storage // how the created artifacts should be stored ArtifactStorage *Storage // how the created artifacts should be stored
Enabled bool Enabled bool
DefaultActionsURL defaultActionsURL `ini:"DEFAULT_ACTIONS_URL"` DefaultActionsURL string `ini:"DEFAULT_ACTIONS_URL"`
}{ }{
Enabled: false, Enabled: false,
DefaultActionsURL: defaultActionsURLGitHub, DefaultActionsURL: "https://gitea.com",
} }
) )
type defaultActionsURL string
func (url defaultActionsURL) URL() string {
switch url {
case defaultActionsURLGitHub:
return "https://github.com"
case defaultActionsURLSelf:
return strings.TrimSuffix(AppURL, "/")
default:
// This should never happen, but just in case, use GitHub as fallback
return "https://github.com"
}
}
const (
defaultActionsURLGitHub = "github" // https://github.com
defaultActionsURLSelf = "self" // the root URL of the self-hosted Gitea instance
// DefaultActionsURL only supports GitHub and the self-hosted Gitea.
// It's intentionally not supported more, so please be cautious before adding more like "gitea" or "gitlab".
// If you get some trouble with `uses: username/action_name@version` in your workflow,
// please consider to use `uses: https://the_url_you_want_to_use/username/action_name@version` instead.
)
func loadActionsFrom(rootCfg ConfigProvider) error { func loadActionsFrom(rootCfg ConfigProvider) error {
sec := rootCfg.Section("actions") sec := rootCfg.Section("actions")
err := sec.MapTo(&Actions) err := sec.MapTo(&Actions)
@ -53,19 +27,6 @@ func loadActionsFrom(rootCfg ConfigProvider) error {
return fmt.Errorf("failed to map Actions settings: %v", err) return fmt.Errorf("failed to map Actions settings: %v", err)
} }
if urls := string(Actions.DefaultActionsURL); urls != defaultActionsURLGitHub && urls != defaultActionsURLSelf {
url := strings.Split(urls, ",")[0]
if strings.HasPrefix(url, "https://") || strings.HasPrefix(url, "http://") {
log.Error("[actions] DEFAULT_ACTIONS_URL does not support %q as custom URL any longer, fallback to %q",
urls,
defaultActionsURLGitHub,
)
Actions.DefaultActionsURL = defaultActionsURLGitHub
} else {
return fmt.Errorf("unsupported [actions] DEFAULT_ACTIONS_URL: %q", urls)
}
}
// don't support to read configuration from [actions] // don't support to read configuration from [actions]
Actions.LogStorage, err = getStorage(rootCfg, "actions_log", "", nil) Actions.LogStorage, err = getStorage(rootCfg, "actions_log", "", nil)
if err != nil { if err != nil {

View file

@ -8,7 +8,6 @@ import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func Test_getStorageInheritNameSectionTypeForActions(t *testing.T) { func Test_getStorageInheritNameSectionTypeForActions(t *testing.T) {
@ -96,86 +95,3 @@ STORAGE_TYPE = minio
assert.EqualValues(t, "local", Actions.ArtifactStorage.Type) assert.EqualValues(t, "local", Actions.ArtifactStorage.Type)
assert.EqualValues(t, "actions_artifacts", filepath.Base(Actions.ArtifactStorage.Path)) assert.EqualValues(t, "actions_artifacts", filepath.Base(Actions.ArtifactStorage.Path))
} }
func Test_getDefaultActionsURLForActions(t *testing.T) {
oldActions := Actions
oldAppURL := AppURL
defer func() {
Actions = oldActions
AppURL = oldAppURL
}()
AppURL = "http://test_get_default_actions_url_for_actions:3000/"
tests := []struct {
name string
iniStr string
wantErr assert.ErrorAssertionFunc
wantURL string
}{
{
name: "default",
iniStr: `
[actions]
`,
wantErr: assert.NoError,
wantURL: "https://github.com",
},
{
name: "github",
iniStr: `
[actions]
DEFAULT_ACTIONS_URL = github
`,
wantErr: assert.NoError,
wantURL: "https://github.com",
},
{
name: "self",
iniStr: `
[actions]
DEFAULT_ACTIONS_URL = self
`,
wantErr: assert.NoError,
wantURL: "http://test_get_default_actions_url_for_actions:3000",
},
{
name: "custom url",
iniStr: `
[actions]
DEFAULT_ACTIONS_URL = https://gitea.com
`,
wantErr: assert.NoError,
wantURL: "https://github.com",
},
{
name: "custom urls",
iniStr: `
[actions]
DEFAULT_ACTIONS_URL = https://gitea.com,https://github.com
`,
wantErr: assert.NoError,
wantURL: "https://github.com",
},
{
name: "invalid",
iniStr: `
[actions]
DEFAULT_ACTIONS_URL = gitea
`,
wantErr: assert.Error,
wantURL: "https://github.com",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
cfg, err := NewConfigProviderFromData(tt.iniStr)
require.NoError(t, err)
if !tt.wantErr(t, loadActionsFrom(cfg)) {
return
}
assert.EqualValues(t, tt.wantURL, Actions.DefaultActionsURL.URL())
})
}
}

View file

@ -139,7 +139,7 @@ func generateTaskContext(t *actions_model.ActionTask) *structpb.Struct {
"workspace": "", // string, The default working directory on the runner for steps, and the default location of your repository when using the checkout action. "workspace": "", // string, The default working directory on the runner for steps, and the default location of your repository when using the checkout action.
// additional contexts // additional contexts
"gitea_default_actions_url": setting.Actions.DefaultActionsURL.URL(), "gitea_default_actions_url": setting.Actions.DefaultActionsURL,
}) })
if err != nil { if err != nil {
log.Error("structpb.NewStruct failed: %v", err) log.Error("structpb.NewStruct failed: %v", err)