forgejo

kevadesu/forgejo

Fork 1

mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-08-07 19:56:45 +02:00

Commit graph

Author	SHA1	Message	Date
Renovate Bot	212e8ac348	Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.2.1 (forgejo) (#8422 ) Some checks failed / release (push) Waiting to run testing-integration / test-unit (push) Waiting to run testing-integration / test-sqlite (push) Waiting to run testing / backend-checks (push) Waiting to run testing / frontend-checks (push) Waiting to run testing / test-unit (push) Blocked by required conditions testing / test-e2e (push) Blocked by required conditions testing / test-remote-cacher (redis) (push) Blocked by required conditions testing / test-remote-cacher (valkey) (push) Blocked by required conditions testing / test-remote-cacher (garnet) (push) Blocked by required conditions testing / test-remote-cacher (redict) (push) Blocked by required conditions testing / test-mysql (push) Blocked by required conditions testing / test-pgsql (push) Blocked by required conditions testing / test-sqlite (push) Blocked by required conditions testing / security-check (push) Blocked by required conditions Integration tests for the release process / release-simulation (push) Has been cancelled Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8422 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-07-05 18:33:45 +02:00
Jason Song	edf98a2dc3	Require approval to run actions for fork pull request (#22803 ) Currently, Gitea will run actions automatically which are triggered by fork pull request. It's a security risk, people can create a PR and modify the workflow yamls to execute a malicious script. So we should require approval for first-time contributors, which is the default strategy of a public repo on GitHub, see [Approving workflow runs from public forks](https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks). Current strategy: - don't need approval if it's not a fork PR; - always need approval if the user is restricted; - don't need approval if the user can write; - don't need approval if the user has been approved before; - otherwise, need approval. https://user-images.githubusercontent.com/9418365/217207121-badf50a8-826c-4425-bef1-d82d1979bc81.mov GitHub has an option for that, you can see that at `/<owner>/<repo>/settings/actions`, and we can support that later. <img width="835" alt="image" src="https://user-images.githubusercontent.com/9418365/217199990-2967e68b-e693-4e59-8186-ab33a1314a16.png"> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-02-24 15:58:49 +08:00

Author

SHA1

Message

Date

Renovate Bot

212e8ac348

Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.2.1 (forgejo) (#8422 )

/ release (push) Waiting to run

testing-integration / test-unit (push) Waiting to run

testing-integration / test-sqlite (push) Waiting to run

testing / backend-checks (push) Waiting to run

testing / frontend-checks (push) Waiting to run

testing / test-unit (push) Blocked by required conditions

testing / test-e2e (push) Blocked by required conditions

testing / test-remote-cacher (redis) (push) Blocked by required conditions

testing / test-remote-cacher (valkey) (push) Blocked by required conditions

testing / test-remote-cacher (garnet) (push) Blocked by required conditions

testing / test-remote-cacher (redict) (push) Blocked by required conditions

testing / test-mysql (push) Blocked by required conditions

testing / test-pgsql (push) Blocked by required conditions

testing / test-sqlite (push) Blocked by required conditions

testing / security-check (push) Blocked by required conditions

Integration tests for the release process / release-simulation (push) Has been cancelled

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8422
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>

2025-07-05 18:33:45 +02:00

Jason Song

edf98a2dc3

Require approval to run actions for fork pull request (#22803 )

Currently, Gitea will run actions automatically which are triggered by
fork pull request. It's a security risk, people can create a PR and
modify the workflow yamls to execute a malicious script.

So we should require approval for first-time contributors, which is the
default strategy of a public repo on GitHub, see [Approving workflow
runs from public
forks](https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks).

Current strategy:

- don't need approval if it's not a fork PR;
- always need approval if the user is restricted;
- don't need approval if the user can write;
- don't need approval if the user has been approved before;
- otherwise, need approval.

https://user-images.githubusercontent.com/9418365/217207121-badf50a8-826c-4425-bef1-d82d1979bc81.mov

GitHub has an option for that, you can see that at
`/<owner>/<repo>/settings/actions`, and we can support that later.

<img width="835" alt="image"
src="https://user-images.githubusercontent.com/9418365/217199990-2967e68b-e693-4e59-8186-ab33a1314a16.png">

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

2023-02-24 15:58:49 +08:00

2 commits