From 0cc67b88172215916d3bd8f8e7e83fab30c2b08b Mon Sep 17 00:00:00 2001 From: Zettat123 Date: Tue, 5 Mar 2024 08:07:29 +0000 Subject: [PATCH] Support cloning remote actions from insecure Gitea instances (#92) Related to https://github.com/go-gitea/gitea/issues/28693 Reviewed-on: https://gitea.com/gitea/act/pulls/92 Reviewed-by: Jason Song Co-authored-by: Zettat123 Co-committed-by: Zettat123 --- pkg/common/git/git.go | 10 ++++++++++ pkg/runner/runner.go | 1 + pkg/runner/step_action_remote.go | 18 ++++++++++++++++++ 3 files changed, 29 insertions(+) diff --git a/pkg/common/git/git.go b/pkg/common/git/git.go index 0a819b9..c7ee889 100644 --- a/pkg/common/git/git.go +++ b/pkg/common/git/git.go @@ -226,6 +226,9 @@ type NewGitCloneExecutorInput struct { Dir string Token string OfflineMode bool + + // For Gitea + InsecureSkipTLS bool } // CloneIfRequired ... @@ -247,6 +250,8 @@ func CloneIfRequired(ctx context.Context, refName plumbing.ReferenceName, input cloneOptions := git.CloneOptions{ URL: input.URL, Progress: progressWriter, + + InsecureSkipTLS: input.InsecureSkipTLS, // For Gitea } if input.Token != "" { cloneOptions.Auth = &http.BasicAuth{ @@ -308,6 +313,11 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor { // fetch latest changes fetchOptions, pullOptions := gitOptions(input.Token) + if input.InsecureSkipTLS { // For Gitea + fetchOptions.InsecureSkipTLS = true + pullOptions.InsecureSkipTLS = true + } + if !isOfflineMode { err = r.Fetch(&fetchOptions) if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) { diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go index 015c364..b08e715 100644 --- a/pkg/runner/runner.go +++ b/pkg/runner/runner.go @@ -72,6 +72,7 @@ type Config struct { PlatformPicker func(labels []string) string // platform picker, it will take precedence over Platforms if isn't nil JobLoggerLevel *log.Level // the level of job logger ValidVolumes []string // only volumes (and bind mounts) in this slice can be mounted on the job container or service containers + InsecureSkipTLS bool // whether to skip verifying TLS certificate of the Gitea instance } // GetToken: Adapt to Gitea diff --git a/pkg/runner/step_action_remote.go b/pkg/runner/step_action_remote.go index 3243188..ed4d94e 100644 --- a/pkg/runner/step_action_remote.go +++ b/pkg/runner/step_action_remote.go @@ -121,6 +121,8 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor { But for Gitea, tasks triggered by a.com can clone actions from b.com. */ OfflineMode: sar.RunContext.Config.ActionOfflineMode, + + InsecureSkipTLS: sar.cloneSkipTLS(), // For Gitea }) var ntErr common.Executor if err := gitClone(ctx); err != nil { @@ -258,6 +260,22 @@ func (sar *stepActionRemote) getCompositeSteps() *compositeSteps { return sar.compositeSteps } +// For Gitea +// cloneSkipTLS returns true if the runner can clone an action from the Gitea instance +func (sar *stepActionRemote) cloneSkipTLS() bool { + if !sar.RunContext.Config.InsecureSkipTLS { + // Return false if the Gitea instance is not an insecure instance + return false + } + if sar.remoteAction.URL == "" { + // Empty URL means the default action instance should be used + // Return true if the URL of the Gitea instance is the same as the URL of the default action instance + return sar.RunContext.Config.DefaultActionInstance == sar.RunContext.Config.GitHubInstance + } + // Return true if the URL of the remote action is the same as the URL of the Gitea instance + return sar.remoteAction.URL == sar.RunContext.Config.GitHubInstance +} + type remoteAction struct { URL string Org string