Support cloning remote actions from insecure Gitea instances (#92)

Related to https://github.com/go-gitea/gitea/issues/28693 Reviewed-on: https://gitea.com/gitea/act/pulls/92 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com>
2024-03-05 08:07:29 +00:00 · 2024-03-05 08:07:29 +00:00 · 0cc67b8817
commit 0cc67b8817
parent 7e20ddf928
3 changed files with 29 additions and 0 deletions
--- a/pkg/common/git/git.go
+++ b/pkg/common/git/git.go
@ -226,6 +226,9 @@ type NewGitCloneExecutorInput struct {
 	Dir         string
 	Token       string
 	OfflineMode bool
+
+	// For Gitea
+	InsecureSkipTLS bool
 }

 // CloneIfRequired ...
@ -247,6 +250,8 @@ func CloneIfRequired(ctx context.Context, refName plumbing.ReferenceName, input
 		cloneOptions := git.CloneOptions{
 			URL:      input.URL,
 			Progress: progressWriter,
+
+			InsecureSkipTLS: input.InsecureSkipTLS, // For Gitea
 		}
 		if input.Token != "" {
 			cloneOptions.Auth = &http.BasicAuth{
@ -308,6 +313,11 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor {
 		// fetch latest changes
 		fetchOptions, pullOptions := gitOptions(input.Token)

+		if input.InsecureSkipTLS { // For Gitea
+			fetchOptions.InsecureSkipTLS = true
+			pullOptions.InsecureSkipTLS = true
+		}
+
 		if !isOfflineMode {
 			err = r.Fetch(&fetchOptions)
 			if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) {
--- a/pkg/runner/runner.go
+++ b/pkg/runner/runner.go
@ -72,6 +72,7 @@ type Config struct {
 	PlatformPicker        func(labels []string) string // platform picker, it will take precedence over Platforms if isn't nil
 	JobLoggerLevel        *log.Level                   // the level of job logger
 	ValidVolumes          []string                     // only volumes (and bind mounts) in this slice can be mounted on the job container or service containers
+	InsecureSkipTLS       bool                         // whether to skip verifying TLS certificate of the Gitea instance
 }

 // GetToken: Adapt to Gitea
--- a/pkg/runner/step_action_remote.go
+++ b/pkg/runner/step_action_remote.go
@ -121,6 +121,8 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 				But for Gitea, tasks triggered by a.com can clone actions from b.com.
 			*/
 			OfflineMode: sar.RunContext.Config.ActionOfflineMode,
+
+			InsecureSkipTLS: sar.cloneSkipTLS(), // For Gitea
 		})
 		var ntErr common.Executor
 		if err := gitClone(ctx); err != nil {
@ -258,6 +260,22 @@ func (sar *stepActionRemote) getCompositeSteps() *compositeSteps {
 	return sar.compositeSteps
 }

+// For Gitea
+// cloneSkipTLS returns true if the runner can clone an action from the Gitea instance
+func (sar *stepActionRemote) cloneSkipTLS() bool {
+	if !sar.RunContext.Config.InsecureSkipTLS {
+		// Return false if the Gitea instance is not an insecure instance
+		return false
+	}
+	if sar.remoteAction.URL == "" {
+		// Empty URL means the default action instance should be used
+		// Return true if the URL of the Gitea instance is the same as the URL of the default action instance
+		return sar.RunContext.Config.DefaultActionInstance == sar.RunContext.Config.GitHubInstance
+	}
+	// Return true if the URL of the remote action is the same as the URL of the Gitea instance
+	return sar.remoteAction.URL == sar.RunContext.Config.GitHubInstance
+}
+
 type remoteAction struct {
 	URL  string
 	Org  string