From 62abf4fe116865f6edf85d6bce822050dd01ac78 Mon Sep 17 00:00:00 2001 From: Zettat123 Date: Thu, 6 Apr 2023 14:16:20 +0800 Subject: [PATCH] Add token for getting reusable workflows from local private repos (#38) Partially fixes https://gitea.com/gitea/act_runner/issues/91 If the repository is private, we need to provide the token to the caller workflows to access the called reusable workflows from the same repository. Reviewed-on: https://gitea.com/gitea/act/pulls/38 Reviewed-by: Jason Song Co-authored-by: Zettat123 Co-committed-by: Zettat123 --- pkg/runner/reusable_workflow.go | 14 ++++++++++---- pkg/runner/runner.go | 8 ++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/pkg/runner/reusable_workflow.go b/pkg/runner/reusable_workflow.go index 83fac3e..2e97bdf 100644 --- a/pkg/runner/reusable_workflow.go +++ b/pkg/runner/reusable_workflow.go @@ -30,8 +30,11 @@ func newLocalReusableWorkflowExecutor(rc *RunContext) common.Executor { workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses)) + // If the repository is private, we need a token to clone it + token := rc.Config.GetToken() + return common.NewPipelineExecutor( - newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir)), + newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir, token)), newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()), ) } @@ -47,8 +50,11 @@ func newRemoteReusableWorkflowExecutor(rc *RunContext) common.Executor { workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses)) + // FIXME: if the reusable workflow is from a private repository, we need to provide a token to access the repository. + token := "" + return common.NewPipelineExecutor( - newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir)), + newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir, token)), newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()), ) } @@ -66,7 +72,7 @@ func newMutexExecutor(executor common.Executor) common.Executor { } } -func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkflow, targetDirectory string) common.Executor { +func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkflow, targetDirectory, token string) common.Executor { return common.NewConditionalExecutor( func(ctx context.Context) bool { _, err := os.Stat(targetDirectory) @@ -77,7 +83,7 @@ func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkfl URL: remoteReusableWorkflow.CloneURL(), Ref: remoteReusableWorkflow.Ref, Dir: targetDirectory, - Token: rc.Config.Token, + Token: token, }), nil, ) diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go index d5c81b8..c0595e6 100644 --- a/pkg/runner/runner.go +++ b/pkg/runner/runner.go @@ -66,6 +66,14 @@ type Config struct { JobLoggerLevel *log.Level // the level of job logger } +func (c Config) GetToken() string { + token := c.Secrets["GITHUB_TOKEN"] + if c.Secrets["GITEA_TOKEN"] != "" { + token = c.Secrets["GITEA_TOKEN"] + } + return token +} + type caller struct { runContext *RunContext }