WIP: feat: add DefaultActionToken
config #109
No reviewers
Labels
No Label
duplicate
help wanted
invalid
kind
bug
kind
enhancement
kind
feature
kind
question
proposal
wontfix
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/act#109
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "chizukicn/act:feat/default-action-token"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR will add a new configuration to support access to private actions instances
feat: add `DefaultActionToken` configto WIP: feat: add `DefaultActionToken` configI don't think the code is enough. Could you please explain your design first?
The point is how to decide whether to pass the token to remote, what I can think of at the moment:
uses: https://b.com/actions/demo
? We should ensure that tokens are not leaked to another website it doesn't belong.uses: https://a.com/org_2/demo
which is public? We should ensure that the token won't cause it to fail when cloning a public repo.I'm not saying these are difficult to implement, it's just that because it involves authentication functions, we need to consider more to avoid security issues.
Yes,this code is not engouth. A judgment needs to be made here so that the token can only be used from
defaultActionsInstance
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Gitea.