Support cloning remote actions from insecure Gitea instances (#92)

Related to go-gitea/gitea#28693

Reviewed-on: https://gitea.com/gitea/act/pulls/92
Reviewed-by: Jason Song <[email protected]>
Co-authored-by: Zettat123 <[email protected]>
Co-committed-by: Zettat123 <[email protected]>

Author: Zettat123

pkg/common/git/git.go

@@ -225,6 +225,9 @@ type NewGitCloneExecutorInput struct {
 	Ref   string
 	Dir   string
 	Token string
+
+	// For Gitea
+	InsecureSkipTLS bool
 }
 
 // CloneIfRequired ...
@@ -246,6 +249,8 @@ func CloneIfRequired(ctx context.Context, refName plumbing.ReferenceName, input
 		cloneOptions := git.CloneOptions{
 			URL:      input.URL,
 			Progress: progressWriter,
+
+			InsecureSkipTLS: input.InsecureSkipTLS, // For Gitea
 		}
 		if input.Token != "" {
 			cloneOptions.Auth = &http.BasicAuth{
@@ -305,6 +310,11 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor {
 		// fetch latest changes
 		fetchOptions, pullOptions := gitOptions(input.Token)
 
+		if input.InsecureSkipTLS { // For Gitea
+			fetchOptions.InsecureSkipTLS = true
+			pullOptions.InsecureSkipTLS = true
+		}
+
 		err = r.Fetch(&fetchOptions)
 		if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) {
 			return err

pkg/runner/runner.go

@@ -70,6 +70,7 @@ type Config struct {
 	PlatformPicker        func(labels []string) string // platform picker, it will take precedence over Platforms if isn't nil
 	JobLoggerLevel        *log.Level                   // the level of job logger
 	ValidVolumes          []string                     // only volumes (and bind mounts) in this slice can be mounted on the job container or service containers
+	InsecureSkipTLS       bool                         // whether to skip verifying TLS certificate of the Gitea instance
 }
 
 // GetToken: Adapt to Gitea

pkg/runner/step_action_remote.go

@@ -75,6 +75,8 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 				For GitHub, they are the same, always github.com.
 				But for Gitea, tasks triggered by a.com can clone actions from b.com.
 			*/
+
+			InsecureSkipTLS: sar.cloneSkipTLS(), // For Gitea
 		})
 		var ntErr common.Executor
 		if err := gitClone(ctx); err != nil {
@@ -212,6 +214,22 @@ func (sar *stepActionRemote) getCompositeSteps() *compositeSteps {
 	return sar.compositeSteps
 }
 
+// For Gitea
+// cloneSkipTLS returns true if the runner can clone an action from the Gitea instance
+func (sar *stepActionRemote) cloneSkipTLS() bool {
+	if !sar.RunContext.Config.InsecureSkipTLS {
+		// Return false if the Gitea instance is not an insecure instance
+		return false
+	}
+	if sar.remoteAction.URL == "" {
+		// Empty URL means the default action instance should be used
+		// Return true if the URL of the Gitea instance is the same as the URL of the default action instance
+		return sar.RunContext.Config.DefaultActionInstance == sar.RunContext.Config.GitHubInstance
+	}
+	// Return true if the URL of the remote action is the same as the URL of the Gitea instance
+	return sar.remoteAction.URL == sar.RunContext.Config.GitHubInstance
+}
+
 type remoteAction struct {
 	URL  string
 	Org  string