actions from private repos

Zettat123 · Zettat123 · commit 833def96cf74 · 2024-11-19T17:34:06.000+08:00
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
@@ -169,7 +169,8 @@ func (cfg *PullRequestsConfig) GetDefaultMergeStyle() MergeStyle {
 }
 
 type ActionsConfig struct {
-	DisabledWorkflows []string
+	DisabledWorkflows       []string
+	AccessbleFromOtherRepos bool
 }
 
 func (cfg *ActionsConfig) EnableWorkflow(file string) {
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
@@ -3751,6 +3751,11 @@ variables.creation.success = The variable "%s" has been added.
 variables.update.failed = Failed to edit variable.
 variables.update.success = The variable has been edited.
 
+general = General
+general.settings = Actions General Settings
+general.actions_accessible_from_other_repositories = Accessible from repositories owned by '%s'
+general.actions_accessible_from_other_repositories_desc = Workflows in other repositories that are owned by the user '%s' can access the actions and reusable workflows in this repository. Access is allowed only from private repositories.
+
 [projects]
 deleted.display_name = Deleted Project
 type-1.display_name = Individual Project
diff --git a/routers/web/repo/githttp.go b/routers/web/repo/githttp.go
@@ -195,8 +195,16 @@ func httpBase(ctx *context.Context) *serviceHandler {
 					return nil
 				}
 				if task.RepoID != repo.ID {
-					ctx.PlainText(http.StatusForbidden, "User permission denied")
-					return nil
+					taskRepo, err := repo_model.GetRepositoryByID(ctx, task.RepoID)
+					if err != nil {
+						ctx.ServerError("GetRepositoryByID", err)
+						return nil
+					}
+					actionsCfg := repo.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
+					if !taskRepo.IsPrivate || taskRepo.OwnerID != repo.OwnerID || !actionsCfg.AccessbleFromOtherRepos {
+						ctx.PlainText(http.StatusForbidden, "User permission denied")
+						return nil
+					}
 				}
 
 				if task.IsForkPullRequest {
diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
@@ -0,0 +1,23 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/services/context"
+)
+
+const (
+	tplRepoActionsGeneral base.TplName = "repo/settings/actions"
+)
+
+func ActionsGeneral(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.general")
+	ctx.Data["PageType"] = "general"
+	ctx.Data["PageIsActionsSettingsGeneral"] = true
+
+	ctx.HTML(http.StatusOK, tplRepoActionsGeneral)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
@@ -1133,6 +1133,7 @@ func registerRoutes(m *web.Router) {
 			addSettingsRunnersRoutes()
 			addSettingsSecretsRoutes()
 			addSettingsVariablesRoutes()
+			m.Get("/general", repo_setting.ActionsGeneral)
 		}, actions.MustEnableActions)
 		// the follow handler must be under "settings", otherwise this incomplete repo can't be accessed
 		m.Group("/migrate", func() {
diff --git a/templates/repo/settings/actions.tmpl b/templates/repo/settings/actions.tmpl
@@ -6,6 +6,8 @@
 			{{template "shared/secrets/add_list" .}}
 		{{else if eq .PageType "variables"}}
 			{{template "shared/variables/variable_list" .}}
+		{{else if eq .PageType "general"}}
+			{{template "repo/settings/actions_general" .}}
 		{{end}}
 	</div>
 {{template "repo/settings/layout_footer" .}}
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
@@ -0,0 +1,16 @@
+<div class="repo-setting-content">
+  <h4 class="ui top attached header">
+    {{ctx.Locale.Tr "actions.general.settings"}}
+  </h4>
+  <div class="ui attached segment">
+    <form class="ui form" method="post">
+      <div id="actions_accessible_from_other_repositories_box" class="field">
+        <div class="ui checkbox">
+          <input id="actions_accessible_from_other_repositories" name="actions_accessible_from_other_repositories" type="checkbox">
+          <label>{{ctx.Locale.Tr "actions.general.actions_accessible_from_other_repositories" .Owner.Name}}</label>
+          <p class="help">{{ctx.Locale.Tr "actions.general.actions_accessible_from_other_repositories_desc" .Owner.Name}}</p>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
diff --git a/templates/repo/settings/navbar.tmpl b/templates/repo/settings/navbar.tmpl
@@ -34,7 +34,7 @@
 			{{end}}
 		{{end}}
 		{{if and .EnableActions (.Permission.CanRead ctx.Consts.RepoUnitTypeActions)}}
-		<details class="item toggleable-item" {{if or .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables}}open{{end}}>
+		<details class="item toggleable-item" {{if or .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables .PageIsActionsSettingsGeneral}}open{{end}}>
 			<summary>{{ctx.Locale.Tr "actions.actions"}}</summary>
 			<div class="menu">
 				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{.RepoLink}}/settings/actions/runners">
@@ -46,6 +46,9 @@
 				<a class="{{if .PageIsSharedSettingsVariables}}active {{end}}item" href="{{.RepoLink}}/settings/actions/variables">
 					{{ctx.Locale.Tr "actions.variables"}}
 				</a>
+				<a class="{{if .PageIsActionsSettingsGeneral}}active {{end}}item" href="{{.RepoLink}}/settings/actions/general">
+					{{ctx.Locale.Tr "actions.general"}}
+				</a>
 			</div>
 		</details>
 		{{end}}

Original file line number	Diff line number	Diff line change
`@@ -169,7 +169,8 @@ func (cfg *PullRequestsConfig) GetDefaultMergeStyle() MergeStyle {`
`169`	`169`	`}`
`170`	`170`
`171`	`171`	`type ActionsConfig struct {`
`172`		`- DisabledWorkflows []string`
	`172`	`+ DisabledWorkflows []string`
	`173`	`+ AccessbleFromOtherRepos bool`
`173`	`174`	`}`
`174`	`175`
`175`	`176`	`func (cfg *ActionsConfig) EnableWorkflow(file string) {`