Support cloning remote actions from insecure Gitea instances (#92)

Related to https://github.com/go-gitea/gitea/issues/28693 Reviewed-on: https://gitea.com/gitea/act/pulls/92 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com>
2024-03-05 08:07:29 +00:00
parent b4edc952d9
commit 3a9e7d18de
3 changed files with 29 additions and 0 deletions
--- a/pkg/common/git/git.go
+++ b/pkg/common/git/git.go
@@ -225,6 +225,9 @@ type NewGitCloneExecutorInput struct {
 	Ref   string
 	Dir   string
 	Token string
+
+	// For Gitea
+	InsecureSkipTLS bool
 }

 // CloneIfRequired ...
@@ -246,6 +249,8 @@ func CloneIfRequired(ctx context.Context, refName plumbing.ReferenceName, input
 		cloneOptions := git.CloneOptions{
 			URL:      input.URL,
 			Progress: progressWriter,
+
+			InsecureSkipTLS: input.InsecureSkipTLS, // For Gitea
 		}
 		if input.Token != "" {
 			cloneOptions.Auth = &http.BasicAuth{
@@ -305,6 +310,11 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor {
 		// fetch latest changes
 		fetchOptions, pullOptions := gitOptions(input.Token)

+		if input.InsecureSkipTLS { // For Gitea
+			fetchOptions.InsecureSkipTLS = true
+			pullOptions.InsecureSkipTLS = true
+		}
+
 		err = r.Fetch(&fetchOptions)
 		if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) {
 			return err
--- a/pkg/runner/runner.go
+++ b/pkg/runner/runner.go
@@ -70,6 +70,7 @@ type Config struct {
 	PlatformPicker        func(labels []string) string // platform picker, it will take precedence over Platforms if isn't nil
 	JobLoggerLevel        *log.Level                   // the level of job logger
 	ValidVolumes          []string                     // only volumes (and bind mounts) in this slice can be mounted on the job container or service containers
+	InsecureSkipTLS       bool                         // whether to skip verifying TLS certificate of the Gitea instance
 }

 // GetToken: Adapt to Gitea
--- a/pkg/runner/step_action_remote.go
+++ b/pkg/runner/step_action_remote.go
@@ -75,6 +75,8 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 				For GitHub, they are the same, always github.com.
 				But for Gitea, tasks triggered by a.com can clone actions from b.com.
 			*/
+
+			InsecureSkipTLS: sar.cloneSkipTLS(), // For Gitea
 		})
 		var ntErr common.Executor
 		if err := gitClone(ctx); err != nil {
@@ -212,6 +214,22 @@ func (sar *stepActionRemote) getCompositeSteps() *compositeSteps {
 	return sar.compositeSteps
 }

+// For Gitea
+// cloneSkipTLS returns true if the runner can clone an action from the Gitea instance
+func (sar *stepActionRemote) cloneSkipTLS() bool {
+	if !sar.RunContext.Config.InsecureSkipTLS {
+		// Return false if the Gitea instance is not an insecure instance
+		return false
+	}
+	if sar.remoteAction.URL == "" {
+		// Empty URL means the default action instance should be used
+		// Return true if the URL of the Gitea instance is the same as the URL of the default action instance
+		return sar.RunContext.Config.DefaultActionInstance == sar.RunContext.Config.GitHubInstance
+	}
+	// Return true if the URL of the remote action is the same as the URL of the Gitea instance
+	return sar.remoteAction.URL == sar.RunContext.Config.GitHubInstance
+}
+
 type remoteAction struct {
 	URL  string
 	Org  string