From 8d93e80135a2eb5a562c7a68588d7fbdeb777be8 Mon Sep 17 00:00:00 2001 From: js6pak Date: Wed, 30 Aug 2023 00:13:16 +0200 Subject: [PATCH] Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) Backport #26759 Include `GITHUB_TOKEN`/`GITEA_TOKEN` secrets for actions triggered by pull requests This makes it consistent with the environment variables which you can already access ```shell echo env: $GITHUB_TOKEN echo expression: ${{ secrets.GITHUB_TOKEN }} ``` before ![image](https://github.com/go-gitea/gitea/assets/35262707/b6f750f6-3995-40f0-b8aa-df01e7997c37) after ![image](https://github.com/go-gitea/gitea/assets/35262707/ab74464b-7638-458a-afd5-f39e6101d2cf) --------- Co-authored-by: Jason Song Co-authored-by: Giteabot --- routers/api/actions/runner/utils.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/routers/api/actions/runner/utils.go b/routers/api/actions/runner/utils.go index 7c9171329e5e..784f36bd1357 100644 --- a/routers/api/actions/runner/utils.go +++ b/routers/api/actions/runner/utils.go @@ -53,8 +53,12 @@ func pickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[string]string { secrets := map[string]string{} + + secrets["GITHUB_TOKEN"] = task.Token + secrets["GITEA_TOKEN"] = task.Token + if task.Job.Run.IsForkPullRequest { - // ignore secrets for fork pull request + // ignore secrets for fork pull request, except GITHUB_TOKEN and GITEA_TOKEN which are automatically generated. return secrets } @@ -78,13 +82,6 @@ func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[s } } - if _, ok := secrets["GITHUB_TOKEN"]; !ok { - secrets["GITHUB_TOKEN"] = task.Token - } - if _, ok := secrets["GITEA_TOKEN"]; !ok { - secrets["GITEA_TOKEN"] = task.Token - } - return secrets }