Support cloning remote actions from insecure Gitea instances (#92)

Related to https://github.com/go-gitea/gitea/issues/28693

Reviewed-on: https://gitea.com/gitea/act/pulls/92
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>

pkg/common/git/git.go

@@ -226,6 +226,9 @@ type NewGitCloneExecutorInput struct {
 	Dir         string
 	Token       string
 	OfflineMode bool
+
+	// For Gitea
+	InsecureSkipTLS bool
 }
 
 // CloneIfRequired ...
@@ -247,6 +250,8 @@ func CloneIfRequired(ctx context.Context, refName plumbing.ReferenceName, input
 		cloneOptions := git.CloneOptions{
 			URL:      input.URL,
 			Progress: progressWriter,
+
+			InsecureSkipTLS: input.InsecureSkipTLS, // For Gitea
 		}
 		if input.Token != "" {
 			cloneOptions.Auth = &http.BasicAuth{
@@ -308,6 +313,11 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor {
 		// fetch latest changes
 		fetchOptions, pullOptions := gitOptions(input.Token)
 
+		if input.InsecureSkipTLS { // For Gitea
+			fetchOptions.InsecureSkipTLS = true
+			pullOptions.InsecureSkipTLS = true
+		}
+
 		if !isOfflineMode {
 			err = r.Fetch(&fetchOptions)
 			if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) {

pkg/runner/runner.go

@@ -72,6 +72,7 @@ type Config struct {
 	PlatformPicker        func(labels []string) string // platform picker, it will take precedence over Platforms if isn't nil
 	JobLoggerLevel        *log.Level                   // the level of job logger
 	ValidVolumes          []string                     // only volumes (and bind mounts) in this slice can be mounted on the job container or service containers
+	InsecureSkipTLS       bool                         // whether to skip verifying TLS certificate of the Gitea instance
 }
 
 // GetToken: Adapt to Gitea

pkg/runner/step_action_remote.go

@@ -121,6 +121,8 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 				But for Gitea, tasks triggered by a.com can clone actions from b.com.
 			*/
 			OfflineMode: sar.RunContext.Config.ActionOfflineMode,
+
+			InsecureSkipTLS: sar.cloneSkipTLS(), // For Gitea
 		})
 		var ntErr common.Executor
 		if err := gitClone(ctx); err != nil {
@@ -258,6 +260,22 @@ func (sar *stepActionRemote) getCompositeSteps() *compositeSteps {
 	return sar.compositeSteps
 }
 
+// For Gitea
+// cloneSkipTLS returns true if the runner can clone an action from the Gitea instance
+func (sar *stepActionRemote) cloneSkipTLS() bool {
+	if !sar.RunContext.Config.InsecureSkipTLS {
+		// Return false if the Gitea instance is not an insecure instance
+		return false
+	}
+	if sar.remoteAction.URL == "" {
+		// Empty URL means the default action instance should be used
+		// Return true if the URL of the Gitea instance is the same as the URL of the default action instance
+		return sar.RunContext.Config.DefaultActionInstance == sar.RunContext.Config.GitHubInstance
+	}
+	// Return true if the URL of the remote action is the same as the URL of the Gitea instance
+	return sar.remoteAction.URL == sar.RunContext.Config.GitHubInstance
+}
+
 type remoteAction struct {
 	URL  string
 	Org  string