potyarkin/forgejo-runner-act
1
0
Fork 0
Code Issues Pull requests Activity

Add token for getting reusable workflows from local private repos (#38)

Browse source 
Partially fixes https://gitea.com/gitea/act_runner/issues/91

If the repository is private, we need to provide the token to the caller workflows to access the called reusable workflows from the same repository.

Reviewed-on: https://gitea.com/gitea/act/pulls/38
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
This commit is contained in:
Zettat123 2023-04-06 14:16:20 +08:00 committed by Jason Song
parent cfedc518ca
commit 62abf4fe11
2 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
pkg/runner/reusable_workflow.go
View file

@ -30,8 +30,11 @@ func newLocalReusableWorkflowExecutor(rc *RunContext) common.Executor {
workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses)) workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses))
// If the repository is private, we need a token to clone it
token := rc.Config.GetToken()
return common.NewPipelineExecutor( return common.NewPipelineExecutor(
newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir)), newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir, token)),
newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()), newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()),
) )
} }
@ -47,8 +50,11 @@ func newRemoteReusableWorkflowExecutor(rc *RunContext) common.Executor {
workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses)) workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses))
// FIXME: if the reusable workflow is from a private repository, we need to provide a token to access the repository.
token := ""
return common.NewPipelineExecutor( return common.NewPipelineExecutor(
newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir)), newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir, token)),
newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()), newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()),
) )
} }
@ -66,7 +72,7 @@ func newMutexExecutor(executor common.Executor) common.Executor {
} }
} }
func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkflow, targetDirectory string) common.Executor { func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkflow, targetDirectory, token string) common.Executor {
return common.NewConditionalExecutor( return common.NewConditionalExecutor(
func(ctx context.Context) bool { func(ctx context.Context) bool {
_, err := os.Stat(targetDirectory) _, err := os.Stat(targetDirectory)
@ -77,7 +83,7 @@ func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkfl
URL: remoteReusableWorkflow.CloneURL(), URL: remoteReusableWorkflow.CloneURL(),
Ref: remoteReusableWorkflow.Ref, Ref: remoteReusableWorkflow.Ref,
Dir: targetDirectory, Dir: targetDirectory,
Token: rc.Config.Token, Token: token,
}), }),
nil, nil,
) )

8
pkg/runner/runner.go
View file

@ -66,6 +66,14 @@ type Config struct {
JobLoggerLevel *log.Level // the level of job logger JobLoggerLevel *log.Level // the level of job logger
} }
func (c Config) GetToken() string {
token := c.Secrets["GITHUB_TOKEN"]
if c.Secrets["GITEA_TOKEN"] != "" {
token = c.Secrets["GITEA_TOKEN"]
}
return token
}
type caller struct { type caller struct {
runContext *RunContext runContext *RunContext
} }