go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.82k stars 5.47k forks source link

[actions] Cannot use an action hosted in a private repository owned by the same user #24621

Open thomas-maurice opened 1 year ago

thomas-maurice commented 1 year ago

Description

It does not seem to be possible to use an action hosted on a private gitea instance (the runner being registered on the said instance, and the user owning both repos), the runner fails in the setup phase with:

Unable to clone https://XXX/thomas/actions refs/heads/latest: authentication required

The sample .gitea/workflows/pr.yml I used was

---
name: Test pull requests
run-name: ${{ github.actor }} is doing a PR
concurrency:
  cancel-in-progress: true
on: [pull_request]
jobs:
  "Test and build":
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: read
      repository-projects: read
    steps:
      - uses: https://XXX/thomas/actions/setup@latest

As you see I tried to add a bunch of permissions but it didn't seem to do anything (I was working under the assumption these would work the same as github, might be wrong)

I also tried to put an ssh:// cloning scheme but it failed as well with

Expected format {org}/{repo}[/path]@ref. Actual 'ssh://gitea@XXXXXXXX:PORT/thomas/actions/setup@latest' Input string was not in a correct format

Gitea Version

1.19.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.34.1

Operating System

Ubuntu 22.04

How are you running Gitea?

Stock binary downloaded from github

Database

PostgreSQL

wolfogre commented 1 year ago

I understand. However, permissions doen't not work on Gitea Actions yet. See https://docs.gitea.io/en-us/usage/actions/comparison/#permissions-and-jobsjob_idpermissions

Therefore, the job can only access the related repository and not other private repositories.

thomas-maurice commented 1 year ago

Oooooh, it makes sense @wolfogre thank you! I wasn't sure if it was a bug or because the feature is still in early days. Thank you for clarifying !

wolfogre commented 1 year ago

And a proposal for this:

thomas-maurice commented 1 year ago

Thank you for following up :)