private repositories are included in webhooks

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD

https://gitea.com

MIT License

44.67k stars 5.46k forks source link

private repositories are included in webhooks #28632

Open bryanpedini opened 9 months ago

bryanpedini commented 9 months ago

Description

private repositories events (creation, branches, commits, etc) are included in webhooks.

Expected behavior: the webhook is not triggered - OR there is a setting in the webhook definition to include or not private events

Steps to reproduce - Actual behavior: go to try.gitea.io - log in / create an account create a telegram webhook create a private repository the webhook is triggered

Gitea Version

master

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Tried on try.gitea.io

Database

None

bryanpedini commented 9 months ago

to be clear - I'm more on the side of suggesting an option in the webhook definition to include or not private repositories' events - the reported issue is to bring to your attention that currently, with no option to define this, the behavior is that a private repository is included in webhooks, potentially making private repositories useless if the webhook is defined system-wide (my case)

lunny commented 9 months ago

So I don't think it's a proposal rather than a bug.

bryanpedini commented 9 months ago

I was more thinking that the code to check if the repository is private or not, and to not trigger webhooks, could already be implemented as a resolution to the bug of it not behaving as expected. then the setting per-webhook to include or not the private repositories could be treated as a feature and reuse the code to check the privateness of the repo... if that makes sense.