search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.37k stars 5.52k forks source link

Finer grained permission for writing commit status #32625

Open ascandella opened 6 days ago

ascandella commented 6 days ago

Feature Description

Currently, to generate a token that can create commit statuses via the API, it must have write:repository. This is less than ideal from a security perspective, where I'd like to give a token to some automation tools that can write commit statuses but not write to the repository.

An example of this is a deployment system. I use ArgoCD with my Gitea instance and I have the notifications controller set up to send commit statuses when applications are synced successfully or with an error. In this context I don't want to have a token anywhere that can write to my repository.

Proposal: create a new permissions for commit statuses (read, and read+write) and update the API to only require commit statuses privileges to read/write commit status. Additionally, for backwards compatibility and sanity leave the repository permission as sufficient for commit statuses as well.

If this idea is acceptable, I'd be happy to implement it myself.

Screenshots

No response

wxiaoguang commented 3 days ago

Do you mean something like

?

ascandella commented 3 days ago

Do you mean something like

  • write:repository: allow writing commit status (as before, for backwards compatibility)

  • write:commit_status: also allow writing commit status (but not others)

?

Exactly. And probably a read:commit_status although I don't know of a great use for that without read:repository access (which would still be sufficient for reading commit statuses)... thoughts?

wxiaoguang commented 3 days ago

Yup, the "read" permission for a commit status seems quite strange, no idea whether it should really be introduced (while it is also strange not introducing it .....)

Overall I think your idea is pretty good (acceptable to me). The real challenge is that how to implement it (the token scope system is complex 🤣 )

ascandella commented 3 days ago

Ok cool, I'll start digging into the code in the next few weeks and see what I can come up with. Thanks!

ascandella commented 3 days ago

For reference GitHub has a read-only commit statuses option:

image

https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#get-the-combined-status-for-a-specific-reference