public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-04-19 02:31:59 +09:00
Code Issues Packages Projects Releases Wiki Activity

add valid github scopes (#36977)

Browse Source 
test for github supported scopes with test to ensure all of them work
and don't panic

fixes: https://github.com/go-gitea/gitea/issues/36967
This commit is contained in:
TheFox0x7
2026-03-24 20:16:23 +01:00
committed by GitHub
parent c96cc70144
commit cfd9008891
2 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
services/actions/permission_parser.go
View File

@@ -117,6 +117,11 @@ func parseRawPermissionsExplicit(rawPerms *yaml.Node) *repo_model.ActionsTokenPe
result.UnitAccessModes[unit.TypeReleases] = mode
case "projects":
result.UnitAccessModes[unit.TypeProjects] = mode
// Scopes github supports but gitea does not, see url for details
// https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax
case "artifact-metadata", "attestations", "checks", "deployments",
"id-token", "models", "discussions", "pages", "security-events", "statuses":
// not supported
default:
setting.PanicInDevOrTesting("Unrecognized permission scope: %s", scope)
}

30
services/actions/permission_parser_test.go
View File

@@ -33,6 +33,36 @@ func TestParseRawPermissions_ReadAll(t *testing.T) {
assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeProjects])
}
// TestParseRawPermissions_GithubScopes verifies that all scopes that github supports are accounted for
func TestParseRawPermissions_GithubScopes(t *testing.T) {
var rawPerms yaml.Node
// Taken and stripped down from:
// https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#defining-access-for-the-github_token-scopes
yamlContent := `
actions: read
artifact-metadata: read
attestations: read
checks: read
contents: read
deployments: read
id-token: write
issues: read
models: read
discussions: read
packages: read
pages: read
pull-requests: read
security-events: read
statuses: read`
err := yaml.Unmarshal([]byte(yamlContent), &rawPerms)
require.NoError(t, err)
result := parseRawPermissionsExplicit(&rawPerms)
require.NotNil(t, result)
// No asserts for permissions set on purpose
}
func TestParseRawPermissions_WriteAll(t *testing.T) {
var rawPerms yaml.Node
err := yaml.Unmarshal([]byte(`write-all`), &rawPerms)