github/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-07-29 15:28:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Also consider actions user when evaluating push privileges on protected branch

Browse Source
This commit is contained in:
Naxdy 2025-07-12 11:17:40 +02:00
parent 6599efb3b1
commit 301a9caa4c
No known key found for this signature in database
GPG Key ID: CC15075846BCE91B
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
options/locale/locale_en-US.ini
View File

@ -2490,12 +2490,12 @@ settings.protect_enable_merge = Enable Merge
settings.protect_enable_merge_desc = Anyone with write access will be allowed to merge the pull requests into this branch.
settings.protect_whitelist_committers = Allowlist Restricted Push
settings.protect_whitelist_committers_desc = Only allowlisted users or teams will be allowed to push to this branch (but not force push).
settings.protect_whitelist_deploy_keys = Allowlist deploy keys with write access to push.
settings.protect_whitelist_deploy_keys = Allowlist actions & deploy keys with write access to push.
settings.protect_whitelist_users = Allowlisted users for pushing:
settings.protect_whitelist_teams = Allowlisted teams for pushing:
settings.protect_force_push_allowlist_users = Allowlisted users for force pushing:
settings.protect_force_push_allowlist_teams = Allowlisted teams for force pushing:
settings.protect_force_push_allowlist_deploy_keys = Allowlist deploy keys with push access to force push.
settings.protect_force_push_allowlist_deploy_keys = Allowlist actions & deploy keys with push access to force push.
settings.protect_merge_whitelist_committers = Enable Merge Allowlist
settings.protect_merge_whitelist_committers_desc = Allow only allowlisted users or teams to merge pull requests into this branch.
settings.protect_merge_whitelist_users = Allowlisted users for merging:

2
routers/private/hook_pre_receive.go
View File

@ -253,7 +253,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
// 5. Check if the doer is allowed to push (and force-push if the incoming push is a force-push)
var canPush bool
if ctx.opts.DeployKeyID != 0 {
if ctx.opts.DeployKeyID != 0 || ctx.user.ID == user_model.ActionsUserID {
// This flag is only ever true if protectBranch.CanForcePush is true
if isForcePush {
canPush = !changedProtectedfiles && protectBranch.CanPush && (!protectBranch.EnableForcePushAllowlist || protectBranch.ForcePushAllowlistDeployKeys)