fix: action parameters are not granted access to secrets (#71)

Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/71
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
This commit is contained in:
earl-warren 2025-07-27 13:29:04 +00:00
commit 76ca8d5b17
No known key found for this signature in database
GPG key ID: F128CBE6AB3A7201
3 changed files with 15 additions and 9 deletions

View file

@ -61,5 +61,11 @@ jobs:
export VERBOSE=true
testdata/forgejo-release-test.sh test_run testuser otherrepo
- if: failure()
run: docker logs forgejo
- if: always()
name: '[RUNNER] and [FORGEJO] logs'
run: |
runner_logs="${{ steps.forgejo.outputs.runner-logs }}"
if test -f "$runner_logs"; then
sed -e 's/^/[RUNNER] /' < $runner_logs
fi
docker logs forgejo | sed -e 's/^/[FORGEJO] /'

View file

@ -6,21 +6,21 @@ description: |
inputs:
url:
description: 'URL of the Forgejo instance'
default: '${{ env.GITHUB_SERVER_URL }}'
default: '${{ env.FORGEJO_SERVER_URL }}'
repo:
description: 'owner/project relative to the URL'
default: '${{ github.repository }}'
default: '${{ forge.repository }}'
tag:
description: 'Tag of the release'
default: '${{ github.ref_name }}'
default: '${{ forge.ref_name }}'
title:
description: 'Title of the release (defaults to tag)'
sha:
description: 'SHA of the release'
default: '${{ github.sha }}'
default: '${{ forge.sha }}'
token:
description: 'Forgejo application token'
default: '${{ secrets.GITHUB_TOKEN }}'
default: '${{ forge.token }}'
release-dir:
description: 'Directory in whichs release assets are uploaded or downloaded'
required: true
@ -57,7 +57,7 @@ inputs:
runs:
using: "composite"
steps:
- run: echo "${{ github.action_path }}" >> $GITHUB_PATH
- run: echo "${{ forge.action_path }}" >> $FORGEJO_PATH
shell: bash
- run: |
export FORGEJO="${{ inputs.url }}"

View file

@ -19,7 +19,7 @@ if ${VERBOSE:-false}; then set -x; fi
: ${RETRY:=1}
: ${DELAY:=10}
RELEASE_NOTES_ASSISTANT_VERSION=v1.3.3 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
RELEASE_NOTES_ASSISTANT_VERSION=v1.3.5 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
TAG_FILE="$TMP_DIR/tag$$.json"
TAG_URL=$(echo "$TAG" | sed 's/\//%2F/g')