fix: action parameters are not granted access to secrets (#71)

Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/71 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2025-08-10 11:01:05 +00:00 · 2025-07-27 13:29:04 +00:00 · 2025-07-27 13:29:04 +00:00 · 76ca8d5b17
parent b669ffeda7 d21db0da1a
commit 76ca8d5b17
3 changed files with 15 additions and 9 deletions
--- a/.forgejo/workflows/integration.yml
+++ b/.forgejo/workflows/integration.yml
@ -61,5 +61,11 @@ jobs:
          export VERBOSE=true
          testdata/forgejo-release-test.sh test_run testuser otherrepo

-      - if: failure()
-        run: docker logs forgejo
+      - if: always()
+        name: '[RUNNER] and [FORGEJO] logs'
+        run: |
+          runner_logs="${{ steps.forgejo.outputs.runner-logs }}"
+          if test -f "$runner_logs"; then
+            sed -e 's/^/[RUNNER] /' < $runner_logs
+          fi
+          docker logs forgejo | sed -e 's/^/[FORGEJO] /'
--- a/action.yml
+++ b/action.yml
@ -6,21 +6,21 @@ description: |
 inputs:
  url:
    description: 'URL of the Forgejo instance'
-    default: '${{ env.GITHUB_SERVER_URL }}'
+    default: '${{ env.FORGEJO_SERVER_URL }}'
  repo:
    description: 'owner/project relative to the URL'
-    default: '${{ github.repository }}'
+    default: '${{ forge.repository }}'
  tag:
    description: 'Tag of the release'
-    default: '${{ github.ref_name }}'
+    default: '${{ forge.ref_name }}'
  title:
    description: 'Title of the release (defaults to tag)'
  sha:
    description: 'SHA of the release'
-    default: '${{ github.sha }}'
+    default: '${{ forge.sha }}'
  token:
    description: 'Forgejo application token'
-    default: '${{ secrets.GITHUB_TOKEN }}'
+    default: '${{ forge.token }}'
  release-dir:
    description: 'Directory in whichs release assets are uploaded or downloaded'
    required: true
@ -57,7 +57,7 @@ inputs:
 runs:
  using: "composite"
  steps:
-    - run: echo "${{ github.action_path }}" >> $GITHUB_PATH
+    - run: echo "${{ forge.action_path }}" >> $FORGEJO_PATH
      shell: bash
    - run: |
        export FORGEJO="${{ inputs.url }}"
--- a/forgejo-release.sh
+++ b/forgejo-release.sh
@ -19,7 +19,7 @@ if ${VERBOSE:-false}; then set -x; fi
 : ${RETRY:=1}
 : ${DELAY:=10}

-RELEASE_NOTES_ASSISTANT_VERSION=v1.3.3 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+RELEASE_NOTES_ASSISTANT_VERSION=v1.3.5 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org

 TAG_FILE="$TMP_DIR/tag$$.json"
 TAG_URL=$(echo "$TAG" | sed 's/\//%2F/g')