Fix #25088 This PR adds the support for [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) workflow trigger. `pull_request_target` is similar to `pull_request`, but the workflow triggered by the `pull_request_target` event runs in the context of the base branch of the pull request rather than the head branch. Since the workflow from the base is considered trusted, it can access the secrets and doesn't need approvals to run.
		
			
				
	
	
		
			145 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			145 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2023 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package integration
 | |
| 
 | |
| import (
 | |
| 	"net/url"
 | |
| 	"testing"
 | |
| 	"time"
 | |
| 
 | |
| 	actions_model "code.gitea.io/gitea/models/actions"
 | |
| 	"code.gitea.io/gitea/models/db"
 | |
| 	issues_model "code.gitea.io/gitea/models/issues"
 | |
| 	repo_model "code.gitea.io/gitea/models/repo"
 | |
| 	unit_model "code.gitea.io/gitea/models/unit"
 | |
| 	"code.gitea.io/gitea/models/unittest"
 | |
| 	user_model "code.gitea.io/gitea/models/user"
 | |
| 	actions_module "code.gitea.io/gitea/modules/actions"
 | |
| 	"code.gitea.io/gitea/modules/git"
 | |
| 	repo_module "code.gitea.io/gitea/modules/repository"
 | |
| 	pull_service "code.gitea.io/gitea/services/pull"
 | |
| 	repo_service "code.gitea.io/gitea/services/repository"
 | |
| 	files_service "code.gitea.io/gitea/services/repository/files"
 | |
| 
 | |
| 	"github.com/stretchr/testify/assert"
 | |
| )
 | |
| 
 | |
| func TestPullRequestTargetEvent(t *testing.T) {
 | |
| 	onGiteaRun(t, func(t *testing.T, u *url.URL) {
 | |
| 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of the base repo
 | |
| 		user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}) // owner of the forked repo
 | |
| 
 | |
| 		// create the base repo
 | |
| 		baseRepo, err := repo_service.CreateRepository(db.DefaultContext, user2, user2, repo_module.CreateRepoOptions{
 | |
| 			Name:          "repo-pull-request-target",
 | |
| 			Description:   "test pull-request-target event",
 | |
| 			AutoInit:      true,
 | |
| 			Gitignores:    "Go",
 | |
| 			License:       "MIT",
 | |
| 			Readme:        "Default",
 | |
| 			DefaultBranch: "main",
 | |
| 			IsPrivate:     false,
 | |
| 		})
 | |
| 		assert.NoError(t, err)
 | |
| 		assert.NotEmpty(t, baseRepo)
 | |
| 
 | |
| 		// enable actions
 | |
| 		err = repo_model.UpdateRepositoryUnits(baseRepo, []repo_model.RepoUnit{{
 | |
| 			RepoID: baseRepo.ID,
 | |
| 			Type:   unit_model.TypeActions,
 | |
| 		}}, nil)
 | |
| 		assert.NoError(t, err)
 | |
| 
 | |
| 		// create the forked repo
 | |
| 		forkedRepo, err := repo_service.ForkRepository(git.DefaultContext, user2, user3, repo_service.ForkRepoOptions{
 | |
| 			BaseRepo:    baseRepo,
 | |
| 			Name:        "forked-repo-pull-request-target",
 | |
| 			Description: "test pull-request-target event",
 | |
| 		})
 | |
| 		assert.NoError(t, err)
 | |
| 		assert.NotEmpty(t, forkedRepo)
 | |
| 
 | |
| 		// add workflow file to the base repo
 | |
| 		addWorkflowToBaseResp, err := files_service.ChangeRepoFiles(git.DefaultContext, baseRepo, user2, &files_service.ChangeRepoFilesOptions{
 | |
| 			Files: []*files_service.ChangeRepoFile{
 | |
| 				{
 | |
| 					Operation: "create",
 | |
| 					TreePath:  ".gitea/workflows/pr.yml",
 | |
| 					Content:   "name: test\non: pull_request_target\njobs:\n  test:\n    runs-on: ubuntu-latest\n    steps:\n      - run: echo helloworld\n",
 | |
| 				},
 | |
| 			},
 | |
| 			Message:   "add workflow",
 | |
| 			OldBranch: "main",
 | |
| 			NewBranch: "main",
 | |
| 			Author: &files_service.IdentityOptions{
 | |
| 				Name:  user2.Name,
 | |
| 				Email: user2.Email,
 | |
| 			},
 | |
| 			Committer: &files_service.IdentityOptions{
 | |
| 				Name:  user2.Name,
 | |
| 				Email: user2.Email,
 | |
| 			},
 | |
| 			Dates: &files_service.CommitDateOptions{
 | |
| 				Author:    time.Now(),
 | |
| 				Committer: time.Now(),
 | |
| 			},
 | |
| 		})
 | |
| 		assert.NoError(t, err)
 | |
| 		assert.NotEmpty(t, addWorkflowToBaseResp)
 | |
| 
 | |
| 		// add a new file to the forked repo
 | |
| 		addFileToForkedResp, err := files_service.ChangeRepoFiles(git.DefaultContext, forkedRepo, user3, &files_service.ChangeRepoFilesOptions{
 | |
| 			Files: []*files_service.ChangeRepoFile{
 | |
| 				{
 | |
| 					Operation: "create",
 | |
| 					TreePath:  "file_1.txt",
 | |
| 					Content:   "file1",
 | |
| 				},
 | |
| 			},
 | |
| 			Message:   "add file1",
 | |
| 			OldBranch: "main",
 | |
| 			NewBranch: "fork-branch-1",
 | |
| 			Author: &files_service.IdentityOptions{
 | |
| 				Name:  user3.Name,
 | |
| 				Email: user3.Email,
 | |
| 			},
 | |
| 			Committer: &files_service.IdentityOptions{
 | |
| 				Name:  user3.Name,
 | |
| 				Email: user3.Email,
 | |
| 			},
 | |
| 			Dates: &files_service.CommitDateOptions{
 | |
| 				Author:    time.Now(),
 | |
| 				Committer: time.Now(),
 | |
| 			},
 | |
| 		})
 | |
| 		assert.NoError(t, err)
 | |
| 		assert.NotEmpty(t, addFileToForkedResp)
 | |
| 
 | |
| 		// create Pull
 | |
| 		pullIssue := &issues_model.Issue{
 | |
| 			RepoID:   baseRepo.ID,
 | |
| 			Title:    "Test pull-request-target-event",
 | |
| 			PosterID: user3.ID,
 | |
| 			Poster:   user3,
 | |
| 			IsPull:   true,
 | |
| 		}
 | |
| 		pullRequest := &issues_model.PullRequest{
 | |
| 			HeadRepoID: forkedRepo.ID,
 | |
| 			BaseRepoID: baseRepo.ID,
 | |
| 			HeadBranch: "fork-branch-1",
 | |
| 			BaseBranch: "main",
 | |
| 			HeadRepo:   forkedRepo,
 | |
| 			BaseRepo:   baseRepo,
 | |
| 			Type:       issues_model.PullRequestGitea,
 | |
| 		}
 | |
| 		err = pull_service.NewPullRequest(git.DefaultContext, baseRepo, pullIssue, nil, nil, pullRequest, nil)
 | |
| 		assert.NoError(t, err)
 | |
| 
 | |
| 		// load and compare ActionRun
 | |
| 		actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID})
 | |
| 		assert.Equal(t, addWorkflowToBaseResp.Commit.SHA, actionRun.CommitSHA)
 | |
| 		assert.Equal(t, actions_module.GithubEventPullRequestTarget, actionRun.TriggerEvent)
 | |
| 	})
 | |
| }
 |