Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schedule an automerge from API (accidentally) with ${{ secrets.GITHUB_TOKEN }} will break the PR #31056

Open
Shuenhoy opened this issue May 23, 2024 · 2 comments · May be fixed by #31173
Open

Schedule an automerge from API (accidentally) with ${{ secrets.GITHUB_TOKEN }} will break the PR #31056

Shuenhoy opened this issue May 23, 2024 · 2 comments · May be fixed by #31173
Labels
type/bug
Milestone
1.22.5

Comments

@Shuenhoy
Copy link

Description

I accidentally scheduled an automerge from API with ${{ secrets.GITHUB_TOKEN }} in action (I should have used a PAT). And the PR got broken.

Gitea Version

1.21.10

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

b500

Git Version

No response

Operating System

No response

How are you running Gitea?

Docker

Database

PostgreSQL
@Shuenhoy Shuenhoy changed the title Schedule an automerge from API and ${{ secrets.GITHUB_TOKEN }} will break the PR Schedule an automerge from API (accidentally) with ${{ secrets.GITHUB_TOKEN }} will break the PR May 23, 2024
@lunny lunny added this to the 1.22.0 milestone May 23, 2024
@lunny
Copy link
Member

lunny commented May 23, 2024

You should use PAT to do that. And it should return that you have no permission to do that if you use secrets.GITHUB_TOKEN.

@lunny lunny mentioned this issue May 27, 2024
Closed
@lunny
Copy link
Member

lunny commented May 27, 2024

I created #31094 to test whether action users have been allowed to merge a PR. Looks like it should have no permission to do that.

@lunny lunny modified the milestones: 1.22.0, 1.22.1 May 27, 2024
@lunny lunny linked a pull request May 30, 2024 that will close this issue
Draft
1 task
@lunny lunny modified the milestones: 1.22.1, 1.22.2 Jul 5, 2024
@lunny lunny modified the milestones: 1.22.2, 1.22.3 Sep 2, 2024
@lunny lunny modified the milestones: 1.22.3, 1.22.4 Oct 9, 2024
@lunny lunny modified the milestones: 1.22.4, 1.22.5 Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.22.5
Development

Successfully merging a pull request may close this issue.

Fix merge/automerge a pull request from actions runner task lunny/gitea
2 participants
@lunny @Shuenhoy