add valid github scopes (#36977)
test for github supported scopes with test to ensure all of them work and don't panic fixes: https://github.com/go-gitea/gitea/issues/36967
This commit is contained in:
@@ -117,6 +117,11 @@ func parseRawPermissionsExplicit(rawPerms *yaml.Node) *repo_model.ActionsTokenPe
|
|||||||
result.UnitAccessModes[unit.TypeReleases] = mode
|
result.UnitAccessModes[unit.TypeReleases] = mode
|
||||||
case "projects":
|
case "projects":
|
||||||
result.UnitAccessModes[unit.TypeProjects] = mode
|
result.UnitAccessModes[unit.TypeProjects] = mode
|
||||||
|
// Scopes github supports but gitea does not, see url for details
|
||||||
|
// https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax
|
||||||
|
case "artifact-metadata", "attestations", "checks", "deployments",
|
||||||
|
"id-token", "models", "discussions", "pages", "security-events", "statuses":
|
||||||
|
// not supported
|
||||||
default:
|
default:
|
||||||
setting.PanicInDevOrTesting("Unrecognized permission scope: %s", scope)
|
setting.PanicInDevOrTesting("Unrecognized permission scope: %s", scope)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -33,6 +33,36 @@ func TestParseRawPermissions_ReadAll(t *testing.T) {
|
|||||||
assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeProjects])
|
assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeProjects])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestParseRawPermissions_GithubScopes verifies that all scopes that github supports are accounted for
|
||||||
|
func TestParseRawPermissions_GithubScopes(t *testing.T) {
|
||||||
|
var rawPerms yaml.Node
|
||||||
|
// Taken and stripped down from:
|
||||||
|
// https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#defining-access-for-the-github_token-scopes
|
||||||
|
yamlContent := `
|
||||||
|
actions: read
|
||||||
|
artifact-metadata: read
|
||||||
|
attestations: read
|
||||||
|
checks: read
|
||||||
|
contents: read
|
||||||
|
deployments: read
|
||||||
|
id-token: write
|
||||||
|
issues: read
|
||||||
|
models: read
|
||||||
|
discussions: read
|
||||||
|
packages: read
|
||||||
|
pages: read
|
||||||
|
pull-requests: read
|
||||||
|
security-events: read
|
||||||
|
statuses: read`
|
||||||
|
err := yaml.Unmarshal([]byte(yamlContent), &rawPerms)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
result := parseRawPermissionsExplicit(&rawPerms)
|
||||||
|
require.NotNil(t, result)
|
||||||
|
|
||||||
|
// No asserts for permissions set on purpose
|
||||||
|
}
|
||||||
|
|
||||||
func TestParseRawPermissions_WriteAll(t *testing.T) {
|
func TestParseRawPermissions_WriteAll(t *testing.T) {
|
||||||
var rawPerms yaml.Node
|
var rawPerms yaml.Node
|
||||||
err := yaml.Unmarshal([]byte(`write-all`), &rawPerms)
|
err := yaml.Unmarshal([]byte(`write-all`), &rawPerms)
|
||||||
|
|||||||
Reference in New Issue
Block a user