Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gitea actions permissions problem with pull requests #32302

Open
Olen opened this issue Oct 21, 2024 · 0 comments
Open

Gitea actions permissions problem with pull requests #32302

Olen opened this issue Oct 21, 2024 · 0 comments
Labels
type/bug

Comments

@Olen
Copy link

Olen commented Oct 21, 2024

Description

There seems to be a problem with the action permissions for pull-requests

I have an action with the following permissions:

    permissions:
      contents: write
      pull-requests: write

And I can see that tea is allowed to run most required commands.

tea whoami                                                                                                            
                                                                                                                                                                            
   gitea-actions                                                                                                                                                            
                                                                                                                                                                            
  Follower Count: 0, Following Count: 0, Starred Repos: 0

I can view pull-requests and I can comment/review on pull requests

tea pr list                                                                                                           
+-------+--------------------------------+-------+--------------+-----------+------------------+--------+                                                                   
| INDEX |             TITLE              | STATE |    AUTHOR    | MILESTONE |     UPDATED      | LABELS |
+-------+--------------------------------+-------+--------------+-----------+------------------+--------+
|     4 | chore(template): merge         | open  | Ola Thoresen |           | 2024-10-21 13:05 |        |                                                                   
|       | template changes :up:          |       |              |           |                  |        |                                                                   
+-------+--------------------------------+-------+--------------+-----------+------------------+--------+            

tea pr review 4
(...)
? Concluding comment: 
Must check
https://xxxxx/olen/test-template-sync/pulls/4#issuecomment-15
  • And the comments shows up as created by gitea-actions:

image

But I am not allowed to create pull requests:

tea pr create
(...)
Error: could not create PR from chore/template_sync_56c0689 to olen:main: Can't read pulls or can't read UnitTypeCode

If I add another login in the run with a different token, I am allowed to create a PR.

tea pr create --login foo
                                                                                                                                                                            
   #5 Chore/Template Sync 56c0689 (open)                                                                              
                                                                                                                      
  @olen created 2024-10-21 13:10        main <- chore/template_sync_56c0689

I added some trace logging which shows that this is a permission problem:

2024/10/21 15:01:03 ...s/repo_permission.go:199:func1() [T] Permission Loaded for user <User -2:gitea-actions> in repo <Repository 11:olen/test-template-sync>, permissions: {AccessMode:0 units:[0xc006c1f780 0xc006c1f7c0 0xc006c1f840 0xc006c1f880 0xc006c1f8c0 0xc006c1f900 0xc006c1f940 0xc006c1f980] unitsMode:map[] everyoneAccessMode:map[]}
2024/10/21 15:01:03 .../api/v1/repo/pull.go:1132:parseCompareInfo() [T] Permission Denied: User <User -2:gitea-actions> cannot create/read pull requests or cannot read code in Repo <Repository 11:olen/test-template-sync>
User in baseRepo has Permissions: {AccessMode:0 units:[0xc006c1f780 0xc006c1f7c0 0xc006c1f840 0xc006c1f880 0xc006c1f8c0 0xc006c1f900 0xc006c1f940 0xc006c1f980] unitsMode:map[] everyoneAccessMode:map[]}
2024/10/21 15:01:03 ...s/process/manager.go:231:remove() [T] Done 6716508f-8: /usr/bin/git cat-file --batch-check [repo_path: /data/git/repositories/olen/test-template-sync.git] (modules/git/repo_base_nogogit.go:90)
2024/10/21 15:01:03 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/v1/repos/olen/test-template-sync/pulls for 10.42.42.34:37748, 404 Not Found in 35.8ms @ repo/pull.go:344(repo.CreatePullRequest)
2024/10/21 15:01:03 ...s/process/manager.go:231:remove() [T] Done 6716508f-6: POST: /api/v1/repos/olen/test-template-sync/pulls

Gitea Version

1.22.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

git version 2.45.2

Operating System

docker

How are you running Gitea?

docker
image: gitea/gitea:latest

Database

MySQL/MariaDB
@Olen Olen added the type/bug label Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Olen