Jonathan Miller
d4824dc05b
Rebrand the built-in actions bot user from upstream Gitea naming to MokoGitea branding: - Name: gitea-actions → mokogitea-actions - FullName: Gitea Actions → MokoGitea Actions - Email: teabot@gitea.io → mokogitea-actions[bot]@mokoconsulting.tech Add backward-compatible name recognition so all three bot name variants (mokogitea-actions, gitea-actions, github-actions) with optional [bot] suffix resolve to the same system user. Add WhitelistActionsUser, MergeWhitelistActionsUser, and ForcePushAllowlistActionsUser toggles to branch protection rules, allowing CI/CD workflows to push to protected branches when explicitly enabled. Previously the actions bot (virtual user ID -2) could never be added to whitelist because updateUserWhitelist() only validates real database users. Closes #233 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
110 lines
2.9 KiB
Go
110 lines
2.9 KiB
Go
// Copyright 2022 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package user
|
|
|
|
import (
|
|
"strconv"
|
|
"strings"
|
|
|
|
"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/structs"
|
|
)
|
|
|
|
const (
|
|
GhostUserID int64 = -1
|
|
GhostUserName = "Ghost"
|
|
)
|
|
|
|
// NewGhostUser creates and returns a fake user for someone has deleted their account.
|
|
func NewGhostUser() *User {
|
|
return &User{
|
|
ID: GhostUserID,
|
|
Name: GhostUserName,
|
|
LowerName: strings.ToLower(GhostUserName),
|
|
}
|
|
}
|
|
|
|
// IsGhost check if user is fake user for a deleted account
|
|
func (u *User) IsGhost() bool {
|
|
if u == nil {
|
|
return false
|
|
}
|
|
return u.ID == GhostUserID && u.Name == GhostUserName
|
|
}
|
|
|
|
const (
|
|
ActionsUserID int64 = -2
|
|
ActionsUserName = "mokogitea-actions"
|
|
ActionsUserEmail = "mokogitea-actions[bot]@mokoconsulting.tech"
|
|
|
|
// Legacy names recognized as aliases for the actions bot user.
|
|
ActionsUserNameLegacyGitea = "gitea-actions"
|
|
ActionsUserNameLegacyGitHub = "github-actions"
|
|
)
|
|
|
|
// NewActionsUser creates and returns a fake user for running the actions.
|
|
func NewActionsUser() *User {
|
|
return &User{
|
|
ID: ActionsUserID,
|
|
Name: ActionsUserName,
|
|
LowerName: ActionsUserName,
|
|
IsActive: true,
|
|
FullName: "MokoGitea Actions",
|
|
Email: ActionsUserEmail,
|
|
KeepEmailPrivate: true,
|
|
LoginName: ActionsUserName,
|
|
Type: UserTypeBot,
|
|
Visibility: structs.VisibleTypePublic,
|
|
}
|
|
}
|
|
|
|
func NewActionsUserWithTaskID(id int64) *User {
|
|
u := NewActionsUser()
|
|
// LoginName is for only internal usage in this case, so it can be moved to other fields in the future
|
|
u.LoginSource = -1
|
|
u.LoginName = "@" + ActionsUserName + "/" + strconv.FormatInt(id, 10)
|
|
return u
|
|
}
|
|
|
|
func GetActionsUserTaskID(u *User) (int64, bool) {
|
|
if u == nil || u.ID != ActionsUserID {
|
|
return 0, false
|
|
}
|
|
prefix, payload, _ := strings.Cut(u.LoginName, "/")
|
|
if prefix != "@"+ActionsUserName {
|
|
return 0, false
|
|
} else if taskID, err := strconv.ParseInt(payload, 10, 64); err == nil {
|
|
return taskID, true
|
|
}
|
|
return 0, false
|
|
}
|
|
|
|
// IsActions checks whether this user is the built-in actions bot.
|
|
func (u *User) IsActions() bool {
|
|
return u != nil && u.ID == ActionsUserID
|
|
}
|
|
|
|
// IsGiteaActions is a deprecated alias for IsActions.
|
|
func (u *User) IsGiteaActions() bool {
|
|
return u.IsActions()
|
|
}
|
|
|
|
// isActionsName returns true if the given name (case-insensitive, with
|
|
// optional "[bot]" suffix stripped) matches any known actions bot name.
|
|
func isActionsName(name string) bool {
|
|
clean := strings.TrimSuffix(name, "[bot]")
|
|
return strings.EqualFold(clean, ActionsUserName) ||
|
|
strings.EqualFold(clean, ActionsUserNameLegacyGitea) ||
|
|
strings.EqualFold(clean, ActionsUserNameLegacyGitHub)
|
|
}
|
|
|
|
func GetSystemUserByName(name string) *User {
|
|
if strings.EqualFold(name, GhostUserName) {
|
|
return NewGhostUser()
|
|
}
|
|
if isActionsName(name) {
|
|
return NewActionsUser()
|
|
}
|
|
return nil
|
|
}
|