Fix security issues with cache by proxying access #107

Merged

Kwonunn merged 25 commits from Kwonunn/act:fix/cache-proxy into main 2025-03-21 14:19:38 +00:00

Conversation 8 Commits 25 Files changed 8 +560 -63

Kwonunn commented 2025-03-21 13:14:48 +00:00

Member

Copy link

This is the act-side patch for a partial overhaul of the cache system to fix some access control issues with caches.

This will be followed shortly by a pull request to forgejo-runner to use the new updated version of forgejo-act.

@Gusted @earl-warren @viceice

This is the act-side patch for a partial overhaul of the cache system to fix some access control issues with caches. This will be followed shortly by a pull request to forgejo-runner to use the new updated version of forgejo-act. @Gusted @earl-warren @viceice

cascading-pr referenced this pull request from forgejo/runner 2025-03-21 13:15:50 +00:00

cascading-pr from https://code.forgejo.org/forgejo/act refs/pull/107/head to forgejo/act-107 #501

cascading-pr commented 2025-03-21 13:15:51 +00:00

Contributor

Copy link

cascading-pr updated at forgejo/runner#501

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/501

Kwonunn force-pushed fix/cache-proxy from 40cf7f2775 to 2a60f56954 2025-03-21 13:21:21 +00:00 Compare

cascading-pr commented 2025-03-21 13:22:05 +00:00

Contributor

Copy link

cascading-pr updated at forgejo/runner#501

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/501

earl-warren commented 2025-03-21 13:29:35 +00:00

Contributor

Copy link

#108 should fix the false negative at https://code.forgejo.org/forgejo/act/actions/runs/527/jobs/0

https://code.forgejo.org/forgejo/act/pulls/108 should fix the false negative at https://code.forgejo.org/forgejo/act/actions/runs/527/jobs/0

earl-warren commented 2025-03-21 13:45:18 +00:00

Contributor

Copy link

@earl-warren wrote in #107 (comment):

#108 should fix the false negative at https://code.forgejo.org/forgejo/act/actions/runs/527/jobs/0

Merged, you can rebase now 🚀

@earl-warren wrote in https://code.forgejo.org/forgejo/act/pulls/107#issuecomment-35319: > #108 should fix the false negative at https://code.forgejo.org/forgejo/act/actions/runs/527/jobs/0 Merged, you can rebase now 🚀

Kwonunn force-pushed fix/cache-proxy from 2a60f56954 to 0391b0c951 2025-03-21 13:45:53 +00:00 Compare

cascading-pr commented 2025-03-21 13:46:37 +00:00

Contributor

Copy link

cascading-pr updated at forgejo/runner#501

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/501

earl-warren commented 2025-03-21 13:59:16 +00:00

Contributor

Copy link

https://code.forgejo.org/forgejo/runner/actions/runs/3473/jobs/0 this error appears to be related?

https://code.forgejo.org/forgejo/runner/actions/runs/3473/jobs/0 this error appears to be related?

Kwonunn commented 2025-03-21 14:02:07 +00:00

Author

Member

Copy link

Since there is stuff changing on both the act side and the forgejo-runner side, they would both need to be updated at the same time. This error occurs because it tries to build the old version of forgejo-runner with the new version of act which doesn't work because some function signatures have changed.

I think the way to fix this is to manually verify that the new version of the runner will build with the new version of act, and then merge this PR. Then opening the PR for forgejo-runner should work normally.

Since there is stuff changing on both the act side and the forgejo-runner side, they would both need to be updated at the same time. This error occurs because it tries to build the old version of forgejo-runner with the new version of act which doesn't work because some function signatures have changed. I think the way to fix this is to manually verify that the new version of the runner will build with the new version of act, and then merge this PR. Then opening the PR for forgejo-runner should work normally.

👍 1

Kwonunn referenced this pull request from forgejo/runner 2025-03-21 14:12:13 +00:00

Fix security issues with cache by proxying access #502

Kwonunn merged commit 110b6bd72c into main 2025-03-21 14:19:38 +00:00

Kwonunn deleted branch fix/cache-proxy 2025-03-21 14:19:38 +00:00

Kwonunn referenced this pull request from a commit 2025-03-21 14:19:38 +00:00

Merge pull request 'Fix security issues with cache by proxying access' (#107) from Kwonunn/act:fix/cache-proxy into main

viceice approved these changes 2025-03-21 19:55:55 +00:00

Kwonunn referenced this pull request from a commit 2025-03-22 00:03:10 +00:00

Fix security issues with cache by proxying access (#503)

earl-warren referenced this pull request from forgejo/runner 2025-07-02 09:58:07 +00:00

feat: --use-new-action-cache to avoid race conditions #420

earl-warren referenced this pull request from a commit 2025-07-28 17:10:29 +00:00

Merge pull request 'Fix security issues with cache by proxying access' (#107) from Kwonunn/act:fix/cache-proxy into main

Commenting is not possible because the repository is archived.

Reviewers

No reviewers

viceice

Labels

Clear labels   

Compat/Breaking

Breaking change that won't be backward compatible

  

Kind/Bug

Something is not working

  

Kind

Chore

Housekeeping, cleanup and chores

  

Kind/Documentation

Documentation changes

  

Kind/Enhancement

Improve existing functionality

  

Kind/Feature

New functionality

  

Kind/Security

This is security issue

  

Kind/Testing

Issue or pull request related to testing

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority

Low

The priority is low

  

Priority

Medium

The priority is medium

  

Reviewed

Confirmed

Issue has been confirmed

  

Reviewed

Duplicate

This issue or pull request already exists

  

Reviewed

Invalid

Invalid issue

  

Reviewed

Won't Fix

This issue won't be fixed

  

Status

Abandoned

Somebody has started to work on this but abandoned work

  

Status

Blocked

Something is blocking this issue or pull request

  

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No labels

Compat/Breaking

Kind/Bug

Kind

Chore

Kind/Documentation

Kind/Enhancement

Kind/Feature

Kind/Security

Kind/Testing

Priority

Critical

Priority

High

Priority

Low

Priority

Medium

Reviewed

Confirmed

Reviewed

Duplicate

Reviewed

Invalid

Reviewed

Won't Fix

Status

Abandoned

Status

Blocked

Status

Need More Info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

4 participants

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo/act!107

No description provided.