Created by emersion on 2023年12月19日 16:10:49
Optionally, handle sr.ht tokens with the SECRETS:RO scope. Need to be careful not to leak secrets to third parties.
Created by emersion on 2023年12月19日 16:10:49
Optionally, handle sr.ht tokens with the SECRETS:RO scope. Need to be careful not to leak secrets to third parties.
Created by sircmpwn on 2024年03月24日 22:23:22
Could use this one for pushes (and not pull requests).
Created by emersion on 2024年03月25日 18:00:33
(Ah, and of course turning on secrets will grant access to any of your secrets to the Forgejo instance administrators as well.)
Created by emersion on 2024年03月25日 17:58:43
This is a bit tricky security-wise because turning on secrets for pushes will grant access to all of your secrets to anyone with access to the repository.
In hottub we only allow secrets if the owner of the repository has submitted the build. A more general solution would need a UI to allow a fixed list of secrets per repo, likely (but will still have security issues for many use-cases: SSH deploy keys and tokens with write access to more than just the specific project would be insecure, for instance).
Created by sircmpwn on 2024年03月26日 09:01:55
Fixed list of secrets per repo would make sense. Another option which could be more secure is to tell yojo that build manifest changes have to be approved by (or pushed by) an admin before they apply, then it keeps a hash of the build manifest in the database for reference.
Created by emersion on 2024年10月11日 16:30:11
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?