Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Runner registration token via API is broken for repo level runners #31707

Closed
floriankessler opened this issue Jul 26, 2024 · 0 comments · Fixed by #31722, #31724 or #31725
Closed

Runner registration token via API is broken for repo level runners #31707

floriankessler opened this issue Jul 26, 2024 · 0 comments · Fixed by #31722, #31724 or #31725
Labels
topic/gitea-actions related to the actions of Gitea type/bug

Comments

@floriankessler
Copy link

floriankessler commented Jul 26, 2024

Description

While I can obtain a token through an "undocumented" API call, using it results in broken runner behavior.

  1. Retrieving a token via /repos/{owner}/{repo}/runners/registration-token, as referenced in ${GITEA_URL}/api/swagger, returns a 404 error.

  2. By examining related API calls, I added /actions to the endpoint. This adjustment does return a token for a runner mapped to a repository, but it differs from the token displayed in the repository's Actions settings in the web UI.

Moreover, using this token allows the registration of a runner. However, it will only process the first job assigned after a restart.

Gitea Version

1.22-rootless

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

https://gist.github.com/floriankessler/b7b3a141b11edd34e8867f423ddd3acb

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

see gist

Database

SQLite

@floriankessler floriankessler changed the title Registration token returned via API for repo level runners is broken Registration token returned via API is broken for repo level runners Jul 27, 2024
@floriankessler floriankessler changed the title Registration token returned via API is broken for repo level runners Runner registration token via API is broken for repo level runners Jul 27, 2024
@Zettat123 Zettat123 added the topic/gitea-actions related to the actions of Gitea label Jul 29, 2024
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Jul 29, 2024
lafriks pushed a commit that referenced this issue Jul 29, 2024
Backport #31722 by @wolfogre

Partially fix #31707. Related to #30656.

Co-authored-by: Jason Song <[email protected]>
lafriks pushed a commit that referenced this issue Jul 29, 2024
Fix #31707.

It's split from #31724.

Although #31724 could also fix #31707, it has change a lot so it's not a
good idea to backport it.
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Jul 29, 2024
Fix go-gitea#31707.

It's split from go-gitea#31724.

Although go-gitea#31724 could also fix go-gitea#31707, it has change a lot so it's not a
good idea to backport it.
wolfogre added a commit that referenced this issue Jul 30, 2024
)

Backport #31725 by @wolfogre

Fix #31707.

It's split from #31724.

Although #31724 could also fix #31707, it has change a lot so it's not a
good idea to backport it.

Co-authored-by: Jason Song <[email protected]>
wolfogre added a commit that referenced this issue Aug 1, 2024
Fix #31707.

Also related to #31715.

Some Actions resources could has different types of ownership. It could
be:

- global: all repos and orgs/users can use it.
- org/user level: only the org/user can use it.
- repo level: only the repo can use it.

There are two ways to distinguish org/user level from repo level:
1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.

The first way seems more reasonable, but it may not be true. The point
is that although a resource, like a runner, belongs to a repo (it can be
used by the repo), the runner doesn't belong to the repo's org (other
repos in the same org cannot use the runner). So, the second method
makes more sense.

And the first way is not user-friendly to query, we must set the repo id
to zero to avoid wrong results.

So, #31715 should be right. And the most simple way to fix #31707 is
just:

```diff
-	shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+	shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
```

However, it is quite intuitive to set both owner id and repo id since
the repo belongs to the owner. So I prefer to be compatible with it. If
we get both owner id and repo id not zero when creating or finding, it's
very clear that the caller want one with repo level, but set owner id
accidentally. So it's OK to accept it but fix the owner id to zero.
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Oct 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
topic/gitea-actions related to the actions of Gitea type/bug
Projects
None yet
2 participants