Gitea-John71/Gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-10 05:20:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e107498f3b6fccff35455ef17430ca68df665297
Gitea/services
History
Giteabot e107498f3b fix(actions)!: require merged PR to bypass fork PR approval gate (#38010) (#38041) 
Backport #38010 by @bircni

`ifNeedApproval` in `services/actions/notifier_helper.go` decided
whether a
fork PR's workflow run had to wait for maintainer approval. The bypass
clause
counted any prior `approved_by > 0` run for `(repo_id,
trigger_user_id)`, so
the very first Approve-and-run click on a contributor's fork PR
permanently
trusted that user for every future fork PR in the same repository —
including
PRs whose only change is the workflow YAML itself.

Approving a workflow *run* is not the same as merging *code*. This
change
aligns the gate with GitHub Actions' first-time-contributor model: trust
is
granted only after the user has had a pull request merged in the repo.

## Behavior change

- **Before**: one approval = permanent trust for that user in that repo.
- **After**: every fork PR is gated until the contributor has at least
one
  merged PR in the repo.

Existing already-approved runs and merged PRs continue to work; only the
trust criterion for *future* fork PRs changes. Maintainers who rely on
the
implicit "approve once" trust will see the approval banner reappear
until
they merge a PR from that contributor.

---------

Signed-off-by: bircni <bircni@icloud.com>
Co-authored-by: bircni <bircni@icloud.com>
2026-06-09 15:53:42 +02:00
..
actions
fix(actions)!: require merged PR to bypass fork PR approval gate (#38010) (#38041)
2026-06-09 15:53:42 +02:00
agit
fix: Invalid UTF-8 commit messages in JSON API responses (#37542) (#37585)
2026-05-07 16:22:09 +00:00
asymkey
Some refactors about GetMergeBase (#36186)
2026-01-17 11:22:09 -08:00
attachment
Fix various problems (#37129)
2026-04-08 01:17:05 +08:00
auth
Fix basic auth bug (#37503)
2026-05-02 10:58:40 +00:00
automerge
Fix issue label deletion with Actions tokens (#37013)
2026-03-29 09:21:14 +00:00
automergequeue
Fix various trivial problems (#35714)
2025-10-21 13:19:29 +08:00
context
fix: Unify public-only token filtering in API queries and repo access checks (#37118) (#37773)
2026-05-19 15:38:51 +00:00
contexttest
Fix issue label deletion with Actions tokens (#37013)
2026-03-29 09:21:14 +00:00
convert
fix(actions): report individual step status in workflow job API response (#37592) (#37598)
2026-05-08 00:14:45 +02:00
cron
Update Go dependencies (#36781)
2026-04-01 11:26:52 +08:00
doctor
fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState (#37692) (#37718)
2026-05-16 07:02:14 +02:00
externalaccount
Refactor OpenIDConnect to support SSH/FullName sync (#34978)
2025-07-10 18:35:59 +00:00
feed
Fix issue label deletion with Actions tokens (#37013)
2026-03-29 09:21:14 +00:00
forms
Fix update branch protection order (#37508) (#37513)
2026-05-02 19:10:50 +00:00
git
Compare dropdown fails when selecting branch with no common merge-base (#37470) (#37472)
2026-05-08 19:08:36 +00:00
gitdiff
Refactor code render and render control chars (#37078)
2026-04-02 21:10:01 -07:00
indexer
Update issue indexer after merging a PR (#30715)
2024-05-08 14:45:15 +00:00
issue
fix: bound CODEOWNERS regex match time (#38011) (#38025)
2026-06-07 16:40:34 +00:00
lfs
fix(security): enforce wiki git writes and LFS token access at request time (#37695) (#37714)
2026-05-16 06:58:28 +00:00
mailer
fix: treat email addresses case-insensitively (#37600) (#37611)
2026-05-08 18:32:25 +00:00
markup
Improve control char rendering and escape button styling (#37094)
2026-04-06 11:07:33 +00:00
migrations
fix: use consistent GetUser family functions (#37553) (#37589)
2026-05-07 15:43:45 +00:00
mirror
Add migration http transport for push/sync mirror lfs (#36665)
2026-02-20 22:19:12 +00:00
notify
Don't send trigger for a pending review's comment create/update/delete (#34928)
2025-07-03 10:35:45 +08:00
oauth2_provider
Update tool dependencies and fix new lint issues (#36702)
2026-02-26 19:13:19 +00:00
org
Fix an issue where changing an organization’s visibility caused problems when users had forked its repositories. (#37324) (#37344)
2026-04-21 19:22:35 +00:00
packages
fix: package creation unique conflict (#37774) (#37776)
2026-05-19 08:58:09 +00:00
projects
Fix org team assignee/reviewer lookups for team member permissions (#37365) (#37391)
2026-04-23 21:15:53 +02:00
pull
fix: Invalid UTF-8 commit messages in JSON API responses (#37542) (#37585)
2026-05-07 16:22:09 +00:00
release
fix(releases): generate notes for initial tag (#37697) (#37986)
2026-06-05 19:13:16 +00:00
repository
fix: add natural sort to sortTreeViewNodes (#37772) (#37777)
2026-05-19 09:53:45 +00:00
secrets
Fix various bugs (#35684)
2025-10-19 00:37:50 +08:00
task
feat(api): encrypt AWS creds (#37679) (#37713)
2026-05-15 15:58:19 +02:00
uinotification
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
user
Fix org contact email not clearable once set (#36975)
2026-03-25 15:23:11 +08:00
versioned_migration
Remove wrong "git.DefaultContext" (#35364)
2025-08-27 16:31:21 +00:00
webhook
Enhance GetActionWorkflow to support fallback references (#37189) (#37283)
2026-04-18 21:13:54 +00:00
webtheme
Merge some standalone Vite entries into index.js (#37085)
2026-04-05 19:13:34 +00:00
wiki
Fix URLJoin, markup render link reoslving, sign-in/up/linkaccount page common data (#36861)
2026-03-08 15:57:37 +00:00