Support pull_request_target event (#25229)

Fix #25088 This PR adds the support for [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) workflow trigger. `pull_request_target` is similar to `pull_request`, but the workflow triggered by the `pull_request_target` event runs in the context of the base branch of the pull request rather than the head branch. Since the workflow from the base is considered trusted, it can access the secrets and doesn't need approvals to run.
2023-06-26 14:33:18 +08:00 · 2023-06-26 14:33:18 +08:00 · 48e5a74f21
commit 48e5a74f21
parent e409e14bdf
10 changed files with 286 additions and 63 deletions
--- a/models/actions/run.go
+++ b/models/actions/run.go
@ -36,12 +36,13 @@ type ActionRun struct {
 	TriggerUser       *user_model.User       `xorm:"-"`
 	Ref               string
 	CommitSHA         string
-	IsForkPullRequest bool  // If this is triggered by a PR from a forked repository or an untrusted user, we need to check if it is approved and limit permissions when running the workflow.
-	NeedApproval      bool  // may need approval if it's a fork pull request
-	ApprovedBy        int64 `xorm:"index"` // who approved
-	Event             webhook_module.HookEventType
-	EventPayload      string `xorm:"LONGTEXT"`
-	Status            Status `xorm:"index"`
+	IsForkPullRequest bool                         // If this is triggered by a PR from a forked repository or an untrusted user, we need to check if it is approved and limit permissions when running the workflow.
+	NeedApproval      bool                         // may need approval if it's a fork pull request
+	ApprovedBy        int64                        `xorm:"index"` // who approved
+	Event             webhook_module.HookEventType // the webhook event that causes the workflow to run
+	EventPayload      string                       `xorm:"LONGTEXT"`
+	TriggerEvent      string                       // the trigger event defined in the `on` configuration of the triggered workflow
+	Status            Status                       `xorm:"index"`
 	Started           timeutil.TimeStamp
 	Stopped           timeutil.TimeStamp
 	Created           timeutil.TimeStamp `xorm:"created"`
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@ -503,9 +503,10 @@ var migrations = []Migration{

 	// v260 -> v261
 	NewMigration("Drop custom_labels column of action_runner table", v1_21.DropCustomLabelsColumnOfActionRunner),
-
 	// v261 -> v262
 	NewMigration("Add variable table", v1_21.CreateVariableTable),
+	// v262 -> v263
+	NewMigration("Add TriggerEvent to action_run table", v1_21.AddTriggerEventToActionRun),
 }

 // GetCurrentDBVersion returns the current db version
--- a/models/migrations/v1_21/v262.go
+++ b/models/migrations/v1_21/v262.go
@ -0,0 +1,16 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_21 //nolint
+
+import (
+	"xorm.io/xorm"
+)
+
+func AddTriggerEventToActionRun(x *xorm.Engine) error {
+	type ActionRun struct {
+		TriggerEvent string
+	}
+
+	return x.Sync(new(ActionRun))
+}