From ae43a09aa8749607e5a82f4f853c312b4d0ae057 Mon Sep 17 00:00:00 2001 From: Excellencedev Date: Fri, 26 Dec 2025 12:49:27 +0100 Subject: [PATCH] ... --- routers/api/packages/api.go | 2 -- tests/integration/actions_job_token_test.go | 6 ++++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go index e154551591..e74857f565 100644 --- a/routers/api/packages/api.go +++ b/routers/api/packages/api.go @@ -4,7 +4,6 @@ package packages import ( - "fmt" "net/http" actions_model "code.gitea.io/gitea/models/actions" @@ -124,7 +123,6 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) { } if task.RepoID != packageRepoID { - fmt.Printf("DEBUG: taskRepoID %d != packageRepoID %d. Checking cross-repo.\n", task.RepoID, packageRepoID) // Cross-repository access - check org policy cfg, err := actions_model.GetOrgActionsConfig(ctx, ctx.Package.Owner.ID) if err != nil { diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go index 839e9067cd..14956e9185 100644 --- a/tests/integration/actions_job_token_test.go +++ b/tests/integration/actions_job_token_test.go @@ -9,6 +9,7 @@ import ( "fmt" "net/http" "net/url" + "testing" actions_model "code.gitea.io/gitea/models/actions" @@ -383,6 +384,11 @@ func TestActionsCrossRepoAccess(t *testing.T) { require.NoError(t, packages_model.SetRepositoryLink(t.Context(), pkg.ID, repoBID)) // By default, cross-repo is disabled + // Explicitly set it to false to ensure test determinism (in case defaults change) + require.NoError(t, actions_model.SetOrgActionsConfig(t.Context(), org.ID, &repo_model.ActionsConfig{ + AllowCrossRepoAccess: false, + })) + // Try to download with cross-repo disabled - should fail downloadReqDenied := NewRequest(t, "GET", packageURL) downloadReqDenied.Header.Set("Authorization", "Bearer "+task.Token)