From 1a9ab86a15868e9db0f179bef35c2f3518ebb91d Mon Sep 17 00:00:00 2001 From: Naxdy Date: Sat, 12 Jul 2025 11:17:40 +0200 Subject: [PATCH] Also consider actions user when evaluating push privileges on protected branch --- routers/private/hook_pre_receive.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go index dd9d0bc15e..dfd2d5d902 100644 --- a/routers/private/hook_pre_receive.go +++ b/routers/private/hook_pre_receive.go @@ -253,7 +253,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r // 5. Check if the doer is allowed to push (and force-push if the incoming push is a force-push) var canPush bool - if ctx.opts.DeployKeyID != 0 { + if ctx.opts.DeployKeyID != 0 || ctx.user.ID == user_model.ActionsUserID { // This flag is only ever true if protectBranch.CanForcePush is true if isForcePush { canPush = !changedProtectedfiles && protectBranch.CanPush && (!protectBranch.EnableForcePushAllowlist || protectBranch.ForcePushAllowlistDeployKeys)