Giteabot e9648f367e fix(actions)!: require merged PR to bypass fork PR approval gate (#38010) (#38041)
Backport #38010 by @bircni

`ifNeedApproval` in `services/actions/notifier_helper.go` decided
whether a
fork PR's workflow run had to wait for maintainer approval. The bypass
clause
counted any prior `approved_by > 0` run for `(repo_id,
trigger_user_id)`, so
the very first Approve-and-run click on a contributor's fork PR
permanently
trusted that user for every future fork PR in the same repository —
including
PRs whose only change is the workflow YAML itself.

Approving a workflow *run* is not the same as merging *code*. This
change
aligns the gate with GitHub Actions' first-time-contributor model: trust
is
granted only after the user has had a pull request merged in the repo.

## Behavior change

- **Before**: one approval = permanent trust for that user in that repo.
- **After**: every fork PR is gated until the contributor has at least
one
  merged PR in the repo.

Existing already-approved runs and merged PRs continue to work; only the
trust criterion for *future* fork PRs changes. Maintainers who rely on
the
implicit "approve once" trust will see the approval banner reappear
until
they merge a PR from that contributor.

---------

Signed-off-by: bircni <bircni@icloud.com>
Co-authored-by: bircni <bircni@icloud.com>
2026-06-28 02:17:26 -05:00
2026-04-08 01:17:05 +08:00
2026-06-14 15:00:16 -05:00
2024-07-23 12:07:41 +00:00
2025-06-16 12:03:51 +00:00
2025-09-04 01:17:14 +00:00
2026-04-26 11:46:48 +02:00
2026-03-22 08:18:42 -07:00
2026-01-16 11:00:16 +00:00
2026-04-14 23:24:44 +08:00
2026-04-15 17:26:26 +00:00
2026-05-04 19:27:47 +00:00

MokoGitea

Custom Gitea fork with enhanced wiki system, DLID licensing, issue statuses, org metadata, CI standardization, and project board API.

Language License


Key Features

  • Wiki System -- wikilinks, categories, backlinks, template transclusion, revision diffs, rename redirects, folder ACL, enhanced ToC, print view, ZIP export (details)
  • DLID Licensing -- license management, entitlements, domain activations, ed25519-signed downloads
  • API Token Scope Editing -- edit token scopes via API (PATCH) or web UI after creation
  • Issue Statuses -- custom workflow statuses per org with required baseline protection
  • Org Metadata -- per-repo metadata API (public GET, admin PUT), platform detection for versioning
  • Project Board API -- REST endpoints for project columns and cards
  • CI Infrastructure -- reusable workflows, centralized ci-issue-reporter, standardized MOKOGITEA_TOKEN naming
  • Dev Deploy Gate -- builds deploy to dev environment first, production checks dev health

Documentation

Contributing

See the org wiki for development guidelines, coding standards, and contribution instructions.

License

This project is licensed under the GNU General Public License v3.0 or later -- see the LICENSE file.


Moko Consulting

S
Description
MokoGitea — custom Gitea fork with .mokogitea manifests, custom fields, org priorities, folder-based wikis, and Joomla update server generation
https://mokoconsulting.tech/support/mokogitea Readme MIT
1,017 MiB
2026-06-21 00:21:51 +00:00
Languages
Go 78.5%
Handlebars 12.5%
TypeScript 4.2%
CSS 1.9%
JavaScript 1.5%
Other 1.3%