Fix GitHub Action ACL owner repo wildcard

oursky · Nov 2, 2023 · dddba87 · dddba87
1 parent 2c4deda
commit dddba87
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/internal/models/credential_id.go b/internal/models/credential_id.go
@@ -46,9 +46,12 @@ func (c CredentialID) Matches(r *config.ACLSubjectRule) bool {
 	case CredentialIDKindGitHubUser:
 		return r.GitHubUser != "" && r.GitHubUser == data
 	case CredentialIDGitHubRepositoryActions:
-		return r.GitHubRepositoryActions != "" &&
-			(r.GitHubRepositoryActions == data ||
-				r.GitHubRepositoryActions == "*")
+		if r.GitHubRepositoryActions == "*" || r.GitHubRepositoryActions == data {
+			return true
+		}
+
+		repoOwner, _, ok := strings.Cut(data, "/")
+		return ok && r.GitHubRepositoryActions == repoOwner+"/*"
 	case CredentialIDIP:
 		if r.IpRange == "" {
 			return false