diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index ff32c94ff93e9..4d84efb1d5fa0 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -2490,12 +2490,12 @@ settings.protect_enable_merge = Enable Merge settings.protect_enable_merge_desc = Anyone with write access will be allowed to merge the pull requests into this branch. settings.protect_whitelist_committers = Allowlist Restricted Push settings.protect_whitelist_committers_desc = Only allowlisted users or teams will be allowed to push to this branch (but not force push). -settings.protect_whitelist_deploy_keys = Allowlist deploy keys with write access to push. +settings.protect_whitelist_deploy_keys = Allowlist actions & deploy keys with write access to push. settings.protect_whitelist_users = Allowlisted users for pushing: settings.protect_whitelist_teams = Allowlisted teams for pushing: settings.protect_force_push_allowlist_users = Allowlisted users for force pushing: settings.protect_force_push_allowlist_teams = Allowlisted teams for force pushing: -settings.protect_force_push_allowlist_deploy_keys = Allowlist deploy keys with push access to force push. +settings.protect_force_push_allowlist_deploy_keys = Allowlist actions & deploy keys with push access to force push. settings.protect_merge_whitelist_committers = Enable Merge Allowlist settings.protect_merge_whitelist_committers_desc = Allow only allowlisted users or teams to merge pull requests into this branch. settings.protect_merge_whitelist_users = Allowlisted users for merging: diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go index dd9d0bc15e9b5..dfd2d5d902129 100644 --- a/routers/private/hook_pre_receive.go +++ b/routers/private/hook_pre_receive.go @@ -253,7 +253,7 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r // 5. Check if the doer is allowed to push (and force-push if the incoming push is a force-push) var canPush bool - if ctx.opts.DeployKeyID != 0 { + if ctx.opts.DeployKeyID != 0 || ctx.user.ID == user_model.ActionsUserID { // This flag is only ever true if protectBranch.CanForcePush is true if isForcePush { canPush = !changedProtectedfiles && protectBranch.CanPush && (!protectBranch.EnableForcePushAllowlist || protectBranch.ForcePushAllowlistDeployKeys)