Drop reqToken from /actions read endpoints to match sibling reads (ListActionRuns/GetActionArtifact/etc), use actions.FormatLog in api-actions-job-logs integration test, revert modules/actions/log.go to zero diff vs forgejo (timeFormat stays unexported)

modules/actions/log.go

@@ -26,7 +26,7 @@ const (
 	MaxLineSize = 64 * 1024
 	DBFSPrefix  = "actions_log/"
 
-	TimeFormat     = "2006-01-02T15:04:05.0000000Z07:00"
+	timeFormat     = "2006-01-02T15:04:05.0000000Z07:00"
 	defaultBufSize = MaxLineSize
 )
 
@@ -102,7 +102,7 @@ func ReadLogs(ctx context.Context, inStorage bool, filename string, offset, limi
 	}
 
 	scanner := bufio.NewScanner(f)
-	maxLineSize := len(TimeFormat) + MaxLineSize + 1
+	maxLineSize := len(timeFormat) + MaxLineSize + 1
 	scanner.Buffer(make([]byte, maxLineSize), maxLineSize)
 
 	var rows []*runnerv1.LogRow
@@ -225,7 +225,7 @@ func FormatLog(timestamp time.Time, content string) string {
 	if len(content) > MaxLineSize {
 		content = content[:MaxLineSize]
 	}
-	return fmt.Sprintf("%s %s", timestamp.UTC().Format(TimeFormat), content)
+	return fmt.Sprintf("%s %s", timestamp.UTC().Format(timeFormat), content)
 }
 
 func ParseLog(in string) (time.Time, string, error) {
@@ -233,7 +233,7 @@ func ParseLog(in string) (time.Time, string, error) {
 	if index < 0 {
 		return time.Time{}, "", fmt.Errorf("invalid log: %q", in)
 	}
-	timestamp, err := time.Parse(TimeFormat, in[:index])
+	timestamp, err := time.Parse(timeFormat, in[:index])
 	if err != nil {
 		return time.Time{}, "", err
 	}

routers/api/v1/api.go

@@ -1252,14 +1252,14 @@ func Routes() *web.Route {
 						m.Get("/{artifact_id}/zip", repo.DownloadActionArtifact)
 					})
 					m.Group("/jobs", func() {
-						m.Get("/{job_id}/logs", reqToken(), repo.GetActionJobLogs)
+						m.Get("/{job_id}/logs", repo.GetActionJobLogs)
 					})
 					m.Group("/runs", func() {
 						m.Get("", repo.ListActionRuns)
 						m.Get("/{run_id}", repo.GetActionRun)
 						m.Delete("/{run_id}", reqToken(), reqAdmin(unit.TypeActions), repo.DeleteActionRun)
 						m.Get("/{run_id}/jobs", repo.ListActionRunJobs)
-						m.Get("/{run_id}/logs", reqToken(), repo.GetActionRunLogs)
+						m.Get("/{run_id}/logs", repo.GetActionRunLogs)
 						m.Get("/{run_id}/artifacts", repo.ListActionRunArtifacts)
 					})
 

tests/integration/api_actions_job_logs_test.go

@@ -103,12 +103,7 @@ jobs:
 			lines := strings.Split(strings.TrimSpace(resp.Body.String()), "\n")
 			require.Len(t, lines, len(outcome.logRows))
 			for i, lr := range outcome.logRows {
-				assert.Equal(t,
-					fmt.Sprintf("%s %s",
-						lr.Time.AsTime().UTC().Format(actions.TimeFormat),
-						lr.Content),
-					lines[i],
-				)
+				assert.Equal(t, actions.FormatLog(lr.Time.AsTime(), lr.Content), lines[i])
 			}
 		})
 
@@ -130,14 +125,6 @@ jobs:
 			MakeRequest(t, req, http.StatusNotFound)
 		})
 
-		t.Run("no token: 401", func(t *testing.T) {
-			req := NewRequestf(t, "GET",
-				"/api/v1/repos/%s/actions/jobs/%d/logs",
-				repoA.FullName(), jobID,
-			)
-			MakeRequest(t, req, http.StatusUnauthorized)
-		})
-
 		t.Run("wrong scope: 403 without read:repository", func(t *testing.T) {
 			// Token with only user scope, no repository access.
 			weakToken := getTokenForLoggedInUser(t, session,

tests/integration/api_actions_run_logs_test.go

@@ -191,14 +191,6 @@ jobs:
 			MakeRequest(t, req, http.StatusNotFound)
 		})
 
-		t.Run("no token: 401", func(t *testing.T) {
-			req := NewRequestf(t, "GET",
-				"/api/v1/repos/%s/actions/runs/%d/logs",
-				repoA.FullName(), runID,
-			)
-			MakeRequest(t, req, http.StatusUnauthorized)
-		})
-
 		t.Run("wrong scope: 403 without read:repository", func(t *testing.T) {
 			// Token with only user scope, no repository access.
 			weakToken := getTokenForLoggedInUser(t, session,