rayan/go-task
1
0
Fork 0
mirror of https://github.com/go-task/task.git synced 2026-06-29 15:44:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add --trusted-hosts CLI and remote.trusted-hosts config for remote tasks (#2491)

Browse Source 
Co-authored-by: Valentin Maerten <maerten.valentin@gmail.com>
This commit is contained in:
Maciej Lech
2025-12-07 12:17:54 +01:00
committed by GitHub
parent 896d65b21f
commit 72a349b0e9
9 changed files with 316 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
website/src/docs/experiments/remote-taskfiles.md
View File

@@ -214,7 +214,10 @@ remote Taskfiles:
Sometimes you need to run Task in an environment that does not have an
interactive terminal, so you are not able to accept a prompt. In these cases you
are able to tell task to accept these prompts automatically by using the `--yes`
flag. Before enabling this flag, you should:
flag or the `--trust` flag. The `--trust` flag allows you to specify trusted
hosts for remote Taskfiles, while `--yes` applies to all prompts in Task. You
can also configure trusted hosts in your [taskrc configuration](#trusted-hosts) using
`remote.trusted-hosts`. Before enabling automatic trust, you should:
1. Be sure that you trust the source and contents of the remote Taskfile.
2. Consider using a pinned version of the remote Taskfile (e.g. A link
@@ -305,6 +308,9 @@ remote:
offline: false
timeout: "30s"
cache-expiry: "24h"
trusted-hosts:
- github.com
- gitlab.com
```
#### `insecure`
@@ -353,3 +359,38 @@ remote:
remote:
cache-expiry: "6h"
```
#### `trusted-hosts`
- **Type**: `array of strings`
- **Default**: `[]` (empty list)
- **Description**: List of trusted hosts for remote Taskfiles. Hosts in this
list will not prompt for confirmation when downloading Taskfiles
- **CLI equivalent**: `--trusted-hosts`
```yaml
remote:
trusted-hosts:
- github.com
- gitlab.com
- raw.githubusercontent.com
- example.com:8080
```
Hosts in the trusted hosts list will automatically be trusted without prompting for
confirmation when they are first downloaded or when their checksums change. The
host matching includes the port if specified in the URL. Use with caution and
only add hosts you fully trust.
You can also specify trusted hosts via the command line:
```shell
# Trust specific host for this execution
task --trusted-hosts github.com -t https://github.com/user/repo.git//Taskfile.yml
# Trust multiple hosts (comma-separated)
task --trusted-hosts github.com,gitlab.com -t https://github.com/user/repo.git//Taskfile.yml
# Trust a host with a specific port
task --trusted-hosts example.com:8080 -t https://example.com:8080/Taskfile.yml
```