From 360879ee7289f64d76983ed9b0bf1aa86b0f9aaa Mon Sep 17 00:00:00 2001
From: Tim Biermann <tbier@posteo.de>
Date: Tue, 12 Aug 2025 18:27:03 +0200
Subject: [PATCH 1/2] add EndlessTaskTimeout value to jwt lifetime

---
 services/actions/auth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/actions/auth.go b/services/actions/auth.go
index 12a8fba53f44a..bfe7ee8efa094 100644
--- a/services/actions/auth.go
+++ b/services/actions/auth.go
@@ -53,7 +53,7 @@ func CreateAuthorizationToken(taskID, runID, jobID int64) (string, error) {
 
 	claims := actionsClaims{
 		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
+			ExpiresAt: jwt.NewNumericDate(now.Add(24*time.Hour + setting.Actions.EndlessTaskTimeout)),
 			NotBefore: jwt.NewNumericDate(now),
 		},
 		Scp:    fmt.Sprintf("Actions.Results:%d:%d", runID, jobID),

From 4f5cbfeeb31bee623c2364affc3095f554e6ba99 Mon Sep 17 00:00:00 2001
From: Tim Biermann <tbier@posteo.de>
Date: Wed, 13 Aug 2025 21:39:45 +0200
Subject: [PATCH 2/2] jwt lifetime: reduce base value to 1h

---
 services/actions/auth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/actions/auth.go b/services/actions/auth.go
index bfe7ee8efa094..c742e19c601ee 100644
--- a/services/actions/auth.go
+++ b/services/actions/auth.go
@@ -53,7 +53,7 @@ func CreateAuthorizationToken(taskID, runID, jobID int64) (string, error) {
 
 	claims := actionsClaims{
 		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(now.Add(24*time.Hour + setting.Actions.EndlessTaskTimeout)),
+			ExpiresAt: jwt.NewNumericDate(now.Add(1*time.Hour + setting.Actions.EndlessTaskTimeout)),
 			NotBefore: jwt.NewNumericDate(now),
 		},
 		Scp:    fmt.Sprintf("Actions.Results:%d:%d", runID, jobID),