mirror of
1
Fork 0
Commit Graph

16881 Commits

Author SHA1 Message Date
Giteabot 6cc170011b
Update docs for DISABLE_QUERY_AUTH_TOKEN (#28485) (#28488)
Backport #28485 by @kdumontnu

As described
[here](https://github.com/go-gitea/gitea/pull/28390#issuecomment-1857553331).

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 2c2e00899d)
2023-12-22 12:05:11 +01:00
Giteabot 1475c1fcc4
Refactor SSH clone URL generation code (#28421) (#28480)
Backport #28421 by wxiaoguang

Refactor the code and add tests, keep the old logic.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6cbb6f303a)
2023-12-22 12:05:11 +01:00
Giteabot 2b991b32eb
Polyfill SubmitEvent for PaleMoon (#28441) (#28478)
Backport #28441 by wxiaoguang

Fix #28319

It only polyfills if there is no "SubmitEvent" class, so it has no side
effect for most users.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6af698fb81)
2023-12-22 12:05:11 +01:00
Giteabot 3c6edfa5e2
Fix Chinese translation of config cheat sheet[API] (#28472) (#28473)
Backport #28472 by @CaiCandong

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 94a05a492d)
2023-12-22 12:05:11 +01:00
Giteabot 066c3f3baa
Fix documents for "custom/public/assets/" (#28465) (#28467)
Backport #28465 by wxiaoguang

Fix #28463

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6de862abdf)
2023-12-22 12:05:11 +01:00
Giteabot 2a82e2d216
Retry SSH key verification with additional CRLF if it failed (#28392) (#28464)
Backport #28392 by @nekrondev

Windows-based shells will add a CRLF when piping the token into
ssh-keygen command resulting in
verification error. This resolves #21527.

Co-authored-by: nekrondev <heiko@noordsee.de>
Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit b47482d58e)
2023-12-22 12:05:11 +01:00
Giteabot a77398cd34
Add endpoint for not implemented Docker auth (#28457) (#28462)
Backport #28457 by @KN4CK3R

Recently Docker started to use the optional `POST /v2/token` endpoint
which should respond with a `404 Not Found` status code instead of the
current `405 Method Not Allowed`.

> Note: Not all token servers implement oauth2. If the request to the
endpoint returns 404 using the HTTP POST method, refer to Token
Documentation for using the HTTP GET method supported by all token
servers.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 74ab798033)
2023-12-22 12:05:11 +01:00
Giteabot 160ef74363
Fix possible nil pointer access (#28428) (#28440)
Backport #28428 by @KN4CK3R

There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 97a0bf151a)
2023-12-22 12:05:11 +01:00
Earl Warren fdf950398b
[SEMVER] 6.0.3+0-gitea-1.21.3 2023-12-22 11:56:45 +01:00
Gusted b0874a0912 [GITEA] Downgrade @github/combobox-nav
- The v2.3.0 update caused to always scroll to the suggestion menu, where
it previously wouldn't work at all or only scroll when it wasn't in the
viewport.
- Ref: https://github.com/github/text-expander-element/issues/50
- Ref: https://github.com/github/combobox-nav/pull/75
- Resolves #1990

(cherry picked from commit 27145be211)
2023-12-21 13:16:29 +00:00
Earl Warren 580f29d9a2
[GITEA] the ref of a scheduled action is always the default branch
Since a scheduled action is only run from the default branch, it
cannot be anything else.

Refs: https://codeberg.org/forgejo/forgejo/issues/1926
(cherry picked from commit eff0822856)
2023-12-21 12:13:49 +01:00
Gusted cbe94214e9 [GITEA] Remove redundant `syncBranchToDB`
- The transaction in combination with Git push was causing deadlocks if
you had the `push_update` queue set to `immediate`. This was the root
cause of slow integration tests in CI.
- Remove the sync branch code as this is already being done in the Git
post-receive hook.
- Add tests to proof the branch models are in sync even with this code
removed.

Backport of https://codeberg.org/forgejo/forgejo/pulls/1962

(cherry picked from commit a064065cb9)
2023-12-21 11:07:41 +00:00
Earl Warren 401c2a3c3d
[CI] upgrade moved to https://code.forgejo.org/forgejo/end-to-end/ 2023-12-19 23:44:34 +01:00
Gusted cd4413bdca Merge pull request 'Revert "[TESTS] oauth2: make it possible to use an alternate http.Client"' (#1986) from earl-warren/forgejo:wip-v1.21-oauth-npe into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1986
Reviewed-by: Loïc Dachary <dachary@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2023-12-19 20:48:50 +00:00
Earl Warren cfaa6dc2ed
Revert "[TESTS] oauth2: make it possible to use an alternate http.Client"
This reverts commit 172fdd0d32.

This code was introduced for a test case that is no longer in use. It
should guard against the provider being null but that's not worth the
effort for deadcode. Just remove it.

Refs: https://codeberg.org/forgejo/forgejo/issues/1984
2023-12-19 16:38:35 +01:00
Gusted 9515a0ea38
[GITEA] Update crypto dependency
- https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg & https://terrapin-attack.com/

(cherry picked from commit b38e83c9ef)
2023-12-19 15:24:20 +01:00
Earl Warren a86fa739dc Merge pull request '[GITEA] Revert "Make `user-content-* ` consistent with github (#26388)"' (#1945) from earl-warren/forgejo:wip-v1.21-markdown-anchors into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1945
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2023-12-13 17:47:29 +00:00
Earl Warren 76d58fa269
[GITEA] test markdown CleanValue to prevent regression
It will determine how anchors are created and will break existing
links otherwise.

Adapted from Revert "Make `user-content-* ` consistent with github (#26388)
2023-12-13 18:12:08 +01:00
Earl Warren dbd896ce42
[GITEA] Revert "Make `user-content-* ` consistent with github (#26388)"
Refs: https://codeberg.org/forgejo/forgejo/issues/1943

This reverts commit d41aee1d1e.

(cherry picked from commit d29ec91e91)
2023-12-13 18:09:56 +01:00
Earl Warren ce3d6b60bd
[SEMVER] 6.0.2+0-gitea-1.21.2 2023-12-12 17:04:38 +01:00
Earl Warren c477780163
Revert "Deprecate query string auth tokens (#28390) (#28430)"
It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.

su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.

This reverts commit 0e3a5abb69.

Conflicts:
	routers/api/v1/api.go
2023-12-12 17:04:38 +01:00
Giteabot bd264e6aed
Don't show unnecessary citation JS error on UI (#28433) (#28437)
Backport #28433 by wxiaoguang

Fix #28226

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 5e2bae7716)
2023-12-12 15:21:33 +01:00
techknowlogick 6b48228500
1.21.2 changelog (#28387)
To be rebuilt with latest golang version

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 96d3fcf179)
2023-12-12 15:21:33 +01:00
Lunny Xiao 3b672c9791
Do some missing checks (#28423) (#28432)
backport #28423

(cherry picked from commit 265f485295)
2023-12-12 15:21:33 +01:00
Giteabot 0e3a5abb69
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit f144521aea)
2023-12-12 15:21:33 +01:00
Giteabot a0300f0bce
Fix links in docs (#28302) (#28418)
Backport #28302 by @yp05327

Close #28287

## How to test it in local
convert Makefile L34 into:
```
cd .tmp/upstream-docs && git clean -f && git reset --hard && git fetch origin pull/28302/head:pr28302 && git switch pr28302
```

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 40d51188c0)
2023-12-12 15:21:33 +01:00
Lunny Xiao 14750f3d11
Also sync DB branches on push if necessary (#28361) (#28403)
Fix #28056
Backport #28361

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.

(cherry picked from commit 87db4a47c8)
2023-12-12 15:21:33 +01:00
Giteabot e4dc14f070
Fix missing check (#28406) (#28411)
Backport #28406 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit cd2dd5a67d)
2023-12-12 15:21:32 +01:00
Earl Warren 69b4fd5fe2
Revert "fix POST /{username}/{reponame}/{type:issues|pulls}/move_pin"
This reverts commit 6483bceee2.
2023-12-12 15:21:32 +01:00
Earl Warren ee1655d5b0
Revert "fix POST /{username}/{reponame}/{type:issues|pulls}/{index}/content-history/soft-delete"
This reverts commit 2a8cb675ca.
2023-12-12 15:21:32 +01:00
Earl Warren d6ae79f78f Merge pull request '[GITEA] GetScheduledMergeByPullID may involve a system user' (#1925) from earl-warren/forgejo:wip-v1.21-actions-register into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1925
2023-12-11 18:39:37 +00:00
Earl Warren 4148fb27db
[GITEA] GetScheduledMergeByPullID may involve a system user
Refs: https://codeberg.org/forgejo/forgejo/issues/1897
(cherry picked from commit ddc3c22558)
2023-12-11 18:43:03 +01:00
Gusted bbdb47dfa1 Merge pull request '[GITEA] Actually recover from a panic in cron task' (#1912) from forgejo-bp-1911 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1912
2023-12-10 20:39:24 +00:00
Gusted 026a4bb02d
[GITEA] Actually recover from a panic in cron task
- Backport #1911
- Currently there's code to recover gracefully from panics that happen
within the execution of cron tasks. However this recover code wasn't
being run, because `RunWithShutdownContext` also contains code to
recover from any panic and then gracefully shutdown Forgejo. Because
`RunWithShutdownContext` registers that code as last, that would get run
first which in this case is not behavior that we want.
- Move the recover code to inside the function, so that is run first
before `RunWithShutdownContext`'s recover code (which is now a noop).
- Resolves #1910

(cherry picked from commit 761e1c83414407b65e331c2eeb4348c47acf0fbb)
2023-12-10 17:20:49 +01:00
Gusted 3981e6fdf3 Merge pull request 'Backport Correct default licenses to work as desired' (#1902) from fnetx/correct-license-defaults into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1902
2023-12-08 18:31:20 +00:00
Otto Richter 5258e8f63d Correct default license selection
The default license choice was not working as expected,
because both the files in options/license were named differently, and
the setting string is not parsed properly.

The documentation will also be corrected.

See conversation on Matrix:
https://matrix.to/#/%23forgejo-chat%3Amatrix.org/%24ue13GJPr2d7D8fEaLx8yh1mFn3a4TVy_khkajrAYtx0?via=matrix.tu-berlin.de&via=turbo.ooo&via=matrix.org&via=catgirl.cloud
2023-12-08 14:38:06 +01:00
Earl Warren 89014eb4fe
[SEMVER] 6.0.1+0-gitea-1.21.2 2023-12-08 13:59:19 +01:00
Giteabot 95a18f778a
Fix Docker meta action for releases (#28232) (#28395)
(cherry picked from commit 3107093394)
2023-12-08 13:41:16 +01:00
Giteabot 31c4a80979
Make gogit Repository.GetBranchNames consistent (#28348) (#28386)
Backport #28348 by @AdamMajer

nogogit GetBranchNames() lists branches sorted in reverse commit date
order. On the other hand the gogit implementation doesn't apply any
ordering resulting in unpredictable behaviour. In my case, the unit
tests requiring particular order fail

    repo_branch_test.go:24:
                Error Trace:
               ./gitea/modules/git/repo_branch_test.go:24
                Error:          elements differ

                                extra elements in list A:
                                ([]interface {}) (len=1) {
                                 (string) (len=6) "master"
                                }

                                extra elements in list B:
                                ([]interface {}) (len=1) {
                                 (string) (len=7) "branch1"
                                }

                                listA:
                                ([]string) (len=2) {
                                 (string) (len=6) "master",
                                 (string) (len=7) "branch2"
                                }

                                listB:
                                ([]string) (len=2) {
                                 (string) (len=7) "branch1",
                                 (string) (len=7) "branch2"
                                }
                Test:           TestRepository_GetBranches

To fix this, we sort branches based on their commit date in gogit
implementation.

Fixes: #28318

Co-authored-by: Adam Majer <amajer@suse.de>
(cherry picked from commit 272ae03341)
2023-12-08 13:41:16 +01:00
Giteabot 91e49c45ec
Fix margin in server signed signature verification view (#28379) (#28381)
Backport #28379 by @lafriks

Before:

![image](https://github.com/go-gitea/gitea/assets/165205/e2e2256d-03c5-4ab8-8ed9-08ef68571a43)

After:

![image](https://github.com/go-gitea/gitea/assets/165205/804132ef-18f9-4ab8-949d-f6c71e7f4d24)

Co-authored-by: Lauris BH <lauris@nix.lv>
(cherry picked from commit b56a9f6ded)
2023-12-08 13:41:16 +01:00
Giteabot 1ce155c5a6
Fix object does not exist error when checking citation file (#28314) (#28369)
Backport #28314 by @yp05327

Fix #28264

`DataAsync()` will be called twice.
Caused by https://github.com/go-gitea/gitea/pull/27958.
I'm sorry, I didn't completely remove all unnecessary codes.

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit c5c44d0951)
2023-12-08 13:41:16 +01:00
Giteabot 52f8fde69f
Fix incorrect default value of `[attachment].MAX_SIZE` (#28373) (#28376)
Backport #28373 by @capvor

In the documents, the `[attachment] MAX_SIZE` default value should be 4.

Reference the source code `modules/setting/attachment.go` line 29.

Co-authored-by: capvor <capvor@sina.com>
(cherry picked from commit 8f2805f757)
2023-12-08 13:41:16 +01:00
Giteabot f484ad6a29
Use `filepath` instead of `path` to create SQLite3 database file (#28374) (#28378)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix #28300

(cherry picked from commit 5eaf91e919)
2023-12-08 13:41:16 +01:00
Giteabot 3a788340f0
Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) (#28365)
Backport #28359 by @lunny

The left menu will only display the default branch's workflows but the
right side will display the runs triggered by all branches' workflows.
So we cannot hide right side if default branch has no workflows.

Fix #28332
Replace #28333

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit b7e3adc66c)
2023-12-08 13:41:16 +01:00
Giteabot 6812c5d634
handle repository.size column being NULL in migration v263 (#28336) (#28363)
Co-authored-by: Nate Levesque <nate@thenaterhood.com>
(cherry picked from commit 5b5f8aab19)
2023-12-08 13:41:16 +01:00
Giteabot 346635605d
Convert git commit summary to valid UTF8. (#28356) (#28358)
Backport #28356 by @darrinsmart

The summary string ends up in the database, and (at least) MySQL &
PostgreSQL require valid UTF8 strings.

Fixes #28178

Co-authored-by: darrinsmart <darrin@djs.to>
Co-authored-by: Darrin Smart <darrin@filmlight.ltd.uk>
(cherry picked from commit fef34790bb)
2023-12-08 13:41:16 +01:00
Giteabot 693c2b4f15
Fix migration panic due to an empty review comment diff (#28334) (#28362)
Backport #28334 by @lng2020

Fix #28328
```
func (p *PullRequestComment) GetDiffHunk() string {
	if p == nil || p.DiffHunk == nil {
		return ""
	}
	return *p.DiffHunk
}
```
This function in the package `go-github` may return an empty diff. When
it's empty, the following code will panic because it access `ss[1]`

ec1feedbf5/services/migrations/gitea_uploader.go (L861-L867)

ec1feedbf5/modules/git/diff.go (L97-L101)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 8b590de186)
2023-12-08 13:41:16 +01:00
Giteabot ce3a24ef5f
Add `HEAD` support for rpm repo files (#28309) (#28360)
Backport #28309 by @KN4CK3R

Fixes https://codeberg.org/forgejo/forgejo/issues/1810

zypper uses HEAD requests to check file existence.

https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549

https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116

@ExplodingDragon fyi

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 5105d2093c)
2023-12-08 13:41:16 +01:00
Giteabot 171b6a294f
Refactor template empty checks (#28351) (#28354)
Backport #28351 by @KN4CK3R

Fix #28347

As there is no info how to reproduce it, I can't test it.
Fix may be `section_split.tmpl @ 126/130`.

Other changes are "empty check" refactorings.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 08445d5d86)
2023-12-08 13:41:16 +01:00
Giteabot b1b0d9a3fe
Fix RPM/Debian signature key creation (#28352) (#28353)
Backport #28352 by @KN4CK3R

Fixes #28324

The name parameter can't contain some characters
(https://github.com/keybase/go-crypto/blob/master/openpgp/keys.go#L680)
but is optional. Therefore just use an empty string.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit b71d4c3ec0)
2023-12-08 13:41:16 +01:00