mirror of
1
Fork 0
Commit Graph

1254 Commits

Author SHA1 Message Date
Lunny Xiao 95e682f104
Cache repository default branch commit status to reduce query on commit status table (#29444)
After repository commit status has been introduced on dashaboard, the
most top SQL comes from `GetLatestCommitStatusForPairs`.

This PR adds a cache for the repository's default branch's latest
combined commit status. When a new commit status updated, the cache will
be marked as invalid.

<img width="998" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/76759de7-3a83-4d54-8571-278f5422aed3">

(cherry picked from commit e308d25f1b2fe24b4735432b05e5e221879a2705)
2024-03-11 23:36:58 +07:00
ChristopherHX b058fb4012
Add ac claim for old docker/build-push-action@v3 / current buildx gha cache (#29584)
Also resolves a warning for current releases

```
| ##[group]GitHub Actions runtime token ACs
| ##[warning]Cannot parse GitHub Actions Runtime Token ACs: "undefined" is not valid JSON
| ##[endgroup]
====>
| ##[group]GitHub Actions runtime token ACs
| ##[endgroup]
```
\* this is an error in v3

References in the docker org:
-
831ca179d3/src/main.ts (L24)
-
7d8b4dc669/src/github.ts (L61)

No known official action of GitHub makes use of this claim.

Current releases throw an error when configure to use actions cache
```
| ERROR: failed to solve: failed to configure gha cache exporter: invalid token without access controls
| ##[error]buildx failed with: ERROR: failed to solve: failed to configure gha cache exporter: invalid token without access controls
```

(cherry picked from commit 368743baf3d904f86b553a88718583906f571c87)
2024-03-11 23:36:58 +07:00
Zettat123 e7afba21ce
Skip email domain check when admins edit user emails (#29609)
Follow #29522

Administrators should be able to set a user's email address even if the
email address is not in `EMAIL_DOMAIN_ALLOWLIST`

(cherry picked from commit 136dd99e86eea9c8bfe61b972a12b395655171e8)
2024-03-11 23:36:58 +07:00
wxiaoguang 9482b023a8
Make "/user/login" page redirect if the current user has signed in (#29583)
Fix #29582 and maybe more.
Maybe fix #29116

(cherry picked from commit df1268ca08aaacae54c775a8eec34006dfe365e0)
2024-03-11 23:36:58 +07:00
Shiny Nematoda 3b2f28ff1c [PORT] Fix wrong line number in code search result (gitea#29260) (#2619)
Port [Fix wrong line number in code search result (gitea#29260)](https://github.com/go-gitea/gitea/pull/29260)

PS: also added [`-e`](https://git-scm.com/docs/git-grep#Documentation/git-grep.txt--e) before passing the keyword (my bad)

Co-authored-by: yp05327 <576951401@qq.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2619
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-03-10 15:35:30 +00:00
oliverpool 7444f9981e implement fix 2024-03-07 10:53:43 +01:00
wxiaoguang de6768ed54
Add an trailing slash to dashboard links (#29555)
Fix #29533, and add some tests for "base/paginate.tmpl"

(cherry picked from commit 8553b4600e3035b6f6ad6907c37cebd013fa4d64)

Conflicts:
	services/contexttest/context_tests.go
	trivial conflict because
	"Improve user experience for outdated comments" was skipped
2024-03-06 12:10:47 +08:00
Earl Warren cfce4e089e
Partial cherry-pick: a4859dcfea Improve user experience for outdated comments (#29050) 2024-03-06 12:10:47 +08:00
yp05327 af19bae813
Fix workflow trigger event IssueChangeXXX bug (#29559)
Bugs from #29308
Follow #29467

partly fix #29558

(cherry picked from commit 9616dbec334aacb32c6d73b01fd749b11b1e3cdb)
2024-03-06 12:10:47 +08:00
6543 318634ef74
Add option to set language in admin user view (#28449)
![image](https://github.com/go-gitea/gitea/assets/24977596/be7e3f92-af3f-4628-b4ed-abf6439687f3)
`/admin/users/<UserID>/edit`

![image](https://github.com/go-gitea/gitea/assets/24977596/906af0dd-cceb-4ed9-9cd9-32c71ae1bf71)
`/admin/users/<UserID>`

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit e3e6569c5fd8c69aa65384e6d1636cc14b23a32b)
2024-03-06 12:10:46 +08:00
wxiaoguang 12441d7c5c
Fix incorrect relative/absolute URL usages (#29531)
Add two "HTMLURL" methods for PackageDescriptor.
And rename "FullWebLink" to "VersionWebLink"

(cherry picked from commit bf6502a8f7a2e9a2b64b43b7733316d863c9a768)
2024-03-06 12:10:46 +08:00
KN4CK3R 47a913d40d
Add support for API blob upload of release attachments (#29507)
Fixes #29502

Our endpoint is not Github compatible.

https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 70c126e6184872a6ac63cae2f327fc745b25d1d7)
2024-03-06 12:10:46 +08:00
6543 e2371743d5
remove util.OptionalBool and related functions (#29513)
and migrate affected code

_last refactoring bits to replace **util.OptionalBool** with
**optional.Option[bool]**_

(cherry picked from commit a3f05d0d98408bb47333b19f505b21afcefa9e7c)

Conflicts:
	services/repository/branch.go
	trivial context conflict
2024-03-06 12:10:46 +08:00
wxiaoguang 221a28436a
Make PR form use toast to show error message (#29545)
![image](https://github.com/go-gitea/gitea/assets/2114189/b7a14ed6-db89-4f21-a590-66cd33307233)

(cherry picked from commit 27deea7330f83ddb37c918afbb4159053d8847cb)
2024-03-06 12:10:46 +08:00
silverwind 85bf170ff0
Fix incorrect diff expander for deletion of last lines in a file (#29501)
Fixes: https://github.com/go-gitea/gitea/issues/29498

I don't quite understand this code, but this change does seem to fix the
issue and I tested a number of diffs with it and saw no issue. The
function gets such value if last line is an addition:

```
  LastLeftIdx: (int) 0,
  LastRightIdx: (int) 47,
  LeftIdx: (int) 47,
  RightIdx: (int) 48,
```

If it's a deletion, it gets:

```
  LastLeftIdx: (int) 47,
  LastRightIdx: (int) 0,
  LeftIdx: (int) 48,
  RightIdx: (int) 47,
```

So I think it's correct to make this check respect both left and right
side.

(cherry picked from commit 3b99066aa866e51e6a610716eaddfd1ea3645a67)
2024-03-06 12:10:45 +08:00
Earl Warren 801792e4dc
Rename Str2html to SanitizeHTML and clarify its behavior (followup) 2024-03-06 12:10:45 +08:00
Zettat123 2b23f4bdee
Fix workflow trigger event bugs (#29467)
1. Fix incorrect `HookEventType` for issue-related events in
`IssueChangeAssignee`
2. Add `case "types"` in the `switch` block in `matchPullRequestEvent`
to avoid warning logs

(cherry picked from commit 1ad4bb9eb7641a552c5b88a43eb91d59ec5c0edf)
2024-03-06 12:10:44 +08:00
Lunny Xiao 46fca90cfc
Move generate from module to service (#29465)
(cherry picked from commit b5188cd55c535a588492fb4e153d646ec4f3232a)
2024-03-06 12:10:44 +08:00
Zettat123 9159842b56
The job should always run when `if` is `always()` (#29464)
Fix #27906

According to GitHub's
[documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds),
a job should always run when its `if` is `always()`

> If you would like a job to run even if a job it is dependent on did
not succeed, use the `always()` conditional expression in
`jobs.<job_id>.if`.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d0fe6ea4e101198911383058a2e121e384934a9c)
2024-03-06 12:10:44 +08:00
6543 7b23949f29
Let ctx.FormOptionalBool() return optional.Option[bool] (#29461)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**

(cherry picked from commit 274c0aea2e88db9bc41690c90e13e8aedf6193d4)
2024-03-06 12:10:43 +08:00
Lunny Xiao 894d9b2836
Move context from modules to services (#29440)
Since `modules/context` has to depend on `models` and many other
packages, it should be moved from `modules/context` to
`services/context` according to design principles. There is no logic
code change on this PR, only move packages.

- Move `code.gitea.io/gitea/modules/context` to
`code.gitea.io/gitea/services/context`
- Move `code.gitea.io/gitea/modules/contexttest` to
`code.gitea.io/gitea/services/contexttest` because of depending on
context
- Move `code.gitea.io/gitea/modules/upload` to
`code.gitea.io/gitea/services/context/upload` because of depending on
context

(cherry picked from commit 29f149bd9f517225a3c9f1ca3fb0a7b5325af696)

Conflicts:
	routers/api/packages/alpine/alpine.go
	routers/api/v1/repo/issue_reaction.go
	routers/install/install.go
	routers/web/admin/config.go
	routers/web/passkey.go
	routers/web/repo/search.go
	routers/web/repo/setting/default_branch.go
	routers/web/user/home.go
	routers/web/user/profile.go
	tests/integration/editor_test.go
	tests/integration/integration_test.go
	tests/integration/mirror_push_test.go
	trivial context conflicts
	also modified all other occurrences in Forgejo specific files
2024-03-06 12:10:43 +08:00
yp05327 76070599f9
Ignore empty repo for CreateRepository in action notifier (#29416)
Fix #29415

(cherry picked from commit 403766cd81697288804fd218d68c458c6aa5b73d)
2024-03-06 12:10:43 +08:00
Earl Warren d311e5c0b0
Include resource state events in Gitlab downloads (followup)
See also: [GITEA] Enable mocked HTTP responses for GitLab migration test

make GITLAB_READ_TOKEN=XXXX GO_TEST_PACKAGES='code.gitea.io/gitea/services/migrations/... -test.v' FLAGS= 'test#TestGitlabDownloadRepo'

to update the captured GitLab HTTP requests used for offline testing.
2024-03-06 12:10:43 +08:00
Sebastian Brückner bc7a247b9e
Include resource state events in Gitlab downloads (#29382)
Some specific events on Gitlab issues and merge requests are stored
separately from comments as "resource state events". With this change,
all relevant resource state events are downloaded during issue and merge
request migration, and converted to comments.

This PR also updates the template used to render comments to add support
for migrated comments of these types.

ref: https://docs.gitlab.com/ee/api/resource_state_events.html
(cherry picked from commit 17f170ee3724d8bdf2ddaad4211b12433f78ff0e)
2024-03-06 12:10:43 +08:00
Lunny Xiao ff8cb299d1
Move migration functions to services layer (#29497) 2024-03-04 07:10:53 +01:00
Gusted 64a0d61aff [BUG] Implement commit mail selection for other Git operations
- Implement the commit mail selection feature for the other supported
Git operations that can be done trough the web UI.
- Adds integration tests (goodluck reviewing this).
- Ref: #1788

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
2024-02-27 22:41:58 +00:00
Jimmy Praet f95fb8cc44 Add attachment support for code review comments (#29220)
Fixes #27960, #24411, #12183

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-27 18:35:43 +00:00
Zettat123 77c56e29de
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit

(cherry picked from commit c42083a33950be6ee9f822c6d0de3c3a79d1f51b)

Conflicts:
	models/repo/repo_list_test.go
	tests/integration/api_nodeinfo_test.go
	tests/integration/api_repo_test.go
	shared fixture counts
2024-02-26 22:30:27 +01:00
Sebastian Brückner f0acc71ba1
Properly migrate target branch change GitLab comment (#29340)
GitLab generates "system notes" whenever an event happens within the
platform. Unlike Gitea, those events are stored and retrieved as text
comments with no semantic details. The only way to tell whether a
comment was generated in this manner is the `system` flag on the note
type.

This PR adds detection for a new specific kind of event: Changing the
target branch of a PR. When detected, it is downloaded using Gitea's
type for this event, and eventually uploaded into Gitea in the expected
format, i.e. with no text content in the comment.

This PR also updates the template used to render comments to add support
for migrated comments of this type.

ref:
11bd6dc826/app/services/system_notes/merge_requests_service.rb (L102)
(cherry picked from commit 6e5966597c2d498d1a8540dad965461d44ff8e57)
2024-02-26 22:30:26 +01:00
Lunny Xiao 6905540088
Use the database object format name but not read from git repoisitory everytime and fix possible migration wrong objectformat when migrating a sha256 repository (#29294)
Now we can get object format name from git command line or from the
database repository table. Assume the column is right, we don't need to
read from git command line every time.

This also fixed a possible bug that the object format is wrong when
migrating a sha256 repository from external.

<img width="658" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/6e9a9dcf-13bf-4267-928b-6bf2c2560423">

(cherry picked from commit b79c30435f439af8243ee281310258cdf141e27b)

Conflicts:
	routers/web/repo/blame.go
	services/agit/agit.go
	context
2024-02-26 22:30:26 +01:00
Şahin Akkaya f097799953
Implement code frequency graph (#29191)
### Overview
This is the implementation of Code Frequency page. This feature was
mentioned on these issues: #18262, #7392.

It adds another tab to Activity page called Code Frequency. Code
Frequency tab shows additions and deletions over time since the
repository existed.

Before:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/2603504f-aee7-4929-a8c4-fb3412a7a0f6">

After:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/58c03721-729f-4536-a663-9f337f240963">

---

#### Features
- See additions deletions over time since repository existed
- Click on "Additions" or "Deletions" legend to show only one type of
contribution
- Use the same cache from Contributors page so that the loading of data
will be fast once it is cached by visiting either one of the pages

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 875f5ea6d83c8371f309df99654ca3556623004c)
2024-02-26 22:30:26 +01:00
Zettat123 826bf12bb4
Fix tarball/zipball download bug (#29342)
Fix #29249

~~Use the `/repos/{owner}/{repo}/archive/{archive}` API to download.~~

Apply #26430 to archive download URLs.

(cherry picked from commit b762a1f1b1f7941a7db2207552d7b441d868cbe9)
2024-02-26 22:30:26 +01:00
6543 8ff858b94b
Start to migrate from `util.OptionalBool` to `optional.Option[bool]` (#29329)
just create transition helper and migrate two structs

(cherry picked from commit 7fbdb60fc1152acc9a040dc04b1b0f5a3475b081)
2024-02-26 22:30:26 +01:00
Zettat123 ff5df5fc97
Improve the `issue_comment` workflow trigger event (#29277)
Fix #29175
Replace #29207

This PR makes some improvements to the `issue_comment` workflow trigger
event.

1. Fix the bug that pull requests cannot trigger `issue_comment`
workflows
2. Previously the `issue_comment` event only supported the `created`
activity type. This PR adds support for the missing `edited` and
`deleted` activity types.
3. Some events (including `issue_comment`, `issues`, etc. ) only trigger
workflows that belong to the workflow file on the default branch. This
PR introduces the `IsDefaultBranchWorkflow` function to check for these
events.

(cherry picked from commit a4fe1cdf38f9a063e44b197ef07e4260f731c919)

Conflicts:
	modules/actions/github.go
	context
2024-02-26 22:30:26 +01:00
Sebastian Brückner 542badbb76
Properly migrate automatic merge GitLab comments (#27873)
GitLab generates "system notes" whenever an event happens within the
platform. Unlike Gitea, those events are stored and retrieved as text
comments with no semantic details. The only way to tell whether a
comment was generated in this manner is the `system` flag on the note
type.

This PR adds detection for two specific kinds of events: Scheduling and
un-scheduling of automatic merges on a PR. When detected, they are
downloaded using Gitea's type for these events, and eventually uploaded
into Gitea in the expected format, i.e. with no text content in the
comment.

This PR also updates the template used to render comments to add support
for migrated comments of these two types.

ref:
11bd6dc826/app/services/system_notes/merge_requests_service.rb (L6-L17)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a70c00b80bcb5de8479e407f1b8f08dcf756019d)
2024-02-26 22:30:26 +01:00
vincent fb137d1e49
Fix content size does not match error when uploading lfs file (#29259)
![image](https://github.com/go-gitea/gitea/assets/38434877/cd726b4d-4771-4547-8aee-ae4e4b56b1d1)
When we update an lfs file by API
`api/v1/repos/{owner}/{repo}/contents/{filepath}`, there will show an
error

```json
{
  "message": "Put \"05904d6c7b16bb9b29587100ab1414\": readfrom tcp [::1]:57300->[::1]:9000: content size does not match",
  "url": "http://localhost:3000/api/swagger"
}
```

The reason of this error is
https://github.com/go-gitea/gitea/blob/main/services/repository/files/update.go,
in this file, the `file.ContentReader` been used twice. So when use
`file.ContentReader` in the second time, the `i` of this Reader has been
updated to the length of the content. it will return 0 and an `io.EOF`
error when we try to read cotent from this Reader.

(cherry picked from commit 35d5e4aea4bb02a0b4c7b38ecb2acf612151e891)
2024-02-26 21:42:14 +01:00
Earl Warren bc2a105cbb Merge pull request '[FEAT] Check if commit is already present in target branch' (#2450) from gusted/forgejo-agit-contain-commit into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2450
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 15:05:33 +00:00
Earl Warren 3471adb14a Merge pull request '[FEAT] Enable ambiguous character detection in configured contexts' (#2427) from gusted/forgejo-ambigious-characters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2427
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-24 12:25:31 +00:00
Gusted f0ed6de89d
[FEAT] Check if commit is already present in target branch
- Check if someone is (accidentally) trying to create a pull request via
AGit with changes already in the target branch and fail if that is the
case.
- Added integration test.
2024-02-23 21:42:15 +01:00
Gusted 5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
FuXiaoHei 7f64e4d2a3
Expire artifacts before deleting them physically (#29241)
https://github.com/go-gitea/gitea/pull/27172#discussion_r1493735466

When cleanup artifacts, it removes storage first. If storage is not
exist (maybe delete manually), it gets error and continue loop. It makes
a dead loop if there are a lot pending but non-existing artifacts.

Now it updates db record at first to avoid keep a lot of pending status
artifacts.
2024-02-23 09:06:14 +01:00
FuXiaoHei c551d3f3ab
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315

![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-23 09:06:14 +01:00
Shiny Nematoda 51fb6f3983 [FEAT] add fallback repo search using git grep 2024-02-20 13:00:34 +00:00
Johan Van de Wauw 5fffab8d9d
Fix c/p error in inline documentation (#29148)
Fix small copy/paste error in inline documentation

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 740c6a226c4df26432641018fbfd9186977d573f)
2024-02-19 22:58:33 +01:00
KN4CK3R 369fe56966
Show commit status for releases (#29149)
Fixes #29082

![grafik](https://github.com/go-gitea/gitea/assets/1666336/bb2ccde1-ee99-459d-9e74-0fb8ea79e8b3)

(cherry picked from commit 7e8ff709401d09467c3eee7c69cd9600d26a97a3)
2024-02-19 22:58:33 +01:00
Markus Amshove b1d66f50fb
Disallow merge when required checked are missing (#29143)
fixes #21892

This PR disallows merging a PR when not all commit status contexts
configured in the branch protection are met.

Previously, the PR was happy to merge when one commit status was
successful and the other contexts weren't reported.

Any feedback is welcome, first time Go :-)
I'm also not sure if the changes in the template break something else

Given the following branch protection:

![branch_protection](https://github.com/go-gitea/gitea/assets/2401875/f871b4e4-138b-435a-b496-f9ad432e3dec)

This was shown before the change:

![before](https://github.com/go-gitea/gitea/assets/2401875/60424ff0-ee09-4fa0-856e-64e6e3fb0612)

With the change, it is now shown as this:

![after](https://github.com/go-gitea/gitea/assets/2401875/4e464142-efb1-4889-8166-eb3be26c8f3d)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a11ccc9fcd61fb25ffb1c37b87a0df4ee9efd84e)
2024-02-19 22:58:33 +01:00
Jason Song e96e1beded
Do not use lower tag names to find releases/tags (#29261)
Fix #26090, see
https://github.com/go-gitea/gitea/issues/26090#issuecomment-1952013206

Since `TagName` stores the original tag name and `LowerTagName` stores
the lower tag name, it doesn't make sense to use lowercase tags as
`TagNames` in `FindReleasesOptions`.

5e72526da4/services/repository/push.go (L396-L397)

While the only other usage looks correct:

5e72526da4/routers/web/repo/repo.go (L416)
(cherry picked from commit 0ea8de2d0729e1e1d0ea9de1e59fbcb673e87fd2)
2024-02-19 22:58:33 +01:00
Lunny Xiao ac3f389e29
Fix missed edit issues event for actions (#29237)
Fix #29213

(cherry picked from commit c2a8aacae5242adbeb7bc1d4002492ae1cae47b2)
2024-02-19 22:58:33 +01:00
yp05327 d93d963c3f
Implement some action notifier functions (#29173)
Fix #29166

Add support for the following activity types of `pull_request`
- assigned
- unassigned
- review_requested
- review_request_removed
- milestoned
- demilestoned

(cherry picked from commit 1a6e1cbada27db1e3327b0d7d331492c95e24759)
2024-02-19 22:58:32 +01:00
wxiaoguang 62d3e5255f
Port "Use general token signing secret"
Port of https://github.com/go-gitea/gitea/pull/29205

Use a clearly defined "signing secret" for token signing.

(cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92)
2024-02-19 20:49:37 +01:00