Commit Graph

1389 Commits

Author SHA1 Message Date
Tim
de2ad2e1b1
Make admins adhere to branch protection rules (#32248)
This introduces a new flag `BlockAdminMergeOverride` on the branch
protection rules that prevents admins/repo owners from bypassing branch
protection rules and merging without approvals or failing status checks.

Fixes #17131

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-10-23 12:39:43 +08:00
Lunny Xiao
a264c46fb0
Add warn log when deleting inactive users (#32318)
Add log for the problem #31480
2024-10-23 09:28:28 +08:00
谈笑风生间
d50ed0abf7
Support requested_reviewers data in comment webhook events (#26178)
Some checks are pending
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
close #25833 

Currently, the information for "requested_reviewers" is only included in
the webhook event for reviews. I would like to suggest adding this
information to the webhook event for "PullRequest comment" as well, as
they both pertain to the "PullRequest" event.

Also, The reviewer information for the Pull Request is not displayed
when it is approved or rejected.
2024-10-16 09:10:05 +00:00
Zettat123
81aec6d621
Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246)
Some checks are pending
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
Fix #32219

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-10-13 20:28:32 +00:00
Zettat123
74664b08a0
Support migrating GitHub/GitLab PR draft status (#32242)
Resolve #32196
2024-10-13 22:58:13 +03:00
Lunny Xiao
9df5ddaf44
Only rename a user when they should receive a different name (#32247)
Some checks failed
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
cron-licenses / cron-licenses (push) Has been cancelled
Fix #31996
2024-10-13 03:13:55 +00:00
wxiaoguang
afa8dd45af
Make git push options accept short name (#32245)
Some checks are pending
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
Just like what most CLI parsers do: `--opt` means `opt=true`

Then users could use `-o force-push` as `-o force-push=true`
2024-10-12 05:42:10 +00:00
Zettat123
0fe5e2b08c
Allow maintainers to view and edit files of private repos when "Allow maintainers to edit" is enabled (#32215)
Fix #31539
2024-10-11 19:08:19 +00:00
wxiaoguang
6029d78ab5
Improve the maintainblity of the reserved username list (#32229)
Some checks are pending
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
2024-10-10 09:04:42 +00:00
wxiaoguang
dd83cfcacc
Refactor CSRF token (#32216) 2024-10-10 03:48:21 +00:00
Lunny Xiao
d6d3c96e65
Fix bug when a token is given public only (#32204)
Some checks are pending
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
2024-10-08 12:51:09 +03:00
Lunny Xiao
a989404e23
Fix javascript error when an anonymous user visiting migration page (#32144)
Some checks are pending
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.

The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-02 04:37:16 +00:00
Lunny Xiao
3a4a1bffbe
Make oauth2 code clear. Move oauth2 provider code to their own packages/files (#32148)
Some checks are pending
release-nightly / nightly-binary (push) Waiting to run
release-nightly / nightly-docker-rootful (push) Waiting to run
release-nightly / nightly-docker-rootless (push) Waiting to run
Fix #30266
Replace #31533
2024-10-02 08:03:19 +08:00
yp05327
70b7df0e5e
Support repo license (#24872)
Close #278
Close #24076

## Solutions:
- Use
[google/licenseclassifier](https://github.com/google/licenseclassifier/)
Test result between
[google/licensecheck](https://github.com/google/licensecheck) and
[go-license-detector](https://github.com/go-enry/go-license-detector):
https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167
Test result between
[google/licensecheck](https://github.com/google/licensecheck) and
[google/licenseclassifier](https://github.com/google/licenseclassifier/):
https://github.com/go-gitea/gitea/pull/24872#issuecomment-1576092178
- Generate License Convert Name List to avoid import license templates
with same contents
Gitea automatically get latest license data from[
spdx/license-list-data](https://github.com/spdx/license-list-data).
But unfortunately, some license templates have same contents. #20915
[click here to see the
list](https://github.com/go-gitea/gitea/pull/24872#issuecomment-1584141684)
So we will generate a list of these license templates with same contents
and create a new file to save the result when using `make
generate-license`. (Need to decide the save path)
- Save License info into a new table `repo_license`
Can easily support searching repo by license in the future.

## Screen shot
Single License:

![image](https://github.com/go-gitea/gitea/assets/18380374/41260bd7-0b4c-4038-8592-508706cffa9f)

Multiple Licenses:

![image](https://github.com/go-gitea/gitea/assets/18380374/34ce2f73-7e18-446b-9b96-ecc4fb61bd70)

Triggers:
- [x] Push commit to default branch
- [x] Create repo
- [x] Mirror repo
- [x] When Default Branch is changed, licenses should be updated

Todo:
- [x] Save Licenses info in to DB when there's a change to license file
in the commit
- [x] DB Migration
- [x] A nominal test?
- [x] Select which library to
use(https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167)
- [x] API Support
- [x] Add repo license table
- ~Select license in settings if there are several licenses(Not
recommended)~
- License board(later, not in this PR)

![image](https://github.com/go-gitea/gitea/assets/18380374/2c3c3bf8-bcc2-4c6d-8ce0-81d1a9733878)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
2024-10-01 15:25:08 -04:00
Zettat123
f4b8f6fc40
Fix the logic of finding the latest pull review commit ID (#32139)
Some checks failed
release-nightly / nightly-binary (push) Has been cancelled
release-nightly / nightly-docker-rootful (push) Has been cancelled
release-nightly / nightly-docker-rootless (push) Has been cancelled
Fix #31423
2024-10-01 01:58:55 +00:00
Lunny Xiao
5a8568459d
Fix bug when deleting a migrated branch (#32075)
After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.
2024-09-24 07:42:08 +00:00
Kemal Zebari
aadbe0488f
Truncate commit message during Discord webhook push events (#31970)
Resolves #31668.
2024-09-24 03:38:08 +00:00
Exploding Dragon
269c630923
Fix: database not update release when using git push --tags --force (#32040)
link: https://codeberg.org/forgejo/forgejo/issues/4274

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-18 20:15:03 +00:00
wxiaoguang
1fede04b83
Refactor CSRF protector (#32057)
Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")
2024-09-18 15:17:25 +08:00
KN4CK3R
55f1fcf0ad
Add missing comment reply handling (#32050)
Fixes #31937

- Add missing comment reply handling
- Use `onGiteaRun` in the test because the fixtures are not present
otherwise (did this behaviour change?)

Compare without whitespaces.
2024-09-17 20:56:26 +00:00
KN4CK3R
f528df944b
Do not escape relative path in RPM primary index (#32038)
Fixes #32021

Do not escape the relative path.
2024-09-16 21:10:33 +00:00
Kemal Zebari
f05d9c98c4
Handle invalid target when creating releases using API (#31841)
A 500 status code was thrown when passing a non-existent target to the
create release API. This snapshot handles this error and instead throws
a 404 status code.

Discovered while working on #31840.
2024-09-12 07:47:31 +00:00
charles-plutohealth
7c6edf1ba0
Fix /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename (#32017)
---
`status == "rename"` should have read `status == "renamed"`. The typo
means that file.PreviousFilename would never be populated, which e.g.
breaks usage of the Github Action at
https://github.com/dorny/paths-filter.
2024-09-12 01:29:27 +08:00
Jason Song
125679f2e1
Support allowed hosts for migrations to work with proxy (#32025) 2024-09-11 05:47:00 +00:00
Zettat123
def1c9670b
Support migration from AWS CodeCommit (#31981)
This PR adds support for migrating repos from [AWS
CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html).

The access key ID and secret access key are required to get repository
information and pull requests. And [HTTPS Git
credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html)
are required to clone the repository.

<img
src="https://github.com/user-attachments/assets/82ecb2d0-8d43-42b0-b5af-f5347a13b9d0"
width="680" />

The AWS CodeCommit icon is from [AWS Architecture
Icons](https://aws.amazon.com/architecture/icons/).

<img
src="https://github.com/user-attachments/assets/3c44d21f-d753-40f5-9eae-5d3589e0d50d"
width="320" />
2024-09-11 07:49:42 +08:00
techknowlogick
d9a7748cdc
bump to go 1.23 (#31855) 2024-09-10 02:23:07 +00:00
techknowlogick
f183783baa
Save initial signup information for users to aid in spam prevention (#31852)
This will allow instance admins to view signup pattern patterns for
public instances. It is modelled after discourse, mastodon, and
MediaWiki's approaches.

Note: This has privacy implications, but as the above-stated open-source
projects take this approach, especially MediaWiki, which I have no doubt
looked into this thoroughly, it is likely okay for us, too. However, I
would be appreciative of any feedback on how this could be improved.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-09-09 17:05:16 -04:00
Wim
01dec7577a
Remove SHA1 for support for ssh rsa signing (#31857)
https://github.com/go-fed/httpsig seems to be unmaintained. 

Switch to github.com/42wim/httpsig which has removed deprecated crypto
and default sha256 signing for ssh rsa.

No impact for those that use ed25519 ssh certificates.

This is a breaking change for:
- gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too
- activitypub using deprecated crypto (is this actually used?)
2024-09-07 18:05:18 -04:00
Lunny Xiao
2da2000413
Use global lock instead of NewExclusivePool to allow distributed lock between multiple Gitea instances (#31813)
Replace #26486 
Fix #19620

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2024-09-06 10:12:41 +00:00
Lunny Xiao
5c05dddbed
Fix nuget/conan/container packages upload bugs (#31967) 2024-09-05 07:05:42 +00:00
yp05327
eba6bfbe15
Fix 500 error when state params is set when editing issue/PR by API (#31880)
A quick fix for #31871
2024-09-02 02:08:27 +08:00
Zettat123
725a3ed9ad
Handle "close" actionable references for manual merges (#31879)
Fix #31743
2024-08-26 01:18:19 +08:00
Lunny Xiao
8b92eba21f
Fix agit automerge (#31207) 2024-08-20 14:17:21 +08:00
Lunny Xiao
4f5c96627b
Fix actions notify bug (#31866)
Try to fix
https://github.com/go-gitea/gitea/issues/31757#issuecomment-2295131062
2024-08-19 16:25:41 +00:00
Edip Emre Bodur
a4dac59643
Fixes for unreachable project issues when transfer repository from organization (#31770)
When transferring repositories that have issues linked to a project
board to another organization, the issues remain associated with the
original project board. This causes the columns in the project board to
become bugged, making it difficult to move other issues in or out of the
affected columns. As a solution, I removed the issue relations since the
other organization does not have this project table.

Fix for #31538

Co-authored-by: Jason Song <i@wolfogre.com>
2024-08-13 02:53:43 +00:00
Fábio Barkoski
e45a4c9829
Move repository visibility to danger zone in the settings area (#31126)
Moved repository visibility to the danger zone in the settings area. To
change the visibility, it is necessary to go to the danger zone, click
on the private/public button, and accept the change in the modal.

Resolves:  #23826

---
## Screenshots

<details>
<summary>Before</summary>
Private repo:

![Private
repo](https://github.com/go-gitea/gitea/assets/65479069/4313492a-4854-48bc-9f47-974e3539d791)

Public repo:

![Public
repo](https://github.com/go-gitea/gitea/assets/65479069/1c45f6e4-ee93-4799-9331-e9d4a7e0f16a)

</details>
<details>
<summary>After</summary>
Make private:

![Screenshot from 2024-05-28
21-35-38](https://github.com/go-gitea/gitea/assets/65479069/4887e28a-0514-4990-aa69-bf3ddc7e6c7d)

Make private modal

![Screenshot from 2024-06-13
23-55-55](https://github.com/go-gitea/gitea/assets/65479069/9f5a7604-069b-41a2-973b-ee2d58e85953)

![Screenshot from 2024-06-13
23-53-09](https://github.com/go-gitea/gitea/assets/65479069/06c22726-eab2-4bce-8df7-62849dcce974)

Make public:

![Screenshot from 2024-05-28
21-34-27](https://github.com/go-gitea/gitea/assets/65479069/6d388f99-0356-48a0-9d85-320cdba55179)

Make public modal

![Screenshot from 2024-06-13
23-53-37](https://github.com/go-gitea/gitea/assets/65479069/8944972e-f2d4-4aea-ba96-b892febb5ced)

</details>

---------

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-08-11 07:50:54 +03:00
Lunny Xiao
791d7fc76a
Add issue comment when moving issues from one column to another of the project (#29311)
Fix #27278
Replace #27816

This PR adds a meta-comment for an issue when dragging an issue from one
column to another of a project.

<img width="600" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/5fc1d954-430e-4db0-aaee-a00006fa91f5">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: yp05327 <576951401@qq.com>
2024-08-09 01:29:02 +00:00
KN4CK3R
3862b31abb
Fix RPM resource leak (#31794)
Fixes a resource leak introduced by #27069.

- add defer
- move sign code out of `repository.go`
2024-08-08 09:43:04 +00:00
Lunny Xiao
df7f1c2ead
Fix protected branch files detection on pre_receive hook (#31778)
Fix #31738

When pushing a new branch, the old commit is zero. Most git commands
cannot recognize the zero commit id. To get the changed files in the
push, we need to get the first diverge commit of this branch. In most
situations, we could check commits one by one until one commit is
contained by another branch. Then we will think that commit is the
diverge point.

And in a pre-receive hook, this will be more difficult because all
commits haven't been merged and they actually stored in a temporary
place by git. So we need to bring some envs to let git know the commit
exist.
2024-08-06 13:32:49 +00:00
Exploding Dragon
de175e3b06
Add signature support for the RPM module (#27069)
close  #27031

If the rpm package does not contain a matching gpg signature, the
installation will fail. See (#27031) , now auto-signing rpm uploads.

This option is turned off by default for compatibility.
2024-08-06 09:03:33 -04:00
Edip Emre Bodur
94cca8846e
Fix null requested_reviewer from API (#31773)
If the assign the pull request review to a team, it did not show the
members of the team in the "requested_reviewers" field, so the field was
null. As a solution, I added the team members to the array.

fix #31764
2024-08-05 10:59:53 +00:00
Jason Song
687c118248
Clear up old Actions logs (#31735)
Part of #24256.

Clear up old action logs to free up storage space.

Users will see a message indicating that the log has been cleared if
they view old tasks.

<img width="1361" alt="image"
src="https://github.com/user-attachments/assets/9f0f3a3a-bc5a-402f-90ca-49282d196c22">

Docs: https://gitea.com/gitea/docs/pulls/40

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-08-02 00:42:08 +00:00
Jason Song
09b56fc069
Distinguish LFS object errors to ignore missing objects during migration (#31702)
Fix #31137.

Replace #31623 #31697.

When migrating LFS objects, if there's any object that failed (like some
objects are losted, which is not really critical), Gitea will stop
migrating LFS immediately but treat the migration as successful.

This PR checks the error according to the [LFS api
doc](https://github.com/git-lfs/git-lfs/blob/main/docs/api/batch.md#successful-responses).

> LFS object error codes should match HTTP status codes where possible:
> 
> - 404 - The object does not exist on the server.
> - 409 - The specified hash algorithm disagrees with the server's
acceptable options.
> - 410 - The object was removed by the owner.
> - 422 - Validation error.

If the error is `404`, it's safe to ignore it and continue migration.
Otherwise, stop the migration and mark it as failed to ensure data
integrity of LFS objects.

And maybe we should also ignore others errors (maybe `410`? I'm not sure
what's the difference between "does not exist" and "removed by the
owner".), we can add it later when some users report that they have
failed to migrate LFS because of an error which should be ignored.
2024-07-31 10:29:48 +00:00
Jason Song
f989f46438
Move registerActionsCleanup to initActionsTasks (#31721)
There's already `initActionsTasks`; it will avoid additional check for
if Actions enabled to move `registerActionsCleanup` into it.

And we don't really need `OlderThanConfig`.
2024-07-30 10:27:28 +08:00
yp05327
e0a408e6f3
Add permission check when creating PR (#31033)
user should be a collaborator of the base repo to create a PR
2024-07-29 02:21:22 +00:00
Zettat123
4b376a0ed9
Support pull_request_target event for commit status (#31703)
Fix [act_runner #573](https://gitea.com/gitea/act_runner/issues/573)

Before:

![image](https://github.com/user-attachments/assets/3944bf7f-7a60-4801-bcb3-5e158a180fda)

After:

![image](https://github.com/user-attachments/assets/cadac944-40bd-4537-a9d9-e702b8bc1ece)
2024-07-26 18:00:07 +08:00
Denys Konovalov
a8d0c879c3
add skip secondary authorization option for public oauth2 clients (#31454) 2024-07-19 14:28:30 -04:00
Zettat123
e9aa39bda4
Fix a branch divergence cache bug (#31659)
Fix #31599

A branch divergence is counted based on the default branch. If the
default branch is updated, all divergence caches of the repo need to be
deleted.
2024-07-19 17:52:49 +02:00
Rowan Bohde
416c36f303
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-16 20:33:16 +02:00
6543
0f53324182
Add option to change mail from user display name (#31528)
Make it posible to let mails show e.g.:

`Max Musternam (via gitea.kithara.com) <gitea@kithara.com>`

Docs: https://gitea.com/gitea/docs/pulls/23

---
*Sponsored by Kithara Software GmbH*
2024-07-14 23:27:00 +02:00