Commit Graph

1094 Commits

Author SHA1 Message Date
wxiaoguang
511298e452
Use general token signing secret (#29205) (#29325)
Backport #29205 (including #29172)

Use a clearly defined "signing secret" for token signing.
2024-02-22 17:07:41 +00:00
Lunny Xiao
7ea2ffaf16
Fix SSPI user creation (#28948) (#29323)
Fixes #28945
Backport #28948

Setting the avatar is wrong and creating a random password is equal to
leave it empty.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-22 17:42:14 +01:00
Giteabot
fdb0d03083
Improve the issue_comment workflow trigger event (#29277) (#29322)
Backport #29277 by @Zettat123

Fix #29175
Replace #29207

This PR makes some improvements to the `issue_comment` workflow trigger
event.

1. Fix the bug that pull requests cannot trigger `issue_comment`
workflows
2. Previously the `issue_comment` event only supported the `created`
activity type. This PR adds support for the missing `edited` and
`deleted` activity types.
3. Some events (including `issue_comment`, `issues`, etc. ) only trigger
workflows that belong to the workflow file on the default branch. This
PR introduces the `IsDefaultBranchWorkflow` function to check for these
events.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-02-22 17:19:48 +01:00
yp05327
0870e0bc9b
Implement some action notifier functions (#29173) (#29308)
Backport #29173

Fix #29166

Add support for the following activity types of `pull_request`
- assigned
- unassigned
- review_requested
- review_request_removed
- milestoned
- demilestoned
2024-02-22 03:55:03 +00:00
wxiaoguang
c4a86b20a4
Fix missing link on outgoing new release notifications (#29079) (#29300)
Backport #29079

Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Co-authored-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-21 19:01:48 +00:00
wxiaoguang
f634982d23
Fix debian InRelease Acquire-By-Hash newline (#29204) (#29299)
Backport #29204

Co-authored-by: Robin Schoonover <robin@cornhooves.org>
2024-02-21 19:40:16 +01:00
Lunny Xiao
2762921e73
Fix missed edit issues event for actions (#29237) (#29251)
Fix #29213
Backport #29237
2024-02-20 11:13:05 +08:00
Markus Amshove
78f41e4fc4
Disallow merge when required checked are missing (#29143) (#29268)
backport #29143

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-19 20:48:17 +00:00
Lunny Xiao
e2eac7574f
Fix bug when the linked account was disactived and list the linked accounts (#29263)
The bug has been fixed on v1.22 but not backport to v1.21.
This original PR have many refactors so I don't think it's necessary to
backport all of them.

Fix #28667
2024-02-19 15:23:47 +00:00
Jason Song
f79530c50e
Do not use lower tag names to find releases/tags (#29261) (#29262)
Backport #29261.

Fix #26090, see
https://github.com/go-gitea/gitea/issues/26090#issuecomment-1952013206

Since `TagName` stores the original tag name and `LowerTagName` stores
the lower tag name, it doesn't make sense to use lowercase tags as
`TagNames` in `FindReleasesOptions`.

5e72526da4/services/repository/push.go (L396-L397)

While the only other usage looks correct:

5e72526da4/routers/web/repo/repo.go (L416)
2024-02-19 10:09:36 +00:00
Zettat123
7e0299b4fd
Only delete scheduled workflows when needed (#29091) (#29235)
Backport #29091 

Fix #29040

`handleSchedules` should be called only if `DetectWorkflows` should
detect schedule workflows
2024-02-18 14:31:05 +08:00
wxiaoguang
dd8bc1d61d
Refactor issue template parsing and fix API endpoint (#29069) (#29140)
Backport #29069

The old code `GetTemplatesFromDefaultBranch(...) ([]*api.IssueTemplate,
map[string]error)` doesn't really follow Golang's habits, then the
second returned value might be misused. For example, the API function
`GetIssueTemplates` incorrectly checked the second returned value and
always responds 500 error.

This PR refactors GetTemplatesFromDefaultBranch to
ParseTemplatesFromDefaultBranch and clarifies its behavior, and fixes
the API endpoint bug, and adds some tests.

And by the way, add proper prefix `X-` for the header generated in
`checkDeprecatedAuthMethods`, because non-standard HTTP headers should
have `X-` prefix, and it is also consistent with the new code in
`GetIssueTemplates`
2024-02-14 01:32:31 +00:00
Giteabot
8def405047
Avoid sending update/delete release notice when it is draft (#29008) (#29025)
Backport #29008 by @yp05327

Fix #27157

Co-authored-by: yp05327 <576951401@qq.com>
2024-02-02 09:37:37 +00:00
Giteabot
c398c25b18
Fix an actions schedule bug (#28942) (#28999)
Backport #28942 by @Zettat123

In #28691, schedule plans will be deleted when a repo's actions unit is
disabled. But when the unit is enabled, the schedule plans won't be
created again.

This PR fixes the bug. The schedule plans will be created again when the
actions unit is re-enabled

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-31 15:52:31 +00:00
Giteabot
55c53080d1
Implement MigrateRepository for the actions notifier (#28920) (#28923)
Backport #28920 by @Zettat123

Fixes #28699

This PR implements the `MigrateRepository` method for `actionsNotifier`
to detect the schedules from the workflow files in the migrated
repository.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-01-25 12:27:11 +00:00
Giteabot
cebf55f6b1
Only migrate the first 255 chars of a Github issue title (#28902) (#28912)
Backport #28902 by @JakobDev

Fixes #28846

Co-authored-by: JakobDev <jakobdev@gmx.de>
2024-01-24 19:56:54 +08:00
Giteabot
fd1edb9d9d
Fix DeleteCollaboration transaction behaviour (#28886) (#28889)
Backport #28886 by @KN4CK3R

The method can't be called with an outer transaction because if the user
is not a collaborator the outer transaction will be rolled back even if
the inner transaction uses the no-error path.

`has == 0` leads to `return nil` which cancels the transaction. A
standalone call of this method does nothing but if used with an outer
transaction, that will be canceled.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-01-22 09:10:45 +01:00
Giteabot
633996db8e
Fix schedule not trigger bug because matching full ref name with short ref name (#28874) (#28888)
Backport #28874 by @lunny

Fix #28533

Caused by #28691

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-22 13:33:14 +08:00
Mihir Joshi
62f2d717b7
Fix reverting a merge commit failing (#28794) (#28825)
Backport https://github.com/go-gitea/gitea/pull/28794

Fixes #22236

---
Error occurring currently while trying to revert commit using read-tree
-m approach:
> 2022/12/26 16:04:43 ...rvices/pull/patch.go:240:AttemptThreeWayMerge()
[E] [63a9c61a] Unable to run read-tree -m! Error: exit status 128 -
fatal: this operation must be run in a work tree
> 	 - fatal: this operation must be run in a work tree

We need to clone a non-bare repository for `git read-tree -m` to work.


bb371aee6e
adds support to create a non-bare cloned temporary upload repository.

After cloning a non-bare temporary upload repository, we [set default
index](https://github.com/go-gitea/gitea/blob/main/services/repository/files/cherry_pick.go#L37)
(`git read-tree HEAD`).
This operation ends up resetting the git index file (see investigation
details below), due to which, we need to call `git update-index
--refresh` afterward.

Here's the diff of the index file before and after we execute
SetDefaultIndex: https://www.diffchecker.com/hyOP3eJy/

Notice the **ctime**, **mtime** are set to 0 after SetDefaultIndex.

You can reproduce the same behavior using these steps:
```bash
$ git clone https://try.gitea.io/me-heer/test.git -s -b main
$ cd test
$ git read-tree HEAD
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
error: Entry '1' not uptodate. Cannot merge.
```

After which, we can fix like this:
```bash
$ git update-index --refresh
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
```
2024-01-21 14:18:37 +00:00
KN4CK3R
022552d5b6
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R


![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>
2024-01-16 02:13:29 +00:00
Giteabot
376fa0d8c4
Forbid removing the last admin user (#28337) (#28793)
Backport #28337 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-16 01:51:46 +00:00
Lunny Xiao
6e29242ebb
Fix schedule tasks bugs (#28691) (#28780)
Fix #28157
Backport #28691 

This PR fix the possible bugs about actions schedule.

- Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to
service layer
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when actions unit has been disabled
or global disabled.
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when default branch changed.
2024-01-14 23:54:22 +01:00
Giteabot
95901a99c0
Fix convert.ToTeams on empty input (#28426) (#28767)
Backport #28426 by @KN4CK3R

Fixes #28420

Don't return `nil` if the input was empty.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-01-12 07:12:18 +00:00
Giteabot
bce27d0a31
Concatenate error in checkIfPRContentChanged (#28731) (#28737)
Backport #28731 by @earl-warren

- If there's a error with the Git command in `checkIfPRContentChanged`
the stderr wasn't concatendated to the error, which results in still not
knowing why an error happend.
- Adds concatenation for stderr to the returned error.
- Ref: https://codeberg.org/forgejo/forgejo/issues/2077

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2024-01-09 14:06:12 +00:00
Giteabot
3e1bd61000
Fix alpine package files are not rebuilt (#28638) (#28665)
Backport #28638 by @lng2020

I noticed the `BuildAllRepositoryFiles` function under the Alpine folder
is unused and I thought it was a bug.
But I'm not sure about this. Was it on purpose?

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
2023-12-31 06:18:26 +00:00
Giteabot
683b95f0da
fix empty ref for cron workflow runs (#28640) (#28647)
Backport #28640 by @denyskon

Fix #27678 
Please see
https://github.com/go-gitea/gitea/issues/27678#issuecomment-1871445853
for details.

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
2023-12-29 09:08:16 +00:00
Lunny Xiao
ff565a787f
Remove unnecessary syncbranchToDB with tests (#28624) (#28629)
Replace #28625

Backport #28624 by lunny

#28361 introduced `syncBranchToDB` in `CreateNewBranchFromCommit`. This
PR will revert the change because it's unnecessary. Every push will
already be checked by `syncBranchToDB`.
This PR also created a test to ensure it's right.
2023-12-29 08:47:02 +00:00
Giteabot
bf983735fd
Use known issue IID to generate new PR index number when migrating from GitLab (#28616) (#28618)
Backport #28616 by wxiaoguang

Fix #13884

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-27 09:59:29 +08:00
wxiaoguang
a3f403f438
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149
2023-12-18 12:20:37 +08:00
Giteabot
97a0bf151a
Fix possible nil pointer access (#28428) (#28440)
Backport #28428 by @KN4CK3R

There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-12 23:35:32 +08:00
Giteabot
f144521aea
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 13:45:00 +08:00
Giteabot
6f4d5c0b8c
Recover from panic in cron task (#28409) (#28425)
Backport #28409 by @earl-warren

- Currently there's code to recover gracefully from panics that happen
within the execution of cron tasks. However this recover code wasn't
being run, because `RunWithShutdownContext` also contains code to
recover from any panic and then gracefully shutdown Forgejo. Because
`RunWithShutdownContext` registers that code as last, that would get run
first which in this case is not behavior that we want.
- Move the recover code to inside the function, so that is run first
before `RunWithShutdownContext`'s recover code (which is now a noop).

Fixes: https://codeberg.org/forgejo/forgejo/issues/1910

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-12 03:28:56 +00:00
Lunny Xiao
87db4a47c8
Also sync DB branches on push if necessary (#28361) (#28403)
Fix #28056
Backport #28361 

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
2023-12-11 06:16:56 +00:00
Giteabot
8b590de186
Fix migration panic due to an empty review comment diff (#28334) (#28362)
Backport #28334 by @lng2020

Fix #28328 
```
func (p *PullRequestComment) GetDiffHunk() string {
	if p == nil || p.DiffHunk == nil {
		return ""
	}
	return *p.DiffHunk
}
```
This function in the package `go-github` may return an empty diff. When
it's empty, the following code will panic because it access `ss[1]`

ec1feedbf5/services/migrations/gitea_uploader.go (L861-L867)

ec1feedbf5/modules/git/diff.go (L97-L101)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
2023-12-05 16:58:15 +08:00
Giteabot
b71d4c3ec0
Fix RPM/Debian signature key creation (#28352) (#28353)
Backport #28352 by @KN4CK3R

Fixes #28324

The name parameter can't contain some characters
(https://github.com/keybase/go-crypto/blob/master/openpgp/keys.go#L680)
but is optional. Therefore just use an empty string.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-05 13:42:41 +08:00
Giteabot
8c8c24f8eb
Fix missing issue search index update when changing status (#28325) (#28330)
Backport #28325 by @brechtvl

Changing an issue status, assignee, labels or milestone without also
adding a comment would not update the index, resulting in wrong search
results.

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
2023-12-03 11:43:17 +00:00
Giteabot
24e03a125d
Fix required error for token name (#28267) (#28284)
Backport #28267 by @earl-warren

- Say to the binding middleware which locale should be used for the
required error.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1683

(cherry picked from commit 5a2d7966127b5639332038e9925d858ab54fc360)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-29 23:00:32 +08:00
Lunny Xiao
bc3d8bff73
Fix comment permissions (#28213) (#28216)
backport #28213

This PR will fix some missed checks for private repositories' data on
web routes and API routes.
2023-11-25 23:43:23 +00:00
Giteabot
1f82be6604
Fix Matrix and MSTeams nil dereference (#28089) (#28105)
Backport #28089 by @KN4CK3R

Fixes #28088 
Fixes #28094

Added missing tests.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-11-17 13:50:45 +00:00
Giteabot
a8e505a44b
Unify two factor check (#27915) (#27929)
Backport #27915 by @KN4CK3R

Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-11-06 18:07:22 +00:00
Giteabot
28e3d0b0d3
Remove action runners on user deletion (#27902) (#27908)
Backport #27902 by @earl-warren

- On user deletion, delete action runners that the user has created.
- Add a database consistency check to remove action runners that have
nonexistent belonging owner.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1720

(cherry picked from commit 009ca7223dab054f7f760b7ccae69e745eebfabb)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-05 13:20:00 +00:00
Giteabot
8d0a4d7e9d
Fix DownloadFunc when migrating releases (#27887) (#27890)
Backport #27887 by @Zettat123

We should not use `asset.ID` in DownloadFunc because DownloadFunc is a
closure.

1bf5527eac/services/migrations/gitea_downloader.go (L284-L295)

A similar bug when migrating from GitHub has been fixed in #14703. This
PR fixes the bug when migrating from Gitea and GitLab.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-11-03 08:29:30 +00:00
6543
6637bbf510
Delete repos of org when purge delete user (#27273) (#27728)
Fixes https://codeberg.org/forgejo/forgejo/issues/1514

Backports #27273

---------

Co-authored-by: JakobDev <jakobdev@gmx.de>
2023-11-01 10:03:12 +08:00
wxiaoguang
6ac2ade97d
Clean up template locale usage (#27856) (#27857)
Backport #27856

The only conflict is `ThemeName` in `500.tmpl`, it has been resolved
manually by keeping using old
`{{.SignedUser.Theme}}{{else}}{{DefaultTheme}}`
2023-10-31 17:35:55 +01:00
Giteabot
18a782f73d
Fix package webhook (#27839) (#27855)
Backport #27839 by @lunny

Fix #23742

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-31 11:26:28 +01:00
Giteabot
25acbfed36
Close all hashed buffers (#27787) (#27790)
Backport #27787 by @KN4CK3R

Add missing `.Close()` calls. The current code does not delete the
temporary files if the data grows over 32mb.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-25 22:24:25 +02:00
Giteabot
77bd3acb65
Do not force creation of _cargo-index repo on publish (#27266) (#27765)
Backport #27266 by @merlleu

Hello there,
Cargo Index over HTTP is now prefered over git for package updates: we
should not force users who do not need the GIT repo to have the repo
created/updated on each publish (it can still be created in the packages
settings).

The current behavior when publishing is to check if the repo exist and
create it on the fly if not, then update it's content.
Cargo HTTP Index does not rely on the repo itself so this will be
useless for everyone not using the git protocol for cargo registry.

This PR only disable the creation on the fly of the repo when publishing
a crate.

This is linked to #26844 (error 500 when trying to publish a crate if
user is missing write access to the repo) because it's now optional.

Co-authored-by: merlleu <r.langdorph@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-24 15:40:02 +08:00
wxiaoguang
c279f8aab7
Fix incorrect ctx usage in defer function (#27740) (#27741) 2023-10-22 14:36:49 +00:00
6543
aabcf2d7ad
Add doctor dbconsistency fix to delete repos with no owner (#27290) (#27693)
Backport #27290
2023-10-22 02:21:41 +02:00
Giteabot
9b14f1a8ed
Always delete existing scheduled action tasks (#27662) (#27688)
Backport #27662 by @KN4CK3R

Fixes #27650

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-19 09:37:20 +02:00