Commit Graph

16115 Commits

Author SHA1 Message Date
wxiaoguang
52fb936773
Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
Replace #25892

Close  #21942
Close  #25464

Major changes:

1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files

```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-21 12:14:20 +00:00
HesterG
2f0e79e639
Use frontend fetch for branch dropdown component (#25719)
- Send request to get branch/tag list, use loading icon when waiting for
response.
- Only fetch when the first time branch/tag list shows.
- For backend, removed assignment to `ctx.Data["Branches"]` and
`ctx.Data["Tags"]` from `context/repo.go` and passed these data wherever
needed.
- Changed some `v-if` to `v-show` and used native `svg` as mentioned in
https://github.com/go-gitea/gitea/pull/25719#issuecomment-1631712757 to
improve perfomance when there are a lot of branches.
- Places Used the dropdown component:

     Repo Home Page
    
<img width="1429" alt="Screen Shot 2023-07-06 at 12 17 51"
src="https://github.com/go-gitea/gitea/assets/17645053/6accc7b6-8d37-4e88-ae1a-bd2b3b927ea0">

    Commits Page

<img width="1431" alt="Screen Shot 2023-07-06 at 12 18 34"
src="https://github.com/go-gitea/gitea/assets/17645053/2d0bf306-d1e2-45a8-a784-bc424879f537">

    Specific commit -> operations -> cherry-pick
    
<img width="758" alt="Screen Shot 2023-07-06 at 12 23 28"
src="https://github.com/go-gitea/gitea/assets/17645053/1e557948-3881-4e45-a625-8ef36d45ae2d">

    Release Page
    
<img width="1433" alt="Screen Shot 2023-07-06 at 12 25 05"
src="https://github.com/go-gitea/gitea/assets/17645053/3ec82af1-15a4-4162-a50b-04a9502161bb">

- Demo


https://github.com/go-gitea/gitea/assets/17645053/d45d266b-3eb0-465a-82f9-57f78dc5f9f3

- Note:

UI of dropdown menu could be improved in another PR as it should apply
to more dropdown menus.

Fix #14180

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-21 11:20:04 +00:00
Yarden Shoham
dbbae67f44
Remove commit status running and warning from the dashboard repo list (#26036)
Also added comments so the next time the dashboard repo list won't be
forgotten

Follows #25839

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2023-07-21 10:32:25 +00:00
wxiaoguang
d0dbe52e76
Refactor to use urfave/cli/v2 (#25959)
Replace #10912

And there are many new tests to cover the CLI behavior

There were some concerns about the "option order in hook scripts"
(https://github.com/go-gitea/gitea/pull/10912#issuecomment-1137543314),
it's not a problem now. Because the hook script uses `/gitea hook
--config=/app.ini pre-receive` format. The "config" is a global option,
it can appear anywhere.

----

## ⚠️ BREAKING ⚠️

This PR does it best to avoid breaking anything. The major changes are:

* `gitea` itself won't accept web's options: `--install-port` / `--pid`
/ `--port` / `--quiet` / `--verbose` .... They are `web` sub-command's
options.
    * Use `./gitea web --pid ....` instead
* `./gitea` can still run the `web` sub-command as shorthand, with
default options
* The sub-command's options must follow the sub-command
* Before: `./gitea --sub-opt subcmd` might equal to `./gitea subcmd
--sub-opt` (well, might not ...)
    * After: only `./gitea subcmd --sub-opt` could be used
    * The global options like `--config` are not affected
2023-07-21 17:28:19 +08:00
caicandong
840830b655
Remove commit status running and warning to align GitHub (#25839)
Fix #25776. Close #25826.

In the discussion of #25776, @wolfogre's suggestion was to remove the
commit status of `running` and `warning` to keep it consistent with
github.

references:
-
https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#about-commit-statuses


## ⚠️ BREAKING ⚠️

So the commit status of Gitea will be consistent with GitHub, only
`pending`, `success`, `error` and `failure`, while `warning` and
`running` are not supported anymore.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2023-07-21 16:24:36 +08:00
yp05327
d57e55cd47
Fix escape problems in the branch selector (#25875)
Fix #25865
2023-07-21 06:18:40 +00:00
Pavel
e89adec2a5
Update README.md to fix the broken link of Hugo (#26008)
Fix gohugo installiation link
2023-07-21 04:47:47 +00:00
Lunny Xiao
037c9895a7
Support copy protected branch from template repository (#25889)
Fix #14303
2023-07-21 12:32:47 +08:00
silverwind
2b6f224336
Update JS dependencies (#26025)
- Update all JS dependencies
- Tweak eslint config, disable SequenceExpression aka. [Comma
operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Comma_operator),
remove deprecated rule
- Add new stylelint rule
- Tested Monaco and Swagger
2023-07-21 11:34:10 +08:00
silverwind
d021c88d29
Reduce margins on admin pages (#26026)
Reduce margins around admin boxes and reduce sidebar size from 275px to
240px. This is the same 16px margin we use on issue pages.

Before and After:
<img width="1270" alt="Screenshot 2023-07-21 at 00 28 11"
src="https://github.com/go-gitea/gitea/assets/115237/f9b0dcb0-8f7e-49b4-b130-54bf31c142fd">
<img width="1271" alt="Screenshot 2023-07-21 at 00 30 51"
src="https://github.com/go-gitea/gitea/assets/115237/ddd75d59-9ab9-4061-8989-852e89727560">
2023-07-21 03:11:42 +00:00
FuXiaoHei
f3d293d2bb
Actions Artifacts support uploading multiple files and directories (#24874)
current actions artifacts implementation only support single file
artifact. To support multiple files uploading, it needs:

- save each file to each db record with same run-id, same artifact-name
and proper artifact-path
- need change artifact uploading url without artifact-id, multiple files
creates multiple artifact-ids
- support `path` in download-artifact action. artifact should download
to `{path}/{artifact-path}`.
- in repo action view, it provides zip download link in artifacts list
in summary page, no matter this artifact contains single or multiple
files.
2023-07-21 10:42:01 +08:00
GiteaBot
3acaaa29dd [skip ci] Updated translations via Crowdin 2023-07-21 00:26:46 +00:00
wxiaoguang
9b25bfa8f4
Remove redundant "RouteMethods" method (#26024)
The `RouteMethods` is mainly an alias for `Methods` with different
argument order.

Remove it to keep the "route.go" code clear
2023-07-21 00:43:49 +02:00
puni9869
d12ba978a7
Adding remaining enum for migration repo model type. (#26021) 2023-07-20 12:28:38 -05:00
Dominik Heidler
2e128dd1fc
RPM Registry: Show zypper commands for SUSE based distros as well (#25981)
After RPM is supported with https://github.com/go-gitea/gitea/pull/23380
let's show the user
how to add the repo and install the RPM via all common package managers.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-20 17:37:31 +02:00
wxiaoguang
af22f33a93
Fix the route for pull-request's authors (#26016)
Close #25906

![image](https://github.com/go-gitea/gitea/assets/2114189/e689f3e1-9a90-46c0-89f4-2d61394d34d3)


Succeeded logs:

```
[I] router: completed GET /root/test/issues/posters?&q=%20&_=1689853025011 for [::1]:59271, 200 OK in 127.7ms @ repo/issue.go:3505(repo.IssuePosters)


[I] router: completed GET /root/test/pulls/posters?&q=%20&_=1689853968204 for [::1]:59269, 200 OK in 94.3ms @ repo/issue.go:3509(repo.PullPosters)
```
2023-07-20 12:41:28 +00:00
harryzcy
ec227d6682
Remove nfnt/resize and oliamb/cutter (#25999)
The package `github.com/nfnt/resize` is deprecated and archived by the
author. `github.com/oliamb/cutter` is not maintained since 2018. We
could use `golang.org/x/image/draw` instead.
2023-07-20 19:52:42 +08:00
John Olheiser
0ef2919bb6
Correctly refer to dev tags as nightly in the docker docs (#26004)
As title, `dev` tags are no longer used since we switched to `nightly`

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-07-20 17:26:02 +08:00
wxiaoguang
28ecac8024
Fix env config parsing for "GITEA____APP_NAME" (#26001)
Regression of #24832 

Fix the bug and add a test for it

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-20 09:16:29 +00:00
jeremiepozzigithub
d7a8d09da0
Add file status for API "Get a single commit from a repository" (#16205) (#25831)
#16205 To obtain a closer behavior to the api from github, the status
(added, modified, removed) of a file should be available in addition to
the filename.
See github doc :

https://docs.github.com/fr/rest/commits/commits?apiVersion=2022-11-28#get-a-commit
2023-07-20 16:35:47 +08:00
Noah Snelson
df55f9b189
Add a link to OpenID Issuer URL in WebFinger response (#26000)
This change adds an entry to the `links` field of the
`/.well-known/webfinger` response. The new entry points to the `appURL`
as an OpenID issuer. This is consistent with the output of
`/.well-known/openid-configuration`, which also uses the value of
`appURL`.

This change is required for Tailscale SSO to work, as it uses the OpenID
Issuer URL when querying the Tailscale user email during signup/login
([docs](https://tailscale.com/kb/1240/sso-custom-oidc/#webfinger-setup)).
2023-07-20 16:02:45 +08:00
Lunny Xiao
01c04607c7
Fix bug when pushing to a pull request which enabled dismiss approval automatically (#25882)
Fix #25858 

The option `dissmiss stale approvals` was listed on protected branch but
never implemented. This PR fixes that.

<img width="1006" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/60bfa968-4db7-4c24-b8be-2e5978f91bb9">


<img width="1021" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/8dabc14d-2dfe-40c2-94ed-24fcbf6e0e8f">
2023-07-20 15:18:52 +08:00
GiteaBot
cf467119ff [skip ci] Updated translations via Crowdin 2023-07-20 00:27:21 +00:00
silverwind
36010243f7
Fix commit status color on dashboard repolist (#25993)
Followup to https://github.com/go-gitea/gitea/pull/25935 which has
missed to change the icon on the repolist because the logic is not
shared with templates.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-20 01:04:41 +02:00
Earl Warren
e20f8f0977
Improve profile readme rendering (#25988)
- Tell the renderer to use the `document` mode, so it's consistent with
other renderers.
- Use the same padding as `.file-view.markup`, so it's consistent with
other containers that contain markup rendering.
- Resolves https://codeberg.org/forgejo/forgejo/issues/833

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-07-19 22:22:32 +00:00
Earl Warren
8833853dd6
avoid hard-coding height in language dropdown menu (#25986)
This commit removes the hard-coded height of 500px, using that as a
max-height instead. The height of items in the dropdown menu, assuming a
default font size of 16px, is 36px, so the old CSS would cause overly
large dropdown menus in instances where less than 14 languages are
offered.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1000

Co-authored-by: rome-user <rome-user@noreply.codeberg.org>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-19 23:30:57 +02:00
Earl Warren
ad4c09b59f
parseScope with owner/repo always sets owner to zero (#25987)
Refs: https://codeberg.org/forgejo/forgejo/pulls/1001
2023-07-19 21:21:51 +08:00
harryzcy
0f9f6567bb
Bump github.com/golang-jwt/jwt to v5 (#25975)
Bumping `github.com/golang-jwt/jwt` from v4 to v5.

`github.com/golang-jwt/jwt` v5 is bringing some breaking changes:

- standard `Valid()` method on claims is removed. It's replaced by
`ClaimsValidator` interface implementing `Validator()` method instead,
which is called after standard validation. Gitea doesn't seem to be
using this logic.
- `jwt.Token` has a field `Valid`, so it's checked in `ParseToken`
function in `services/auth/source/oauth2/token.go`

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-19 09:57:10 +00:00
wxiaoguang
50e14699d3
Update path related documents (#25417)
Update WorkPath/WORK_PATH related documents, remove out-dated
information.

Remove "StaticRootPath" on the admin config display page, because few
end user really need it, it only causes misconfiguration.


![image](https://github.com/go-gitea/gitea/assets/2114189/8095afa4-da76-436b-9e89-2a92c229c01d)

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-19 11:22:57 +02:00
silverwind
06df92b5af
Update djlint, enable H026 and T027 (#25980)
New rules enabled as the bugs I reported were fixed:

- H026 | Empty id and class tags can be removed.
- T027 | Unclosed string found in template syntax.

Refs:

https://github.com/Riverside-Healthcare/djLint/issues/711
https://github.com/Riverside-Healthcare/djLint/issues/712
2023-07-19 10:35:25 +02:00
GiteaBot
c7455e9f23 [skip ci] Updated translations via Crowdin 2023-07-19 00:46:27 +00:00
Jason Song
6f1f3e6c08
Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled (#25947)
Since OAuth2 will callback the root URL, if the user starts signing in
from a wrong host, Gitea will return 500 because it cannot find the
session.

<details>
<summary>How to reproduce</summary>

<img width="901" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2c2e255c-e13e-4a11-9be7-b226bee54920">

<img width="1014" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/b31cfcf6-a320-483d-9ce5-ba8562f065e1">

</details>


So show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is
enabled.

<img width="1015" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99e80b17-c790-49a3-bbf2-2bd9396a7daa">
2023-07-18 22:14:30 +00:00
wxiaoguang
236c645bf1
Refactor "Content" for file uploading (#25851)
Before: the concept "Content string" is used everywhere. It has some
problems:

1. Sometimes it means "base64 encoded content", sometimes it means "raw
binary content"
2. It doesn't work with large files, eg: uploading a 1G LFS file would
make Gitea process OOM

This PR does the refactoring: use "ContentReader" / "ContentBase64"
instead of "Content"

This PR is not breaking because the key in API JSON is still "content":
`` ContentBase64 string `json:"content"` ``
2023-07-18 18:14:47 +00:00
wxiaoguang
265a28802a
Fix SSPI auth panic (#25955)
Try to fix #25952

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-18 17:32:49 +00:00
silverwind
dcb607d3cf
Make pending commit status yellow again (#25935)
With the introduction of Actions, the pending commit icon has changed
from yellow to grey for Drone integrations which never set the "running"
status, so it stays in "pending" until completion.

I find it better to have this icon colored like on 1.19. Now both the
"pending" and "running" icons look the same, but I guess we could add an
animation to the "running" state similar to GitHub has to it later.

Before:
<img width="339" alt="Screenshot 2023-07-17 at 19 14 19"
src="https://github.com/go-gitea/gitea/assets/115237/2f4886e4-74fd-42ea-b59e-9af8f141bf1f">

After:
<img width="335" alt="Screenshot 2023-07-17 at 19 14 30"
src="https://github.com/go-gitea/gitea/assets/115237/53189642-e72d-47f6-9cbe-f14eda28f730">

Also, it matches GH's icon:

<img width="466" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/5804ff90-d223-4a3c-8093-7a9abbaacf87">

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 16:59:02 +00:00
wxiaoguang
faa28b5a44
Move public asset files to the proper directory (#25907)
Move `public/*` to `public/assets/*`

Some old PRs (like #15219) introduced inconsistent directory system.

For example: why the local directory "public" is accessed by
`http://site/assets`? How to serve the ".well-known" files properly in
the public directory?

For convention rules, the "public" directory is widely used for the
website's root directory. It shouldn't be an exception for Gitea.

So, this PR makes the things consistent:

* `http://site/assets/foo` means `{CustomPath}/public/assets/foo`.
* `{CustomPath}/public/.well-known` and `{CustomPath}/public/robots.txt`
can be used in the future.

This PR is also a prerequisite for a clear solution for:
* #21942
* #25892 
* discourse.gitea.io: [.well-known path serving custom files behind
proxy?](https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445/1)

This PR is breaking for users who have custom "public" files (CSS/JS).
After getting approvals, I will update the documents.

----

## ⚠️ BREAKING ⚠️

If you have files in your "custom/public/" folder, please move them to
"custom/public/assets/".

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-18 18:06:43 +02:00
KN4CK3R
8af96f585f
Disallow dangerous url schemes (#25960)
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 15:18:37 +00:00
wxiaoguang
cc73e84fa3
Avoid creating directories when loading config (#25944)
The "creating dir/file during load config" is a longstanding and complex
problem.

This PR only does a quick patch, it still needs more refactorings in the
future.

Fix #25938
2023-07-18 07:32:36 -05:00
GiteaBot
24b49bcf66 [skip ci] Updated translations via Crowdin 2023-07-18 00:43:46 +00:00
silverwind
8bb0a03eaa
Import sortablejs only once (#25936)
Previously, `sortablejs` was imported twice, once synchronously and once
asynchronously, leading to webpack creating duplicate output code (once
in the index bundle, and once in a separate chunk). Fix this by always
asynchronously importing it. This was one of the build warnings observed
when trying to build with vite.
2023-07-17 18:06:37 +00:00
wxiaoguang
d0a9456c4f
Make environment-to-ini work with INSTALL_LOCK=true (#25926)
Regression of #25648, fix #25924

Test:

```bash
rm -f /tmp/example.ini /tmp/out.ini && \
echo "[security]" > /tmp/example.ini && \
echo "INSTALL_LOCK = true" >> /tmp/example.ini && \
GITEA__foo__bar=1 go run contrib/environment-to-ini/environment-to-ini.go --config=/tmp/example.ini --out=/tmp/out.ini && \
echo "==== example:" && \
cat /tmp/example.ini && \
echo "==== out:" && \
cat /tmp/out.ini
```

Output:

```
2023/07/17 17:40:51 ...nvironment-to-ini.go:99:runEnvironmentToIni() [I] Settings saved to: "/tmp/out.ini"
==== example:
[security]
INSTALL_LOCK = true
==== out:
[security]
INSTALL_LOCK = true

[foo]
bar = 1

```
2023-07-17 17:56:06 +00:00
Jason Song
29e959fd00
Ignore runs-on with expressions when warning no matched runners (#25917)
Fix #25905

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-17 18:19:53 +02:00
wxiaoguang
ff9a7afe99
Skip unuseful error message in dev mode when watching local filesystem (#25919)
Before, in dev mode, there might be some error logs like:

```
2023/07/17 13:54:51 ...s/assetfs/layered.go:221:WatchLocalChanges() [E] Unable to watch directory .: lstat /data/work/gitea/custom/templates: no such file or directory

```

Because there is no "custom/templates" directory.

After: ignore such error, no such error message anymore.
2023-07-17 09:47:55 +00:00
KN4CK3R
81a8120bc3
Add shutting down notice (#25920)
Got the same problem as #25915 when updating an instance. The
`log.Fatal` should have been marked as breaking in #23911.

This PR adds a notice that the system is shutting down because of the
deprecated setting.
2023-07-17 10:58:47 +02:00
techknowlogick
d9763d605d
Downgrading Snap to build with node/18 instead of node/20 2023-07-16 22:28:52 -04:00
puni9869
8fc4774e5a
Fix margin on the new/edit project page. (#25885)
New/Edit Project page consistent layout. Fix margin on the new/edit
page.

Before: 
<img width="1381" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/303e128c-0bd0-4289-a395-ff077e33b1c8">
<img width="1392" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/d11f7a42-ddf4-4c0a-a1b1-b8cefca9dfa1">

After
<img width="1390" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/8ae1a979-9050-4d68-8f5d-9dfaa620c0e8">
<img width="1391" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/24a62711-dc0a-4425-bf84-7c1896b9a005">

Co-authored-by: silverwind <me@silverwind.io>
2023-07-16 14:53:54 +00:00
delvh
dc3f50aadf
Add 1.20.0 changelog (#25901)
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-07-16 15:28:21 +03:00
yp05327
3add4ca216
Fix incorrect milestone count when provide a keyword (#25880)
You can confirm this issue in:
https://try.gitea.io/yp05327/testrepo/milestones?state=open&q=a
There's no milestone, but the count is 1.

![image](https://github.com/go-gitea/gitea/assets/18380374/25e58cee-aeeb-43c1-8ec8-6e2ec6bf1284)
2023-07-16 03:43:51 +00:00
yp05327
ec35af470c
Avoid opening/closing PRs which are already merged (#25883)
We can select PRs to open/close them by one click, but we forgot to
check whether it is merged.
You can get an opening merged PR:

![image](https://github.com/go-gitea/gitea/assets/18380374/22c2e747-4bb9-4742-a9aa-ef39d5308bc5)

You can confirm this in:
https://try.gitea.io/yp05327/testrepo/pulls/5
2023-07-15 22:10:49 +00:00
sebastian-sauer
d473de0c2d
Make add line comment buttons focusable (#25894)
Use a real button and add an aria-label.
Additionally, show the button whenever it is focused.
See https://codeberg.org/forgejo/forgejo/issues/998 for explanation.

Our handling of this button is now equal to that of GitHub.
Nothing has changed visually.
2023-07-15 11:45:34 +02:00