Commit Graph

18191 Commits

Author SHA1 Message Date
Giteabot
ae37f31df6
use rebuilt mssql-2017 image (#32109) (#32114)
Backport #32109 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
2024-09-23 21:23:04 +00:00
Giteabot
1f8cbbab3d
Fix rename branch permission bug (#32066) (#32108)
Backport #32066 by @lunny

The previous implementation requires admin permission to rename branches
which should be write permission.

Fix #31993

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-22 19:43:13 +00:00
Giteabot
af0cab23ea
Fix wrong last modify time (#32102) (#32104)
Backport #32102 by @lunny

Fix #31930 and more places which use `http.TimeFormat` wrongly.
`http.TimeFormat` requires a UTC time. refer to
https://pkg.go.dev/net/http#TimeFormat

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-22 19:12:57 +00:00
Giteabot
73066e3f97
Add bin to Composer Metadata (#32099) (#32106)
Backport #32099 by @maantje

This PR addresses the missing `bin` field in Composer metadata, which
currently causes vendor-provided binaries to not be symlinked to
`vendor/bin` during installation.

In the current implementation, running `composer install` does not
publish the binaries, leading to issues where expected binaries are not
available.

By properly declaring the `bin` field, this PR ensures that binaries are
correctly symlinked upon installation, as described in the [Composer
documentation](https://getcomposer.org/doc/articles/vendor-binaries.md).

Co-authored-by: Jamie Schouten <j4mie@hey.com>
2024-09-22 18:42:02 +00:00
Giteabot
919b82461a
Fix incorrect /tokens api (#32085) (#32092)
Backport #32085 by @KN4CK3R

Fixes #32078

- Add missing scopes output.
- Disallow empty scope.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-09-22 18:02:09 +00:00
Lunny Xiao
69ba37e9fd
Fix mssql ci with a new mssql version on ci (#32094)
backport from https://github.com/go-gitea/gitea/pull/32060
2024-09-23 01:32:26 +08:00
Giteabot
ea9e09abe5
Fix: database not update release when using git push --tags --force (#32040) (#32074)
Backport #32040 by @ExplodingDragon

link: https://codeberg.org/forgejo/forgejo/issues/4274

Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
2024-09-19 07:57:28 +08:00
wxiaoguang
2891edbbcb
Refactor CSRF protector (#32057) (#32069)
#32057 improves the CSRF handling and is worth to backport
2024-09-18 17:02:45 +00:00
Giteabot
8dbe83d205
Add missing comment reply handling (#32050) (#32065)
Backport #32050 by @KN4CK3R

Fixes #31937

- Add missing comment reply handling
- Use `onGiteaRun` in the test because the fixtures are not present
otherwise (did this behaviour change?)

Compare without whitespaces.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-09-18 09:23:28 +00:00
Giteabot
2831ae369e
Lazy load avatar images (#32051) (#32063)
Backport #32051 by @hiifong

Before:

https://github.com/user-attachments/assets/7b1681ba-4781-432a-ae20-c07e94c1dbb6

After:

https://github.com/user-attachments/assets/5154e160-e22c-460e-b0d9-28768486c178

Co-authored-by: hiifong <i@hiif.ong>
2024-09-18 16:52:44 +08:00
Giteabot
e6395e1e81
Handle invalid target when creating releases using API (#31841) (#32043)
Backport #31841 by @kemzeb

A 500 status code was thrown when passing a non-existent target to the
create release API. This snapshot handles this error and instead throws
a 404 status code.

Discovered while working on #31840.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-09-17 02:23:40 +00:00
Giteabot
8a39a4812f
Do not escape relative path in RPM primary index (#32038) (#32054)
Backport #32038 by @KN4CK3R

Fixes #32021

Do not escape the relative path.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-09-17 08:19:35 +08:00
Giteabot
3d7d0c36e7
Check if the due_date is nil when editing issues (#32035) (#32042)
Backport #32035 by @Zettat123

Fix #32030

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-09-15 01:31:34 +08:00
Lunny Xiao
30d989d411
Fix container parallel upload bugs (#32022)
This PR should be replaced by #31860 in v1.23. The aim of creating this
PR is to fix it in 1.22 because globallock hasn't been introduced.

Fix #27640
Fix #29563
Fix #31215
2024-09-12 03:11:03 +00:00
Giteabot
b3af359cc6
Fix /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename (#32017) (#32028)
Backport #32017 by @charles-plutohealth

---
`status == "rename"` should have read `status == "renamed"`. The typo
means that file.PreviousFilename would never be populated, which e.g.
breaks usage of the Github Action at
https://github.com/dorny/paths-filter.

Co-authored-by: charles-plutohealth <143208583+charles-plutohealth@users.noreply.github.com>
2024-09-12 08:58:43 +09:00
Giteabot
0629c08a6d
Support allowed hosts for migrations to work with proxy (#32025) (#32026)
Backport #32025 by @wolfogre

Fix #32024. Follow #27655.

After this PR, all usage of "new dial context" needs to provide a proxy,
so I dropped the old `NewDialContext` and renamed
`NewDialContextWithProxy` to `NewDialContext`.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-09-11 14:54:19 +08:00
Giteabot
54d828f8ec
Increase cacheContextLifetime to reduce false reports (#32011) (#32023)
Backport #32011 by @wolfogre

Replace #32001.

To prevent the context cache from being misused for long-term work
(which would result in using invalid cache without awareness), the
context cache is designed to exist for a maximum of 10 seconds. This
leads to many false reports, especially in the case of slow SQL.

This PR increases it to 5 minutes to reduce false reports.

5 minutes is not a very safe value, as a lot of changes may have
occurred within that time frame. However, as far as I know, there has
not been a case of misuse of context cache discovered so far, so I think
5 minutes should be OK.

Please note that after this PR, if warning logs are found again, it
should get attention, at that time it can be almost 100% certain that it
is a misuse.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-09-11 11:14:40 +08:00
Lunny Xiao
6d4dfcd187
Upgrade cache to v0.2.1 (#32003) (#32009)
Fix #31757
Backport #32003
2024-09-07 21:44:28 +00:00
Giteabot
f7f4256c82
Use forum.gitea.com instead of old URL (#31989) (#31992)
Backport #31989 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-07 03:47:23 +08:00
Lunny Xiao
5e36e9f5a7
Add changelog for 1.22.2 (#31935) 2024-09-06 00:16:54 +08:00
Giteabot
b39aa8528b
Fix nuget/conan/container packages upload bugs (#31967) (#31982)
Backport #31967 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-05 07:34:41 +00:00
Lunny Xiao
244fb11c6b
Replace v-html with v-text in search inputbox (#31966) (#31973) (#31975)
Backport #31966, #31973
Cherry-pick 30da734f37,
74b1c589c6
Replace #31972

---------

Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
2024-09-05 01:59:57 +00:00
Lunny Xiao
9c990ac043
Add lock for parallel maven upload (#31954)
Backport #31851 
Fix #30171
2024-09-03 14:33:28 +08:00
Lunny Xiao
d3b0bc22c0
Fix index too many file names bug (#31903) (#31953)
Try to fix #31884
Fix #28584 
Backport #31903
2024-09-03 01:15:30 +00:00
Giteabot
6f5748c507
Prevent update pull refs manually and will not affect other refs update (#31931) (#31955)
Backport #31931 by @lunny

All refs under `refs/pull` should only be changed from Gitea inside but
not by pushing from outside of Gitea.
This PR will prevent the pull refs update but allow other refs to be
updated on the same pushing with `--mirror` operations.

The main changes are to add checks on `update` hook but not
`pre-receive` because `update` will be invoked by every ref but
`pre-receive` will revert all changes once one ref update fails.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-02 18:28:00 +08:00
yp05327
cc1520221a
Fix sort order for organization home and user profile page (#31921) (#31922)
Backport #31921
2024-09-02 07:58:18 +00:00
Giteabot
b5500cded1
Fix 500 error when state params is set when editing issue/PR by API (#31880) (#31952)
Backport #31880 by @yp05327

A quick fix for #31871

Co-authored-by: yp05327 <576951401@qq.com>
2024-09-01 18:38:10 +00:00
Lunny Xiao
0de69c26ec
Upgrade micromatch to 4.0.8 (#31944)
backport #31939
2024-08-30 10:36:49 +08:00
silverwind
24e8825f1f
Update webpack to 5.94.0 (#31941)
Update webpack on v1.22 branch because of
https://github.com/go-gitea/gitea/security/dependabot/70.
2024-08-29 16:10:25 +00:00
Giteabot
1d98d4e69a
Fix search team (#31923) (#31942)
Backport #31923 by @lunny

Fix #20658

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-30 00:05:21 +08:00
Giteabot
b140f647fc
Remove "dsa-1024" testcases from Test_SSHParsePublicKey and Test_calcFingerprint (#31905) (#31914)
Backport #31905 by @s4uliu5

DSA is considered inherently insecure and is already disabled/removed in
OpenSSH 9.8.

Therefore "dsa-1024" tescases are failing.

```
--- FAIL: Test_calcFingerprint (0.02s)
    --- FAIL: Test_calcFingerprint/dsa-1024 (0.00s)
        --- FAIL: Test_calcFingerprint/dsa-1024/SSHKeygen (0.00s)
            ssh_key_test.go:196:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:196
                        Error:          Received unexpected error:
                                        Unable to verify key content [result: /tmp/gitea_keytest1239408114 is not a public key file.
                                        ]
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
            ssh_key_test.go:197:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:197
                        Error:          Not equal:
                                        expected: "SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc"
                                        actual  : ""

                                        Diff:
                                        --- Expected
                                        +++ Actual
                                        @@ -1 +1 @@
                                        -SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc
                                        +
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
FAIL
```

Fix #31624

Co-authored-by: Saulius Gurklys <s4uliu5@gmail.com>
2024-08-25 20:39:00 +08:00
Lunny Xiao
e060ae88e5
Don't return 500 if mirror url contains special chars (#31859) (#31895)
Backport #31859
2024-08-22 00:10:50 +08:00
Lunny Xiao
d9c65c9a52
Upgrade bleve to 2.4.2 (#31894)
backport #31762
2024-08-21 05:13:59 +00:00
Lunny Xiao
96de5c2a9f
bug fix for translation in ru (#31892)
Fix #31891
2024-08-21 10:01:36 +08:00
Giteabot
e536d18fe5
Refactor the usage of batch catfile (#31754) (#31889)
Backport #31754 by @lunny

When opening a repository, it will call `ensureValidRepository` and also
`CatFileBatch`. But sometimes these will not be used until repository
closed. So it's a waste of CPU to invoke 3 times git command for every
open repository.

This PR removed all of these from `OpenRepository` but only kept
checking whether the folder exists. When a batch is necessary, the
necessary functions will be invoked.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-21 01:55:14 +08:00
Giteabot
a0d1630700
Fix agit automerge (#31207) (#31881)
Backport #31207 by @lunny

Fix #31134

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-20 16:20:58 +00:00
Giteabot
0affb5c775
add CfTurnstileSitekey context data to all captcha templates (#31874) (#31876)
Backport #31874 by @bohde

In the OpenID flows, the "CfTurnstileSitekey" wasn't populated, which
caused those flows to fail if using Turnstile as the Captcha
implementation.

This adds the missing context variables, allowing Turnstile to be used
in the OpenID flows.

Co-authored-by: Rowan Bohde <rowan.bohde@gmail.com>
2024-08-20 14:45:08 +00:00
Giteabot
3913ef69d5
Fix actions notify bug (#31866) (#31875)
Backport #31866 by @lunny

Try to fix
https://github.com/go-gitea/gitea/issues/31757#issuecomment-2295131062

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-20 02:14:29 +08:00
sillyguodong
5d2afc6e4f
fix the component of access token list not mounted (#31824) (#31868) 2024-08-19 12:56:17 -04:00
Giteabot
fe9a631939
Fix overflowing content in action run log (#31842) (#31853)
Backport #31842 by @Adrian-Hirt

When a long line with characters such as dots is returned by a step in
an action (e.g. by the output of the Ruby on Rails test runner), it
overflows the log container, causing the page to scroll sideways (see
first screenshot):


![before](https://github.com/user-attachments/assets/d71a8446-2c81-42d7-ad20-92514884365a)

This PR adds the CSS `overflow-wrap: anywhere;` to the
`.job-step-section .job-step-logs .job-log-line .log-msg` selector,
which causes such lines to wrap as well (see second screenshot in which
the line wraps nicely):


![after](https://github.com/user-attachments/assets/ba9abaec-dc0b-4fab-8129-b9341d4bf784)

Co-authored-by: Adrian Hirt <13788379+Adrian-Hirt@users.noreply.github.com>
2024-08-18 08:34:05 +08:00
Giteabot
3fe1f73268
Fix raw wiki links (#31825) (#31845)
Backport #31825 by @Zettat123

Fix #31395

This regression is introduced by #30273. To find out how GitHub handles
this case, I did [some
tests](https://github.com/go-gitea/gitea/issues/31395#issuecomment-2278929115).

I use redirect in this PR instead of checking if the corresponding `.md`
file exists when rendering the link because GitHub also uses redirect.
With this PR, there is no need to resolve the raw wiki link when
rendering a wiki page. If a wiki link points to a raw file, access will
be redirected to the raw link.

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-17 03:19:26 +00:00
Giteabot
1cf8f69b38
Avoid returning without written ctx when posting PR (#31843) (#31848)
Backport #31843 by @wolfogre

Fix #31625.

If `pull_service.NewPullRequest` return an error which misses each `if`
check, `CompareAndPullRequestPost` will return immediately, since it
doesn't write the HTTP response, a 200 response with empty body will be
sent to clients.

```go
	if err := pull_service.NewPullRequest(ctx, repo, pullIssue, labelIDs, attachments, pullRequest, assigneeIDs); err != nil {
		if repo_model.IsErrUserDoesNotHaveAccessToRepo(err) {
			ctx.Error(http.StatusBadRequest, "UserDoesNotHaveAccessToRepo", err.Error())
		} else if git.IsErrPushRejected(err) {
			// ...
			ctx.JSONError(flashError)
		} else if errors.Is(err, user_model.ErrBlockedUser) {
			// ...
			ctx.JSONError(flashError)
		} else if errors.Is(err, issues_model.ErrMustCollaborator) {
			// ...
			ctx.JSONError(flashError)
		}
		return
	}
```

Not sure what kind of error can cause it to happen, so this PR just
expose it. And we can fix it when users report that creating PRs failed
with error responses.

It's all my guess since I cannot reproduce the problem, but even if it's
not related, the code here needs to be improved.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-08-16 13:50:12 -04:00
Giteabot
771fb453a1
Add missing repository type filter parameters to pager (#31832) (#31837)
Backport #31832 by @yp05327

Fix #31807

ps: the newly added params's value will be changed.
When the first time you selected the filter, the values of params will
be `0` or `1`
But in pager it will be `true` or `false`.
So do we have `boolToInt` function?

Co-authored-by: yp05327 <576951401@qq.com>
2024-08-16 20:41:45 +08:00
Giteabot
5fa90ad9bc
Fix panic of ssh public key page after deletion of auth source (#31829) (#31836)
Backport #31829 by @lunny

Fix #31730 

This PR rewrote the function `PublicKeysAreExternallyManaged` with a
simple test. The new function removed the loop to make it more readable.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-16 01:50:57 +08:00
Giteabot
b6ede69a1b
Fixes for unreachable project issues when transfer repository from organization (#31770) (#31828)
Backport #31770 by @emrebdr

When transferring repositories that have issues linked to a project
board to another organization, the issues remain associated with the
original project board. This causes the columns in the project board to
become bugged, making it difficult to move other issues in or out of the
affected columns. As a solution, I removed the issue relations since the
other organization does not have this project table.

Fix for #31538

Co-authored-by: Edip Emre Bodur <emrebdr29@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
2024-08-14 09:57:23 +08:00
Giteabot
a3633b53d4
Scroll images in project issues separately from the remaining issue (#31683) (#31823)
Backport #31683 by @SimonPistache

As discussed in #31667 & #26561, when a card on a Project contains
images, they can overflow the card on its containing column. This aims
to fix this issue via snapping scrollbars.

---
Issue #31667 is open to discussion as there should be room for
improvement.

Co-authored-by: Simon Priet <105607989+SimonPistache@users.noreply.github.com>
2024-08-13 10:43:48 +08:00
Giteabot
f6f2349f8c
Add :focus-visible style to buttons (#31799) (#31819)
Backport #31799 by @silverwind

Buttons now show a focus style via
[`:focus-visible`](https://developer.mozilla.org/en-US/docs/Web/CSS/:focus-visible)
when the browser deems the focus to be important, like for example when
the button is focused via keyboard navigation.

<img width="492" alt="Screenshot 2024-08-07 at 22 12 51"
src="https://github.com/user-attachments/assets/060568b1-1599-4c56-bafb-b36ebb1bec35">
<img width="479" alt="image"
src="https://github.com/user-attachments/assets/885f4e10-f496-47f0-8ae5-45827ded09f8">

Co-authored-by: silverwind <me@silverwind.io>
2024-08-12 12:41:13 +08:00
Giteabot
a39fe53252
Show lock owner instead of repo owner on LFS setting page (#31788) (#31817)
Backport #31788 by @wolfogre

Fix #31784.

Before:

<img width="1648" alt="image"
src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023">

After:

<img width="1653" alt="image"
src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02">

Co-authored-by: Jason Song <i@wolfogre.com>
2024-08-11 15:17:34 +00:00
Bo-Yi Wu
e563297c34
fix(api): owner ID should be zero when created repo secret (#31715) (#31811)
- Change condition to include `RepoID` equal to 0 for organization
secrets

Backport https://github.com/go-gitea/gitea/pull/31715 by @appleboy

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-08-10 00:21:51 +08:00
Giteabot
144648a4af
Fix IsObjectExist with gogit (#31790) (#31806)
Backport #31790 by @wolfogre

Fix #31271.

When gogit is enabled, `IsObjectExist` calls
`repo.gogitRepo.ResolveRevision`, which is not correct. It's for
checking references not objects, it could work with commit hash since
it's both a valid reference and a commit object, but it doesn't work
with blob objects.

So it causes #31271 because it reports that all blob objects do not
exist.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-08-09 15:43:23 +08:00