Commit Graph

1094 Commits

Author SHA1 Message Date
wxiaoguang
b0a405c5fa
Use secure cookie for HTTPS sites (#26999) (#27013)
Backport #26999

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.
2023-09-11 09:59:00 +00:00
Infinoid
3c53740244
Correct the database.LOG_SQL default value in config cheat sheet (#26997) (#27002)
This is a manual backport of #26997 to v1.20.
2023-09-10 21:43:42 -04:00
techknowlogick
b6fd1e48c0
Improve LDAP group config documentation (#21227) (#26921)
backport #21227

author @svenseeberg

Co-authored-by: Sven Seeberg <mail@sven-seeberg.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-05 22:41:10 -04:00
Giteabot
9f14b2173a
Update documents to fix some links (#26885) (#26888)
Backport #26885 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-09-03 19:37:42 +00:00
CaiCandong
e15794f62f
Update docs about attachment path (#26883) (#26884)
Backport #26883 
This change was caused by #26271, for configuration as below:
```
[attachment]
ENABLE = true
PATH = data/attachments
MAX_SIZE = 100
MAX_FILES = 5
```
Before #26271, the resolved path is ${AppWorkPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/attachments`)
After #26271, the resolved path is ${AppDataPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/data/attachments`)

Fix https://github.com/go-gitea/gitea/issues/26864 Follow
https://github.com/go-gitea/gitea/pull/26271
2023-09-03 18:45:37 +00:00
Giteabot
087df926cc
Improve the "bug report" template and "support options" document (#26753) (#26780)
Backport #26753 by @wxiaoguang

* `/help/support` is a better document than
`/administration/logging-config` for bug reporting
* Improve `support.en-us.md`
    * Move/add detailed contents into `Advanced Bug Report Tips` section
    * Merge `Chinese Support` section into `Support Options`

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-29 07:57:21 +08:00
Lunny Xiao
b159ebbab7
Use docs.gitea.com instead of docs.gitea.io (#26769)
backport #26739
2023-08-28 19:58:16 +08:00
xpume
c8b189eb01
Fix Page Not Found error (#26768)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-08-28 18:07:38 +08:00
Giteabot
e6173acac9
Add matrix to support (#26382) (#26722)
Backport #26382 by @jolheiser

This PR adds our matrix space to the support options and alphabetizes
the list.

I also considered adding our Mastodon, however that isn't as suitable as
the other options because it's just whoever has access to the account vs
a community chat/forum.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-08-25 01:55:53 -04:00
Giteabot
ecfed9e298
Prefer variables over subprocesses (#26690) (#26693)
Backport #26690 by @thomas-mc-work

… because it doesn't require a separate shell, spawning a process which
cost unnecessary resources and takes time.

Co-authored-by: Thomas McWork <thomas.mc.work@posteo.de>
2023-08-23 14:53:44 +02:00
Giteabot
2f4de240c1
add mfa doc (#26654) (#26674)
Backport #26654 by @lunny

copy and modified from #14572 

> Whilst debating enforcing MFA within our team, I realised there isn't
a lot of context to the side effects of enabling it. Most of us use Git
over HTTP and would need to add a token.

I plan to add another PR that adds a sentence to the UI about needing to
generate a token when enabling MFA if HTTP is to be used.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
2023-08-23 01:57:01 +00:00
Giteabot
0f5e07f538
Update upgrade documentation to add a check for deprecated configurations (#26451) (#26452)
Backport #26451 by @lunny

fix
https://github.com/go-gitea/gitea/issues/25995#issuecomment-1674096710

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-08-11 08:17:27 +02:00
Giteabot
9aadc25bc1
[docs] Add missing backtick in quickstart.zh-cn.md (#26349) (#26357) 2023-08-06 15:57:21 -04:00
Brian Lachniet
b94370504f
[docs] Fix Gmail configuration (#26356) 2023-08-06 12:02:43 -04:00
Giteabot
0b97463cef
Remove backslashed newlines on markdown (#26344) (#26348)
Backport #26344 by @lunny

Fix https://gitea.com/gitea/gitea-docusaurus/issues/56

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-08-05 23:42:45 +08:00
Giteabot
a758337046
Clarify the logger's MODE config option (#26267) (#26281)
Backport #26267 by @wxiaoguang

1. Fix the wrong document (add the missing `MODE=`)
2. Add a more friendly log message to tell users to add `MODE=` in their
config

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-02 01:08:28 +02:00
Giteabot
a075285f24
Update Arch linux URL from community to extra (#26273) (#26276)
Co-authored-by: minijaws <minijaws@gmail.com>
2023-08-01 10:32:23 -05:00
Giteabot
892e24aaf1
Calculate MAX_WORKERS default value by CPU number (#26177) (#26183) 2023-07-27 19:24:07 +08:00
Giteabot
72b55c8094
Update email-setup.en-us.md (#26068) (#26166)
Backport #26068 by @felixvictor

The setting `MAILER_TYPE` is deprecated.
According to the config cheat sheet, it should be `PROTOCOL`.

Co-authored-by: Felix Victor <felix.victor.na@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-26 10:55:27 -05:00
Giteabot
a8445e9320
Remove "misc" scope check from public API endpoints (#26134) (#26149)
Backport #26134 by @wxiaoguang

Fix #26035

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-26 05:32:41 +00:00
John Olheiser
4033d95dbf
Docusaurus-ify 1.20 (#26052)
See https://github.com/go-gitea/gitea/pull/26051

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: JonRB <4564448+eeyrjmr@users.noreply.github.com>
2023-07-26 10:00:14 +08:00
Giteabot
5992365fc1
added ssh mirror workaround description (#26096) (#26136)
Backport #26096 by @thigg

related #1635 #18159

This will probably be obsolete at some point, but it should not break
anything and it may help some users

Co-authored-by: thigg <thigg@users.noreply.github.com>
2023-07-25 18:32:39 +02:00
Giteabot
dfd371a363
RPM Registry: Show zypper commands for SUSE based distros as well (#25981) (#26020)
Backport #25981 by @asdil12

After RPM is supported with https://github.com/go-gitea/gitea/pull/23380
let's show the user
how to add the repo and install the RPM via all common package managers.

Co-authored-by: Dominik Heidler <dominik@heidler.eu>
2023-07-20 21:15:47 -04:00
Giteabot
ac129d4b4c
Correctly refer to dev tags as nightly in the docker docs (#26004) (#26019)
Backport #26004 by @jolheiser

As title, `dev` tags are no longer used since we switched to `nightly`

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-07-20 21:03:40 +08:00
Giteabot
ee47face12
Update path related documents (#25417) (#25982)
Backport #25417 by @wxiaoguang

Update WorkPath/WORK_PATH related documents, remove out-dated
information.

Remove "StaticRootPath" on the admin config display page, because few
end user really need it, it only causes misconfiguration.


![image](https://github.com/go-gitea/gitea/assets/2114189/8095afa4-da76-436b-9e89-2a92c229c01d)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-19 09:48:54 +00:00
wxiaoguang
b4460cf541
Make "install page" respect environment config (#25648) (#25799)
Backport #25648

Replace #25580

Fix #19453

The problem was: when users set "GITEA__XXX__YYY" , the "install page"
doesn't respect it.

So, to make the result consistent and avoid surprising end users, now
the "install page" also writes the environment variables to the config
file.

And, to make things clear, there are enough messages on the UI to tell
users what will happen.

There are some necessary/related changes to `environment-to-ini.go`:

* The "--clear" flag is removed and it was incorrectly written there.
The "clear" operation should be done if INSTALL_LOCK=true
* The "--prefix" flag is removed because it's never used, never
documented and it only causes inconsistent behavior.

The only conflict during backport is "ui divider" in
templates/install.tmpl
2023-07-10 11:51:05 +00:00
Giteabot
68a3961bf1
docs: rootless docker ssh's default port is 2222 (#25771) (#25772)
Backport #25771 by @leavesster

---

according `docker/rootless/usr/local/bin/docker-setup.sh` , in rootless
docker setup, ssh port is 2222.
and mysql database case should port same as PostgreSQL port

Co-authored-by: leavesster <11785335+leavesster@users.noreply.github.com>
2023-07-09 15:45:42 +08:00
Giteabot
24cf06592e
Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581) (#25604)
Backport #25581 by @wolfogre

Resolve #24789

## ⚠️ BREAKING ⚠️

Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.

But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.

If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.

Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.

Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.

Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.

Follow-up on the runner side:

- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-30 07:53:00 +00:00
Giteabot
12aca3ef20
Add documentation about supported workflow trigger events (#25582) (#25589)
Backport #25582 by @Zettat123

Right now Gitea doesn't support all [Events that trigger
workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows).
This PR lists the supported events to help users write workflow files.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-06-29 14:51:46 +02:00
lonix1
5703a0d3e3
Document creating an API key from the CLI (#25504)
Related to https://github.com/go-gitea/gitea/issues/25503

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-06-25 21:33:34 -04:00
Giteabot
6f1c95ec5b
Use the new download domain replace the old (#25405) (#25409)
Backport #25405 by @lunny

As title.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-06-21 03:59:51 +00:00
Giteabot
cc73f6e821
Add Exoscale to installation on cloud provider docs (#25342) (#25346)
Backport #25342 by @pmig

We created a Gitea application for the [Exoscale
Marketplace](https://www.exoscale.com/marketplace/listing/glasskube-gitea/)
for easier installation on the European cloud provider.

The installation is managed via the [Glasskube Kubernetes
Operator](https://github.com/glasskube/operator).

Signed-off-by: Philip Miglinci <pmig@glasskube.eu>
Co-authored-by: Philip Miglinci <p.miglinci@gmail.com>
2023-06-18 15:48:06 +00:00
Giteabot
3a29f6aaff
Add link to support page for commercial support (#25293) (#25297)
Backport #25293 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-06-16 14:26:32 +08:00
Giteabot
99d71b2b65
Docs about how to generate config for act runner with docker and setup it with docker-compose (#25256) (#25296)
Backport #25256 by @thezzisu

In this pull request, the following changes are addressed:

- State user should create `config.yaml` before start container to avoid
errors.
- Provided instructions to deploy runners using docker compose.

Co-authored-by: Zisu Zhang <thezzisu@gmail.com>
2023-06-16 12:09:03 +08:00
Giteabot
21cd5c2f3d
Fix all possible setting error related storages and added some tests (#23911) (#25244)
Backport #23911 by @lunny

Follow up #22405

Fix #20703 

This PR rewrites storage configuration read sequences with some breaks
and tests. It becomes more strict than before and also fixed some
inherit problems.

- Move storage's MinioConfig struct into setting, so after the
configuration loading, the values will be stored into the struct but not
still on some section.
- All storages configurations should be stored on one section,
configuration items cannot be overrided by multiple sections. The
prioioty of configuration is `[attachment]` > `[storage.attachments]` |
`[storage.customized]` > `[storage]` > `default`
- For extra override configuration items, currently are `SERVE_DIRECT`,
`MINIO_BASE_PATH`, `MINIO_BUCKET`, which could be configured in another
section. The prioioty of the override configuration is `[attachment]` >
`[storage.attachments]` > `default`.
- Add more tests for storages configurations.
- Update the storage documentations.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-14 08:36:52 +02:00
Giteabot
0ad5ae0dbf
Improve some documents: release version, logging, NFS lock (#25202) (#25204)
Backport #25202 by @wxiaoguang

Close #23654

Close #24684


@techknowlogick I still think we need to rename
https://dl.gitea.com/gitea/1.20/ to
https://dl.gitea.com/gitea/1.20-nightly/

`/gitea/1.20/` is quite confusing, it needs these words to explain why.
If we call it `1.20-nightly`, the FAQ can be simplified a lot.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-12 23:17:43 +08:00
HesterG
f0c967560a
Change branch name from master to main in some documents' links (#25126) (#25140)
Backport #25126 to 1.20

As title. And needs to backport to 1.19
2023-06-08 09:40:05 +00:00
silverwind
c09f747b51
Enable all webpack sourcemaps in dev build, disable all in prod build (#25089)
- Enable all source maps in dev build
- Disable all source maps in prod build
- Provide `ENABLE_SOURCEMAP` env var to override it.

I think the strange error seen in
https://github.com/go-gitea/gitea/issues/24784 is sourcemap related, so
if we enable/disable them all, it might go away. But it's most
definitely a Safari bug.

With all sourcemaps disabled, binary size goes down by around 1-2 MB,
with all enabled it goes up by around 12MB. If +12MB is acceptable, we
could also always enable them by default as fully source maps do have
some debugging benefits.
2023-06-06 12:57:08 +08:00
techknowlogick
7c778d6b5e
change placeholders in actions docs 2023-06-05 11:32:56 -04:00
techknowlogick
d302a5ee65
change placeholders in actions docs 2023-06-05 11:28:51 -04:00
sillyguodong
1a5f478ae1
Introduce how to configure cache when starting a Runner with Docker (#25077)
If a user starts a runner using a Docker image without making additional
configurations, the [cache action](https://github.com/actions/cache)
will not work properly.
Therefore, add a section in the documentation that explains how to
configure the cache correctly.
2023-06-05 14:12:55 +00:00
Lunny Xiao
d851bd9a6b
improve permission documentation (#23942) 2023-06-05 15:43:17 +08:00
Jack Hay
18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
Denys Konovalov
7d855efb1f
Allow for PKCE flow without client secret + add docs (#25033)
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since #5378 (v1.8.0), however without being
able to omit client secret.
Since #21316 Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since #21316, in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes #17107
Closes #25047
2023-06-03 05:59:28 +02:00
kodermho
7fca4056c4
Fix link to customizing-gitea (#25056)
The link to customizing-gitea in the label documentation is broken. This
PR should adjust the relative path to fix the link
2023-06-03 04:27:40 +02:00
sillyguodong
3a6a6342ea
Add chinese documentations for cran package registry (#25012)
As title.
2023-05-31 14:14:31 +08:00
silverwind
50bd7d0b24
Remove the service worker (#25010)
It's been disabled by default since 1.17
(https://github.com/go-gitea/gitea/pull/18914), and it never really
delivered any benefit except being another cache layer that has its own
unsolved invalidation issues. HTTP cache works, we don't need two cache
layers at the browser for assets.

## ⚠️ BREAKING

You can remove the config `[ui].USE_SERVICE_WORKER` from your `app.ini`
now.
2023-05-31 02:07:04 +00:00
John Olheiser
3dd3b1b456
Fix markdown link to awesome gitea (#25009)
Fixes the markdown link and uses title case like the other
translations.
2023-05-30 13:10:51 -05:00
JakobDev
1b115296d3
Followup to pinned Issues (#24945)
This addressees some things from #24406 that came up after the PR was
merged. Mostly from @delvh.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-05-30 15:26:51 +00:00
Lunny Xiao
e64c2faf85
Remove unnecessary content on docs (#24976) 2023-05-30 09:30:56 +08:00