Commit graph

3826 commits

Author SHA1 Message Date
Gusted b4b586f41d
[PRIVACY] Add a DNS method to fetch new updates
- Use TXT records in order to determine the latest available version.
- This addresses a valid privacy issue, as with HTTP requests the server
can keep track(estimated) of how many instances are using Forgejo, with
DNS that's basically not possible as the server will never receive any
data, as the only ones receiving data are DNS resolvers.

(cherry picked from commit 0baefb546a)
(cherry picked from commit e8ee41880b)
(cherry picked from commit 7eca4f3bf1)
(cherry picked from commit 5c1567836c)
(cherry picked from commit 953afbc67f)
(cherry picked from commit fd9d97ab9f)
(cherry picked from commit 40fbd45eff)
(cherry picked from commit c5c904b04b)
(cherry picked from commit 48659bb3ab)
(cherry picked from commit b1fccd5093)
(cherry picked from commit 5e69573860)
2023-05-10 11:04:40 +02:00
Loïc Dachary 3e917a5163
[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit 3ea0b287d7)
(cherry picked from commit db8392a8ac)
(cherry picked from commit bd2a5fa292)
(cherry picked from commit 235a91c4ae)
(cherry picked from commit ec12e54182)
(cherry picked from commit d456d25d88)
(cherry picked from commit 4a332f73d1)
(cherry picked from commit d59b79a72c)
(cherry picked from commit 0ec0e97b3b)
(cherry picked from commit 9d51094c53)
2023-05-10 09:20:14 +02:00
wxiaoguang 4498a26222
Improve decryption failure message (#24573) (#24575)
Backport #24573

Help some users like #16832 #1851

There are many users reporting similar problem: if the SECRET_KEY
mismatches, some operations (like 2FA login) only reports unclear 500
error and unclear "base64 decode error" log (some maintainers ever spent
a lot of time on debugging such problem)

The SECRET_KEY was not well-designed and it is also a kind of technical
debt. Since it couldn't be fixed easily, it's good to add clearer error
messages, then at least users could know what the real problem is.
2023-05-07 22:12:32 +08:00
Giteabot 257287954c
Fix the permission of team's Actions unit issue (#24536) (#24545)
Backport #24536 by @sillyguodong

close #24449

The unit of `Actions` should be contorlled not only by
`repository.DISABLED_REPO_UNITS` but also by `actions.ENABLED`
in the `app.ini`.
Previously, the permission of the team's `Actions` unit was not
controlled by `actions.Enabled`. So, even if the user sets
`actions.Enabled` to false, he can still select the permission of the
`Actions` unit for the team.

This PR makes the permissions of the team's `Actions` unit also
controlled by `actions.Enabled`. Just append`TypeActions` into
`DisabledRepoUnits` slice when initializing if `actions.Enabled` is
false.


### Changes:

If `Actions` is set disbaled in `app.ini`, like below:
```yaml
[actions]
ENABLED = false
```

1. If user try to create/edit a team, will prompt user that `Actions` is
disbaled.
 

![image](https://user-images.githubusercontent.com/33891828/236370415-961082b2-82d2-4d9e-8025-83872ad08cbb.png)

2. `actions` is not displayed in the sidebar on the team details page


![image](https://user-images.githubusercontent.com/33891828/236371817-f39f9bc9-5926-4b88-b5e6-d93617fcfb07.png)

Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
2023-05-05 15:07:02 +02:00
silverwind f1a0b64109
Skip known flaky queue tests on CI environment (#24443)
Backport of https://github.com/go-gitea/gitea/pull/24419 to 1.19.
2023-04-30 15:25:42 -04:00
wxiaoguang d9d3f5234e
Fix incorrect CurrentUser check for docker rootless (#24435)
Many users report that 1.19 has a regression bug: the rootless image
can't start if the UID is not 1000.

https://github.com/go-gitea/gitea/issues/23632#issuecomment-1524589213


https://discourse.gitea.io/t/gitea-doesnt-start-after-update-to-1-19/6920/9


The problem is that the IsRunUserMatchCurrentUser logic is fragile, the
"SSH" config is not ready when it executes.

This PR is just a quick fix for 1.19. For 1.20, we need a clear and
stable solution.
2023-04-29 23:47:04 -04:00
Giteabot d2efd2bf73
Require repo scope for PATs for private repos and basic authentication (#24362) (#24364)
Backport #24362 by @jolheiser

> The scoped token PR just checked all API routes but in fact, some web
routes like `LFS`, git `HTTP`, container, and attachments supports basic
auth. This PR added scoped token check for them.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-04-26 20:57:51 -04:00
Giteabot af5d66b341
Fix wrong error info in RepoRefForAPI (#24344) (#24351)
Backport #24344 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
2023-04-26 11:07:51 +02:00
Giteabot cc7a4f17e0
Don't set meta theme-color by default (#24340) (#24346)
Backport #24340 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/24321. By not setting
this meta tag, Safari will use body color for chrome and out-of-viewport
areas, which looks much better then static mismatching green.

As per
[MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name/theme-color)
it's really only Apple browsers who still support this tag, most others
have dropped support.
 
Before:
<img width="347" alt="Screenshot 2023-04-25 at 19 59 13"
src="https://user-images.githubusercontent.com/115237/234363180-0fe667ef-5469-4f5f-b31a-c9d73aff10ac.png">

After:
<img width="361" alt="Screenshot 2023-04-25 at 20 00 00"
src="https://user-images.githubusercontent.com/115237/234363185-e2d2b62f-0133-4316-944d-b614ffb84eb0.png">

Co-authored-by: silverwind <me@silverwind.io>
2023-04-26 01:33:15 -04:00
Giteabot 2e6e5bc9c9
Fix incorrect CORS default values (#24206) (#24217)
Backport #24206 by @wxiaoguang

Document: 

```
;ALLOW_DOMAIN = *
;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
```

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-04-19 16:23:25 -04:00
Giteabot 3d3c740636
Fix Org edit page bugs: renaming detection, maxlength (#24161) (#24171)
Backport #24161 by @wxiaoguang

## Before

* The renaming detection is wrong (eg: pasting a new name into the input
doesn't trigger the detection)
* The renaming prompt layout is not good
* Some MaxSize/maxlength rules is missing


Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-04-17 12:20:47 -04:00
Patrick Schratz 463e144d97
Update redis library to support redis v7 (#24114) (#24156)
backports #24114

---------

Co-authored-by: techknowlogick <hello@techknowlogick.com>
2023-04-17 02:34:59 -04:00
Zettat123 893c97dd71
Fix mismatch between hook events and github event types (#24048) (#24091)
Backport https://github.com/go-gitea/gitea/pull/24048

Some workflow trigger events can have multiple activity types, such as
`issues` and `pull_request`, and user can specify which types can
trigger the workflow. See GitHub documentation:
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows

Now some hook events cannot match the workflow trigger events correctly
because we don't check the activity types. For example,
`pull_request_label` is an individual hook event. But there isn't a
`pull_request_label` workflow trigger event, we can only use
`pull_request` event's `label` activity type. If we don't check the
activity types, the workflows without the `label` activity type may be
triggered by the `pull_request_label` event by mistake. We need to
improve the match logic.

- [x] [`issues`
](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issues)
- [x]
[`issue_comment`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment)
- [x]
[`pull_request`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request)
- [x]
[`pull_request_review`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_review)
- [x]
[`pull_request_review_comment`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_review_comment)
- [x]
[`release`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release)
- [x]
[`registry_package`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#registry_package)
2023-04-13 15:19:41 +08:00
wxiaoguang 16d2cf05ab
Fix custom mailer template on Windows (#24081)
Fix #24075
Fix #23873

From the log:

```
2023/04/02 19:41:46 .../templates/mailer.go:68:1() [T] Adding mailer template for \issue\default from "C:\gitea\custom\templates\mail\issue\default.tmpl"
```

That `assetName ` on Windows is wrong. Gitea only uses slash `/`.
2023-04-12 12:16:40 -04:00
wxiaoguang d562b419b6
Make label templates have consistent behavior and priority (#23749) (#24071)
Backport #23749

Fix https://github.com/go-gitea/gitea/issues/23715

Backported manually and tested manually.
2023-04-12 16:05:10 +02:00
Giteabot a00e473341
Remove Repository.getFilesChanged to fix Actions paths and paths-ignore filter (#23920) (#23969)
Backport #23920 by @ChristopherHX

Remove the misbehaving function and call
Repository.GetFilesChangedBetween instead.

Fixes #23919

---

~~_TODO_ test this~~ `Repository.getFilesChanged` seems to be only used
by Gitea Actions, but a similar function already exists

**Update** I tested this change and the issue is gone.

Co-authored-by: ChristopherHX <christopher.homberger@web.de>
2023-04-08 16:16:21 +08:00
Giteabot 3a7cb1a83b
Use Get/Set instead of Rename when Regenerate session id (#23975) (#23983)
Backport #23975 by @wxiaoguang

Do not use Rename here, because the old sid and new sid may be in
different redis cluster slot.

Fix #23869

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-04-07 14:21:20 -05:00
Giteabot f317186aa6
Do not crash when parsing an invalid workflow file (#23972) (#23976)
Backport #23972 by @wolfogre

Fix #23658.

Related to https://gitea.com/gitea/act/pulls/39

Co-authored-by: Jason Song <i@wolfogre.com>
2023-04-07 09:55:59 -04:00
Giteabot 5b7df68555
Ensure RSS icon is present on all repo tabs (#23904) (#23973)
Backport #23904 by @silverwind

Previously, not all repo tabs had shown the RSS icon in the repo header
because the context data was not being set. Added this context data in a
new function.

Before:

<img width="806" alt="image"
src="https://user-images.githubusercontent.com/115237/229639615-9cc00e75-3a26-4ff4-a6f2-316c1fccc596.png">

After:

<img width="815" alt="Screenshot 2023-04-04 at 00 16 17"
src="https://user-images.githubusercontent.com/115237/229639201-2e1c015b-1f13-46d4-aa14-e7a82fab3982.png">

Co-authored-by: silverwind <me@silverwind.io>
2023-04-07 14:55:30 +02:00
Giteabot d752f0d7d0
Add git dashes separator to some "log" and "diff" commands (#23606) (#23720)
Backport #23606 by @wxiaoguang

Reference:
https://github.com/go-gitea/gitea/issues/22578#issuecomment-1444180053

Credits to @tdesveaux , thank you very much for catching the problem. If
you'd like to open a PR, feel free to replace this one.

Git reports fatal errors for ambiguous arguments:

```
fatal: ambiguous argument 'refs/a...refs/b': unknown revision or path not in the working tree.
        Use '--' to separate paths from revisions, like this:
        'git <command> [<revision>...] -- [<file>...]'
```

So the `--` separator is necessary in some cases.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-04-03 21:43:51 -04:00
Giteabot 669c76c0fd
Fix cases.Title crash for concurrency (#23885) (#23903)
Backport #23885 by @wxiaoguang

Regression of #19676 and #21814

Fix #23872

`cases.Title` is not thread-safe, it has internal state, so it can't be
used as a global shared variable.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-04-04 01:26:14 +02:00
Jason Song 799536db46
Fix checks for needs in Actions (#23789) (#23831)
Backport #23789.

Fix:
- https://gitea.com/gitea/act_runner/issues/77
- https://gitea.com/gitea/act_runner/issues/81

Before:
<img width="1489" alt="image"

src="https://user-images.githubusercontent.com/9418365/228501567-f752cf87-a7ed-42c6-8f3d-ba741795c1fe.png">

Highlights:
- Upgrade act to make things doable, related to
  - https://gitea.com/gitea/act/pulls/32
  - https://gitea.com/gitea/act/pulls/33
  - https://gitea.com/gitea/act/pulls/35
- Make `needs` works
- Sort jobs in the original order in the workflow files
2023-04-03 13:24:45 +08:00
wxiaoguang d15f20b2d2
Add ONLY_SHOW_RELEVANT_REPOS back, fix explore page bug, make code more strict (#23766) (#23791)
Follow #21962

After I eat my own dogfood, I would say that
ONLY_SHOW_RELEVANT_REPOS=false is necessary for many private/enterprise
instances, because many private repositories do not have
"description/topic", users just want to search by their names.

This PR also adds `PageIsExploreRepositories` check, to make code more
strict, because the `search` template is shared for different purpose.

And during the test, I found a bug that the "Search" button didn't
respect the "relevant" parameter, so this PR fixes the bug by the way
together.
2023-03-30 09:09:22 -05:00
wxiaoguang b73d1ac1eb
Make minio package support legacy MD5 checksum (#23768) (#23770)
Backport #23768 (no source code conflict, only some unrelated
docs/test-ini conflicts)

Some storages like:

 * https://developers.cloudflare.com/r2/api/s3/api/
 * https://www.backblaze.com/b2/docs/s3_compatible_api.html

They do not support "x-amz-checksum-algorithm" header

But minio recently uses that header with CRC32C by default. So we have
to tell minio to use legacy MD5 checksum.
2023-03-29 00:02:13 +08:00
Giteabot 35039b8563
Use GitHub Actions compatible globbing for branches, tag, path filter (#22804) (#23740)
Backport #22804 by @ChristopherHX

Replaces the current globbing library with a
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
compatible one.

This adds support for
- `paths-ignore`, `tags-ignore` and `branches-ignore` filters.
- negative patterns in `paths`, `tags` and `branches` filters
- using both `tags` and `paths` filter on the push event

Original PR https://gitea.com/gitea/act/pulls/13.
nektos/act PR https://github.com/nektos/act/pull/1618 for the
workflowpattern package (It can take some months for it to appear in
https://gitea.com/gitea/act)

Related to https://github.com/go-gitea/gitea/issues/13539

Co-authored-by: ChristopherHX <christopher.homberger@web.de>
2023-03-27 14:01:46 -04:00
Zettat123 b6a2323981
Check LFS/Packages settings in dump and doctor command (#23631) (#23730)
Backport #23631 
Close #23622

As described in the issue, disabling the LFS/Package settings will cause
errors when running `gitea dump` or `gitea doctor`. We need to check the
settings and the related operations should be skipped if the settings
are disabled.
2023-03-27 16:28:22 +08:00
Giteabot e7a5429d7a
Improve workflow event triggers (#23613) (#23648) 2023-03-23 16:34:05 +08:00
wxiaoguang 774b37b9f8
Introduce path Clean/Join helper functions, partially backport&refactor (#23495) (#23607)
Backport #23495, partially backport&refactor

The `modules/options` files are just copied from 1.20 to 1.19
2023-03-22 19:56:20 +08:00
Giteabot a3b917151c
Improve template error reporting (#23396) (#23600)
Backport #23396 by @zeripath

There are multiple duplicate reports of errors during template rendering
due to broken custom templates.

Unfortunately the error returned here is somewhat difficult for users to
understand and it doesn't return the context of the error.

This PR attempts to parse the error returned by the template renderer to
add in some further context including the filename of the template AND
the preceding lines within that template file.

Ref #23274

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2023-03-20 17:53:45 -04:00
Giteabot 4730ed18f1
Add .patch to attachment.ALLOWED_TYPES (#23580) (#23582)
Backport #23580 by @silverwind

Updated this default to GitHub's latest, adding the `.patch` file
extension to allowed types.

Co-authored-by: silverwind <me@silverwind.io>
2023-03-19 16:48:44 -04:00
wxiaoguang 09824025f7
Refactor merge/update git command calls (#23366) (#23544)
Backport #23366

* Remove unnecessary ToTrustedCmdArgs calls
* The `signArg` couldn't be empty, it's either `-S{keyID}` or
`--no-gpg-sign`.
2023-03-17 12:16:22 -04:00
Giteabot 23a6fa9421
Make time tooltips interactive (#23526) (#23527)
Backport #23526 by @silverwind

Fixes https://codeberg.org/forgejo/forgejo/issues/511

<img width="379" alt="Screenshot 2023-03-16 at 20 23 10"
src="https://user-images.githubusercontent.com/115237/225731294-4c6e4f44-bdcc-4c8c-86e2-49f7c03b377d.png">

Co-authored-by: silverwind <me@silverwind.io>
2023-03-16 16:23:11 -05:00
Giteabot 31efbafbe3
Convert GitHub event on actions and fix some pull_request events. (#23037) (#23471)
Backport #23037 by @lunny

Follow #22680

Partially Fix #22958, on pull_request, `opened`, `reopened`,
`synchronize` supported, `edited` hasn't been supported yet because
Gitea doesn't trigger that events.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: yp05327 <576951401@qq.com>
2023-03-15 10:43:10 +08:00
Giteabot c698a6fc5d
Scoped label display and documentation tweaks (#23430) (#23433)
Backport #23430 by @brechtvl

* Fix scoped label left and right part breaking across lines.
* Remove slanted divider in scoped label display, make it straight.
After using this for a while, this feels more visually noisy than
helpful.
* Reduce contrast between scope and item to reduce probability of
unreadable text on background.
* Change documentation to remove mention of non-exclusive scoped labels.

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-03-15 07:58:38 +08:00
Giteabot 8536dc4b73
Make branches list page operations remember current page (#23420) (#23460)
Backport #23420 by @wxiaoguang

Close #23411

Always pass "page" query parameter to backend, and make backend respect
it.

The `ctx.FormInt("limit")` is never used, so removed.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-14 20:51:14 +08:00
Giteabot fa33919e24
Support reflogs (#22451) (#23438)
Backport #22451 by @philip-peterson

This PR adds support for reflogs on all repositories. It does this by
adding a global configuration entry.

Implements #14865

Signed-off-by: Philip Peterson <philip.c.peterson@gmail.com>
Co-authored-by: Philip Peterson <philip-peterson@users.noreply.github.com>
2023-03-13 12:20:10 +00:00
Giteabot e259daeff8
Add missing tabs to org projects page (#22705) (#23412)
Backport #22705 by @yp05327

Fixes https://github.com/go-gitea/gitea/issues/22676

Context Data `IsOrganizationMember` and `IsOrganizationOwner` is used to
control the visibility of `people` and `team` tab.

2871ea0809/templates/org/menu.tmpl (L19-L40)

And because of the reuse of user projects page, User Context is changed
to Organization Context. But the value of `IsOrganizationMember` and
`IsOrganizationOwner` are not being given.

I reused func `HandleOrgAssignment` to add them to the ctx, but may have
some unnecessary variables, idk whether it is ok.

I found there is a missing `PageIsViewProjects` at create project page.

Co-authored-by: yp05327 <576951401@qq.com>
2023-03-10 10:08:28 -06:00
Giteabot e9991b1f06
Refactor and tidy-up the merge/update branch code (#22568) (#23365)
Backport #22568

The merge and update branch code was previously a little tangled and had
some very long functions. The functions were not very clear in their
reasoning and there were deficiencies in their logging and at least one
bug in the handling of LFS for update by rebase.

This PR substantially refactors this code and splits things out to into
separate functions. It also attempts to tidy up the calls by wrapping
things in "context"s. There are also attempts to improve logging when
there are errors.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-03-09 22:15:39 -05:00
Giteabot 87c31c2ffe
Set X-Gitea-Debug header once (#23361) (#23381) 2023-03-09 06:33:05 +08:00
Giteabot cf80f829b4
Do not recognize text files as audio (#23355) (#23368)
Backport #23355

Close #17108

This PR uses a trick (removing the ID3 tag) to detect the content again
to to see whether the content is text type.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-08 16:03:05 +08:00
Giteabot 10df304b2f
Fix various ImageDiff/SVG bugs (#23312) (#23358)
Backport #23312

Replace #23310, Close #19733

And fix various UI problems, including regressions from #22959 #22950
and more.


## SVG Detection

The old regexp may mismatch non-SVG files. This PR adds new tests for
those cases.

## UI Changes

### Before


![image](https://user-images.githubusercontent.com/2114189/222967716-f6ad8721-f46a-4a3f-9eb0-a89e488d3436.png)


![image](https://user-images.githubusercontent.com/2114189/222967780-8af8981a-e69d-4304-9dc4-0235582fa4f4.png)


### After


![image](https://user-images.githubusercontent.com/2114189/222967575-c21c23d4-0200-4e09-aac3-57895e853000.png)


![image](https://user-images.githubusercontent.com/2114189/222967585-8b8da262-bc96-441a-9851-8d3845f2659d.png)


![image](https://user-images.githubusercontent.com/2114189/222967595-58d9bea5-6df4-41fa-bf8a-86704117959d.png)


![image](https://user-images.githubusercontent.com/2114189/222967608-38757c1a-b8bd-4ebf-b7a8-3b30edb7f303.png)


![image](https://user-images.githubusercontent.com/2114189/222967623-9849a339-6fae-4484-8fa5-939e2fdacbf5.png)


![image](https://user-images.githubusercontent.com/2114189/222967633-4383d7dd-62ba-47a3-8c10-86f7ca7757ae.png)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-07 15:38:13 +02:00
Giteabot ecae62837c
Refactor setting.Database.UseXXX to methods (#23354) (#23356)
Backport #23354

Replace #23350.

Refactor `setting.Database.UseMySQL` to
`setting.Database.Type.IsMySQL()`.

To avoid mismatching between `Type` and `UseXXX`.

This refactor can fix the bug mentioned in #23350, so it should be
backported.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-03-07 20:11:44 +08:00
Giteabot dcf1717793
Add context when rendering labels or emojis (#23281) (#23319)
Backport #23281

This branch continues the work of #23092 and attempts to rid the
codebase of any `nil` contexts when using a `RenderContext`.

Anything that renders markdown or does post processing may call
`markup.sha1CurrentPatternProcessor()`, and this runs
`git.OpenRepository()`, which needs a context. It will panic if the
context is `nil`. This branch attempts to _always_ include a context
when creating a `RenderContext` to prevent future crashes.

Co-authored-by: Jonathan Tran <jon@allspice.io>
2023-03-06 10:32:40 -06:00
Giteabot b1e68f39e7
Properly flush unique queues on startup (#23154) (#23201)
Backport #23154

There have been a number of reports of PRs being blocked whilst being
checked which have been difficult to debug. In investigating #23050 I
have realised that whilst the Warn there is somewhat of a miscall there
was a real bug in the way that the LevelUniqueQueue was being restored
on start-up of the PersistableChannelUniqueQueue.

Next there is a conflict in the setting of the internal leveldb queue
name - This wasn't being set so it was being overridden by other unique
queues.

This PR fixes these bugs and adds a testcase.

Thanks to @brechtvl  for noticing the second issue.

Fix #23050
and others

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: delvh <leon@kske.dev>
2023-03-06 22:35:07 +08:00
Giteabot 1edb57eda9
Fix various bugs for "install" page (#23194) (#23286)
Backport #23194

## TLDR

* Fix the broken page / broken image problem when click "Install"
* Fix the Password Hash Algorithm display problem for #22942
* Close #20089
* Close #23183
* Close #23184

## Details

### The broken page / broken image problem when clicking on "Install"
(Redirect failed after install - #23184)

Before: when clicking on "install", all new requests will fail, because the
server has been restarted. Users just see a broken page with broken
images, sometimes the server is not ready but the user would have been
redirect to "/user/login" page, then the users see a new broken page
(connection refused or something wrong ...)


After: only check InstallLock=true for necessary handlers, and sleep for
a while before restarting the server, then the browser has enough time
to load the "post-install" page. And there is a script to check whether
"/user/login" is ready, the user will only be redirected to the login
page when the server is ready.

### During new instance setup fill 'Gitea Base URL' with
window.location.origin - #20089

If the "app_url" input contains `localhost` (the default value from
config), use current window's location href as the `app_url` (aka
ROOT_URL)


### Fix the Password Hash Algorithm display problem for "Provide the
ability to set password hash algorithm parameters #22942"

Before: the UI shows `pbkdf2$50000$50`

<details>


![image](https://user-images.githubusercontent.com/2114189/221917143-e1e54798-1698-4fee-a18d-00c48081fc39.png)

</details>

After: the UI shows `pbkdf2`

<details>


![image](https://user-images.githubusercontent.com/2114189/221916999-97a15be8-2ebb-4a01-bf93-dac18e354fcc.png)

</details>



### GET data: net::ERR_INVALID_URL #23183

Cause by empty `data:` in `<link rel="manifest"
href="data:{{.ManifestData}}">`

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-03-05 11:59:58 +01:00
Giteabot 781019216c
Fix GetFilesChangedBetween if the file name may be escaped (#23272) (#23279)
Backport #23272

The code for GetFilesChangedBetween uses `git diff --name-only
base..head` to get the names of files changed between base and head
however this forgets that git will escape certain values.

This PR simply switches to use `-z` which has the `NUL` character as the
separator.

Ref https://github.com/go-gitea/gitea/pull/22568#discussion_r1123138096

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-03-04 00:38:31 -05:00
Giteabot 464bbd747e
Fix commit retrieval by tag (#21804) (#23266)
Backport #21804

It is not correct to return tag data when commit data is requested, so
remove the hacky code that overwrote parts of a commit with parts of a
tag.

This fixes commit retrieval by tag for both the latest commit in the UI
and the commit info on tag webhook events.

Fixes: https://github.com/go-gitea/gitea/issues/21687
Replaces: https://github.com/go-gitea/gitea/pull/21693

<img width="324" alt="Screenshot 2022-11-13 at 15 26 37"
src="https://user-images.githubusercontent.com/115237/201526975-736c6ea7-ad6a-467a-a823-9a63d6ecb718.png">

<img width="789" alt="image"
src="https://user-images.githubusercontent.com/115237/201526876-90a13ffc-1e5c-4d76-911b-f1ae51e8eaab.png">

Co-authored-by: silverwind <me@silverwind.io>
2023-03-03 13:42:46 -06:00
Giteabot f8a40dafb9
Allow <video> in MarkDown (#22892) (#23236)
Backport #22892

As you can imagine, for the Blender development process it is rather
nice to be able to include videos in issues, pull requests, etc.

This PR allows the `<video>` HTML tag to be used in MarkDown, with the
`src`, `autoplay`, and `controls` attributes.

## Help Needed

To have this fully functional, personally I feel the following things
are still missing, and would appreciate some help from the Gitea team.

### Styling

Some CSS is needed, but I couldn't figure out which of the LESS files
would work. I tried `web_src/less/markup/content.less` and
`web_src/less/_base.less`, but after running `make` the changes weren't
seen in the frontend.

This I would consider a minimal set of CSS rules to be applied:

```css
video {
  max-width: 100%;
  max-height: 100vh;
}
```

### Default Attributes

It would be fantastic if Gitea could add some default attributes to the
`<video>` tag. Basically `controls` should always be there, as there is
no point in disallowing scrolling through videos, looping them, etc.

### Integration with the attachments system

Another thing that could be added, but probably should be done in a
separate PR, is the integration with the attachments system. Dragging in
a video should attach it, then generate the appropriate MarkDown/HTML.

Co-authored-by: Sybren <122987084+drsybren@users.noreply.github.com>
2023-03-02 11:49:05 -05:00
Giteabot 5d5f907e7f
Add loading yaml label template files (#22976) (#23232)
Backport #22976

Extract from #11669 and enhancement to #22585 to support exclusive
scoped labels in label templates

* Move label template functionality to label module
* Fix handling of color codes
* Add Advanced label template

Co-authored-by: Lauris BH <lauris@nix.lv>
2023-03-01 21:57:34 -05:00
Giteabot 13918ad344
Pass --global when calling git config --get, for consistency with git config --set (#23157) (#23199)
Backport #23157

This arose out of #22451; it seems we are checking using non-global
settings to see if a config value is set, in order to decide whether to
call another global(-indeed) configuration command. This PR changes it
so that both the check and the set are for global configuration.

Co-authored-by: Philip Peterson <philip-peterson@users.noreply.github.com>
2023-02-28 17:53:15 -05:00