Skip to content

Commit

Permalink
Merge remote-tracking branch 'giteaofficial/main'
Browse files Browse the repository at this point in the history
* giteaofficial/main: (21 commits)
  Update minimum password length requirements (go-gitea#25946)
  cynkra is covered via oc links now (go-gitea#26641)
  update config docs url (go-gitea#26640)
  devpod use go1.21 (go-gitea#26637)
  Use correct minio error (go-gitea#26634)
  Remove avatarHTML from template helpers (go-gitea#26598)
  Add optimistic lock to ActionRun table (go-gitea#26563)
  Improve the branch selector tab UI (go-gitea#26631)
  Improve translation of milestone filters (go-gitea#26569)
  Add `branch_filter` to hooks API endpoints (go-gitea#26599)
  Replace box-shadow for `floating` dropdown as well (go-gitea#26581)
  Add link to job details and tooltip to commit status in repo list in dashboard (go-gitea#26326)
  Ignore the trailing slashes when comparing oauth2 redirect_uri (go-gitea#26597)
  Update tool dependencies (go-gitea#26607)
  bump go to 1.21 (go-gitea#26608)
  Update 1.20.3 changelog (go-gitea#26609)
  Fix NPM packages name validation (go-gitea#26595)
  Use "input" event instead of "keyup" event for migration form (go-gitea#26602)
  Do not use deprecated log config options by default (go-gitea#26592)
  fix reopen logic for agit flow pull request (go-gitea#26399)
  ...
  • Loading branch information
zjjhot committed Aug 22, 2023
2 parents 1f3ed03 + b3f7137 commit 0202a36
Show file tree
Hide file tree
Showing 57 changed files with 511 additions and 357 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "Gitea DevContainer",
"image": "mcr.microsoft.com/devcontainers/go:1.20-bullseye",
"image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
"features": {
// installs nodejs into container
"ghcr.io/devcontainers/features/node:1": {
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/files-changed.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,4 @@ jobs:
swagger:
- "templates/swagger/v1_json.tmpl"
- "Makefile"
33 changes: 32 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,25 @@ This changelog goes through all the changes that have been made in each release
without substantial changes to our git log; to see the highlights of what has
been added to each release, please refer to the [blog](https://blog.gitea.com).

## [1.20.3](https://github.com/go-gitea/gitea/releases/tag/v1.20.3) - 2023-08-07
## [1.20.3](https://github.com/go-gitea/gitea/releases/tag/v1.20.3) - 2023-08-20

* BREAKING
* Fix the wrong derive path (#26271) (#26318)
* SECURITY
* Fix API leaking Usermail if not logged in (#25097) (#26350)
* FEATURES
* Add ThreadID parameter for Telegram webhooks (#25996) (#26480)
* ENHANCEMENTS
* Add minimum polyfill to support "relative-time-element" in PaleMoon (#26575) (#26578)
* Fix dark theme highlight for "NameNamespace" (#26519) (#26527)
* Detect ogg mime-type as audio or video (#26494) (#26505)
* Use `object-fit: contain` for oauth2 custom icons (#26493) (#26498)
* Move dropzone progress bar to bottom to show filename when uploading (#26492) (#26497)
* Remove last newline from config file (#26468) (#26471)
* Minio: add missing region on client initialization (#26412) (#26438)
* Add pull request review request webhook event (#26401) (#26407)
* Fix text truncate (#26354) (#26384)
* Fix incorrect color of selected assignees when create issue (#26324) (#26372)
* Display human-readable text instead of cryptic filemodes (#26352) (#26358)
* Hide `last indexed SHA` when a repo could not be indexed yet (#26340) (#26345)
* Fix the topic validation rule and suport dots (#26286) (#26303)
Expand All @@ -19,6 +31,23 @@ been added to each release, please refer to the [blog](https://blog.gitea.com).
* Fix commit compare style (#26209) (#26226)
* Warn instead of reporting an error when a webhook cannot be found (#26039) (#26211)
* BUGFIXES
* Use "input" event instead of "keyup" event for migration form (#26602) (#26605)
* Do not use deprecated log config options by default (#26592) (#26600)
* Fix "issueReposQueryPattern does not match query" (#26556) (#26564)
* Sync repo's IsEmpty status correctly (#26517) (#26560)
* Fix project filter bugs (#26490) (#26558)
* Use `hidden` over `clip` for text truncation (#26520) (#26522)
* Set "type=button" for editor's toolbar buttons (#26510) (#26518)
* Fix NuGet search endpoints (#25613) (#26499)
* Fix storage path logic especially for relative paths (#26441) (#26481)
* Close stdout correctly for "git blame" (#26470) (#26473)
* Check first if minio bucket exists before trying to create it (#26420) (#26465)
* Avoiding accessing undefined tributeValues #26461 (#26462)
* Call git.InitSimple for runRepoSyncReleases (#26396) (#26450)
* Add transaction when creating pull request created dirty data (#26259) (#26437)
* Fix wrong middleware sequence (#26428) (#26436)
* Fix admin queue page title and fix CI failures (#26409) (#26421)
* Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) (#26405)
* Bypass MariaDB performance bug of the "IN" sub-query, fix incorrect IssueIndex (#26279) (#26368)
* Fix incorrect CLI exit code and duplicate error message (#26346) (#26347)
* Prevent newline errors with Debian packages (#26332) (#26342)
Expand All @@ -31,6 +60,8 @@ been added to each release, please refer to the [blog](https://blog.gitea.com).
* Fix attachment clipboard copy on insecure origin (#26224) (#26231)
* Fix access check for org-level project (#26182) (#26223)
* MISC
* Improve profile readme rendering (#25988) (#26453)
* [docs] Add missing backtick in quickstart.zh-cn.md (#26349) (#26357)
* Upgrade x/net to 0.13.0 (#26301)

## [1.20.2](https://github.com/go-gitea/gitea/releases/tag/v1.20.2) - 2023-07-29
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#Build stage
FROM docker.io/library/golang:1.20-alpine3.18 AS build-env
FROM docker.io/library/golang:1.21-alpine3.18 AS build-env

ARG GOPROXY
ENV GOPROXY ${GOPROXY:-direct}
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.rootless
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#Build stage
FROM docker.io/library/golang:1.20-alpine3.18 AS build-env
FROM docker.io/library/golang:1.21-alpine3.18 AS build-env

ARG GOPROXY
ENV GOPROXY ${GOPROXY:-direct}
Expand Down
6 changes: 3 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,18 @@ SHASUM ?= shasum -a 256
HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
COMMA := ,

XGO_VERSION := go-1.20.x
XGO_VERSION := go-1.21.x

AIR_PACKAGE ?= github.com/cosmtrek/[email protected]
EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/[email protected]
GOFUMPT_PACKAGE ?= mvdan.cc/[email protected]
GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.53.3
GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.1
GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/[email protected]
MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/[email protected]
SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/[email protected]
XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
GO_LICENSES_PACKAGE ?= github.com/google/[email protected]
GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/[email protected].0
GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/[email protected].1
ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/[email protected]

DOCKER_IMAGE ?= gitea/gitea
Expand Down
5 changes: 2 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,13 +110,13 @@ Translations are done through Crowdin. If you want to translate to a new languag

You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.

https://docs.gitea.io/en-us/contributing/translation-guidelines/
https://docs.gitea.com/contributing/localization

[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)

## Further information

For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.com/).
If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create a post in the [discourse forum](https://discourse.gitea.io/).

We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
Expand Down Expand Up @@ -151,7 +151,6 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
<a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
<a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
<a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>

## FAQ

Expand Down
4 changes: 2 additions & 2 deletions custom/conf/app.example.ini
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
;; If you don't know what a setting is you should not set it.
;;
;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
;; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation.


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Expand Down Expand Up @@ -454,7 +454,7 @@ INTERNAL_TOKEN=
;REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
;;
;; The minimum password length for new Users
;MIN_PASSWORD_LENGTH = 6
;MIN_PASSWORD_LENGTH = 8
;;
;; Set to true to allow users to import local server paths
;IMPORT_LOCAL_PATHS = false
Expand Down
1 change: 0 additions & 1 deletion docker/root/etc/templates/app.ini
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ PATH = /data/gitea/attachments
[log]
MODE = console
LEVEL = info
ROUTER = console
ROOT_PATH = /data/gitea/log

[security]
Expand Down
2 changes: 1 addition & 1 deletion docs/content/administration/config-cheat-sheet.en-us.md
Original file line number Diff line number Diff line change
Expand Up @@ -559,7 +559,7 @@ And the following unique queues:
- `scrypt`: `scrypt$65536$16$2$50`
- Adjusting the algorithm parameters using this functionality is done at your own risk.
- `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
- `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
- `MIN_PASSWORD_LENGTH`: **8**: Minimum password length for new users.
- `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
- lower - use one or more lower latin characters
- upper - use one or more upper latin characters
Expand Down
15 changes: 13 additions & 2 deletions models/actions/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type ActionRun struct {
EventPayload string `xorm:"LONGTEXT"`
TriggerEvent string // the trigger event defined in the `on` configuration of the triggered workflow
Status Status `xorm:"index"`
Version int `xorm:"version default 0"` // Status could be updated concomitantly, so an optimistic lock is needed
Started timeutil.TimeStamp
Stopped timeutil.TimeStamp
Created timeutil.TimeStamp `xorm:"created"`
Expand Down Expand Up @@ -332,12 +333,22 @@ func GetRunByIndex(ctx context.Context, repoID, index int64) (*ActionRun, error)
return run, nil
}

// UpdateRun updates a run.
// It requires the inputted run has Version set.
// It will return error if the version is not matched (it means the run has been changed after loaded).
func UpdateRun(ctx context.Context, run *ActionRun, cols ...string) error {
sess := db.GetEngine(ctx).ID(run.ID)
if len(cols) > 0 {
sess.Cols(cols...)
}
_, err := sess.Update(run)
affected, err := sess.Update(run)
if err != nil {
return err
}
if affected == 0 {
return fmt.Errorf("run has changed")
// It's impossible that the run is not found, since Gitea never deletes runs.
}

if run.Status != 0 || util.SliceContains(cols, "status") {
if run.RepoID == 0 {
Expand All @@ -358,7 +369,7 @@ func UpdateRun(ctx context.Context, run *ActionRun, cols ...string) error {
}
}

return err
return nil
}

type ActionRunIndex db.ResourceIndex
39 changes: 24 additions & 15 deletions models/actions/run_job.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,32 +114,41 @@ func UpdateRunJob(ctx context.Context, job *ActionRunJob, cond builder.Cond, col
if affected != 0 && util.SliceContains(cols, "status") && job.Status.IsWaiting() {
// if the status of job changes to waiting again, increase tasks version.
if err := IncreaseTaskVersion(ctx, job.OwnerID, job.RepoID); err != nil {
return affected, err
return 0, err
}
}

if job.RunID == 0 {
var err error
if job, err = GetRunJobByID(ctx, job.ID); err != nil {
return affected, err
return 0, err
}
}

jobs, err := GetRunJobsByRunID(ctx, job.RunID)
if err != nil {
return affected, err
{
// Other goroutines may aggregate the status of the run and update it too.
// So we need load the run and its jobs before updating the run.
run, err := GetRunByID(ctx, job.RunID)
if err != nil {
return 0, err
}
jobs, err := GetRunJobsByRunID(ctx, job.RunID)
if err != nil {
return 0, err
}
run.Status = aggregateJobStatus(jobs)
if run.Started.IsZero() && run.Status.IsRunning() {
run.Started = timeutil.TimeStampNow()
}
if run.Stopped.IsZero() && run.Status.IsDone() {
run.Stopped = timeutil.TimeStampNow()
}
if err := UpdateRun(ctx, run, "status", "started", "stopped"); err != nil {
return 0, fmt.Errorf("update run %d: %w", run.ID, err)
}
}

runStatus := aggregateJobStatus(jobs)

run := &ActionRun{
ID: job.RunID,
Status: runStatus,
}
if runStatus.IsDone() {
run.Stopped = timeutil.TimeStampNow()
}
return affected, UpdateRun(ctx, run)
return affected, nil
}

func aggregateJobStatus(jobs []*ActionRunJob) Status {
Expand Down
8 changes: 0 additions & 8 deletions models/actions/task.go
Original file line number Diff line number Diff line change
Expand Up @@ -317,14 +317,6 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
return nil, false, nil
}

if job.Run.Status.IsWaiting() {
job.Run.Status = StatusRunning
job.Run.Started = now
if err := UpdateRun(ctx, job.Run, "status", "started"); err != nil {
return nil, false, err
}
}

task.Job = job

if err := commiter.Commit(); err != nil {
Expand Down
13 changes: 11 additions & 2 deletions models/auth/oauth2.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,15 @@ func (app *OAuth2Application) TableName() string {

// ContainsRedirectURI checks if redirectURI is allowed for app
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
contains := func(s string) bool {
s = strings.TrimSuffix(strings.ToLower(s), "/")
for _, u := range app.RedirectURIs {
if strings.TrimSuffix(strings.ToLower(u), "/") == s {
return true
}
}
return false
}
if !app.ConfidentialClient {
uri, err := url.Parse(redirectURI)
// ignore port for http loopback uris following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
Expand All @@ -140,13 +149,13 @@ func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
if ip != nil && ip.IsLoopback() {
// strip port
uri.Host = uri.Hostname()
if util.SliceContainsString(app.RedirectURIs, uri.String(), true) {
if contains(uri.String()) {
return true
}
}
}
}
return util.SliceContainsString(app.RedirectURIs, redirectURI, true)
return contains(redirectURI)
}

// Base32 characters, but lowercased.
Expand Down
12 changes: 12 additions & 0 deletions models/auth/oauth2_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,18 @@ func TestOAuth2Application_ContainsRedirectURI_WithPort(t *testing.T) {
assert.False(t, app.ContainsRedirectURI(":"))
}

func TestOAuth2Application_ContainsRedirect_Slash(t *testing.T) {
app := &auth_model.OAuth2Application{RedirectURIs: []string{"http://127.0.0.1"}}
assert.True(t, app.ContainsRedirectURI("http://127.0.0.1"))
assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))
assert.False(t, app.ContainsRedirectURI("http://127.0.0.1/other"))

app = &auth_model.OAuth2Application{RedirectURIs: []string{"http://127.0.0.1/"}}
assert.True(t, app.ContainsRedirectURI("http://127.0.0.1"))
assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))
assert.False(t, app.ContainsRedirectURI("http://127.0.0.1/other"))
}

func TestOAuth2Application_ValidateClientSecret(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})
Expand Down
6 changes: 6 additions & 0 deletions models/git/commit_status.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/translation"

"xorm.io/builder"
"xorm.io/xorm"
Expand Down Expand Up @@ -191,6 +192,11 @@ func (status *CommitStatus) APIURL(ctx context.Context) string {
return status.Repo.APIURL() + "/statuses/" + url.PathEscape(status.SHA)
}

// LocaleString returns the locale string name of the Status
func (status *CommitStatus) LocaleString(lang translation.Locale) string {
return lang.Tr("repo.commitstatus." + status.State.String())
}

// CalcCommitStatus returns commit status state via some status, the commit statues should order by id desc
func CalcCommitStatus(statuses []*CommitStatus) *CommitStatus {
var lastStatus *CommitStatus
Expand Down
2 changes: 2 additions & 0 deletions models/migrations/migrations.go
Original file line number Diff line number Diff line change
Expand Up @@ -524,6 +524,8 @@ var migrations = []Migration{
NewMigration("Fix PackageProperty typo", v1_21.FixPackagePropertyTypo),
// v271 -> v272
NewMigration("Allow archiving labels", v1_21.AddArchivedUnixColumInLabelTable),
// v272 -> v273
NewMigration("Add Version to ActionRun table", v1_21.AddVersionToActionRunTable),
}

// GetCurrentDBVersion returns the current db version
Expand Down
14 changes: 14 additions & 0 deletions models/migrations/v1_21/v272.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package v1_21 //nolint
import (
"xorm.io/xorm"
)

func AddVersionToActionRunTable(x *xorm.Engine) error {
type ActionRun struct {
Version int `xorm:"version default 0"`
}
return x.Sync(new(ActionRun))
}
2 changes: 1 addition & 1 deletion modules/packages/npm/creator.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ var (
ErrInvalidIntegrity = util.NewInvalidArgumentErrorf("failed to validate integrity")
)

var nameMatch = regexp.MustCompile(`\A((@[^\s\/~'!\(\)\*]+?)[\/])?([^_.][^\s\/~'!\(\)\*]+)\z`)
var nameMatch = regexp.MustCompile(`^(@[a-z0-9-][a-z0-9-._]*/)?[a-z0-9-][a-z0-9-._]*$`)

// Package represents a npm package
type Package struct {
Expand Down
Loading

0 comments on commit 0202a36

Please sign in to comment.