1383 Commits

Author	SHA1	Message	Date
Jack Hay	7c2f093e85	Require token for GET subscription endpoint (#28765) ... Fixes #28756 ## Changes - Require and check API token for `GET /repos/{owner}/{repo}/subscription` in order to populate `ctx.Doer`.	2024-01-12 01:57:58 +00:00
vincent	f8a1bad883	Fix: system webhooks API bug (#28531) ... - Fix the bug about admin/hooks API that `GET /admin/hooks` can only fetch system_hooks, `POST /admin/hooks` can only create default_hooks.	2023-12-31 04:31:50 +00:00
Lunny Xiao	baf0d402d9	Add get actions runner registration token for API routes, repo, org, user and global level (#27144) ... Replace #23761 --------- Co-authored-by: Denys Konovalov <kontakt@denyskon.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2023-12-27 07:57:54 +00:00
delvh	778ad795fd	Refactor deletion (#28610) ... Introduce the new generic deletion methods - `func DeleteByID[T any](ctx context.Context, id int64) (int64, error)` - `func DeleteByIDs[T any](ctx context.Context, ids ...int64) error` - `func Delete[T any](ctx context.Context, opts FindOptions) (int64, error)` So, we no longer need any specific deletion method and can just use the generic ones instead. Replacement of #28450 Closes #28450 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-12-25 21:25:29 +01:00
wxiaoguang	b41925cee3	Refactor CORS handler (#28587) ... The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098	2023-12-25 20:13:18 +08:00
Jean-Baptiste Gomond	d0f24ff4ca	Added instance-level variables (#28115) ... This PR adds instance-level variables, and so closes #27726   	2023-12-25 07:28:59 +00:00
FuXiaoHei	fe5a616392	Fix merging artifact chunks error when minio storage basepath is set (#28555) ... Related to https://github.com/go-gitea/gitea/issues/28279 When merging artifact chunks, it lists chunks from storage. When storage is minio, chunk's path contains `MINIO_BASE_PATH` that makes merging break. <del>So trim the `MINIO_BASE_PATH` when handle chunks.</del> Update the chunk file's basename to retain necessary information. It ensures that the directory in the chunk's path remains unaffected.	2023-12-21 07:04:50 +00:00
Lunny Xiao	e7cb8da2a8	Always enable caches (#28527) ... Nowadays, cache will be used on almost everywhere of Gitea and it cannot be disabled, otherwise some features will become unaviable. Then I think we can just remove the option for cache enable. That means cache cannot be disabled. But of course, we can still use cache configuration to set how should Gitea use the cache.	2023-12-19 09:29:05 +00:00
Lunny Xiao	4eb2a29910	Improve ObjectFormat interface (#28496) ... The 4 functions are duplicated, especially as interface methods. I think we just need to keep `MustID` the only one and remove other 3. ``` MustID(b []byte) ObjectID MustIDFromString(s string) ObjectID NewID(b []byte) (ObjectID, error) NewIDFromString(s string) (ObjectID, error) ``` Introduced the new interfrace method `ComputeHash` which will replace the interface `HasherInterface`. Now we don't need to keep two interfaces. Reintroduced `git.NewIDFromString` and `git.MustIDFromString`. The new function will detect the hash length to decide which objectformat of it. If it's 40, then it's SHA1. If it's 64, then it's SHA256. This will be right if the commitID is a full one. So the parameter should be always a full commit id. @AdamMajer Please review.	2023-12-19 07:20:47 +00:00
Bo-Yi Wu	14ffdf6173	chore(api): support ignore password if login source type is LDAP for creating user API (#28491) ... - Modify the `Password` field in `CreateUserOption` struct to remove the `Required` tag - Update the `v1_json.tmpl` template to include the `email` field and remove the `password` field --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2023-12-19 02:32:45 +00:00
Lunny Xiao	408a484224	Adjust object format interface (#28469) ... - Remove `ObjectFormatID` - Remove function `ObjectFormatFromID`. - Use `Sha1ObjectFormat` directly but not a pointer because it's an empty struct. - Store `ObjectFormatName` in `repository` struct	2023-12-17 11:56:08 +00:00
Adam Majer	cbf923e87b	Abstract hash function usage (#28138) ... Refactor Hash interfaces and centralize hash function. This will allow easier introduction of different hash function later on. This forms the "no-op" part of the SHA256 enablement patch.	2023-12-13 21:02:00 +00:00
KN4CK3R	064f05204c	Add endpoint for not implemented Docker auth (#28457) ... Recently Docker started to use the optional `POST /v2/token` endpoint which should respond with a `404 Not Found` status code instead of the current `405 Method Not Allowed`. > Note: Not all token servers implement oauth2. If the request to the endpoint returns 404 using the HTTP POST method, refer to Token Documentation for using the HTTP GET method supported by all token servers.	2023-12-13 15:23:53 -05:00
Lunny Xiao	717d0f5934	Do some missing checks (#28423)	2023-12-12 05:01:17 +00:00
Jack Hay	4e879fed90	Deprecate query string auth tokens (#28390) ... ## Changes - Add deprecation warning to `Token` and `AccessToken` authentication methods in swagger. - Add deprecation warning header to API response. Example: ``` HTTP/1.1 200 OK ... Warning: token and access_token API authentication is deprecated ... ``` - Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth tokens entirely. Default is `false` ## Next steps - `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and the methods should be removed in swagger - `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of the auth methods in question should be removed ## Open questions - Should there be further changes to the swagger documentation? Deprecation is not yet supported for security definitions (coming in [OpenAPI Spec version 3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506)) - Should the API router logger sanitize urls that use `token` or `access_token`? (This is obviously an insufficient solution on its own) --------- Co-authored-by: delvh <dev.lh@web.de>	2023-12-12 03:48:53 +00:00
Lunny Xiao	537fa69962	Second part of refactor `db.Find` (#28194) ... Continue of #27798 and move more functions to `db.Find` and `db.Count`.	2023-12-11 16:56:48 +08:00
Lunny Xiao	aeb383025f	Also sync DB branches on push if necessary (#28361) ... Fix #28056 This PR will check whether the repo has zero branch when pushing a branch. If that, it means this repository hasn't been synced. The reason caused that is after user upgrade from v1.20 -> v1.21, he just push branches without visit the repository user interface. Because all repositories routers will check whether a branches sync is necessary but push has not such check. For every repository, it has two states, synced or not synced. If there is zero branch for a repository, then it will be assumed as non-sync state. Otherwise, it's synced state. So if we think it's synced, we just need to update branch/insert new branch. Otherwise do a full sync. So that, for every push, there will be almost no extra load added. It's high performance than yours. For the implementation, we in fact will try to update the branch first, if updated success with affect records > 0, then all are done. Because that means the branch has been in the database. If no record is affected, that means the branch does not exist in database. So there are two possibilities. One is this is a new branch, then we just need to insert the record. Another is the branches haven't been synced, then we need to sync all the branches into database.	2023-12-09 13:30:56 +00:00
KN4CK3R	a95d5b7702	Add `HEAD` support for rpm repo files (#28309) ... Fixes https://codeberg.org/forgejo/forgejo/issues/1810 zypper uses HEAD requests to check file existence. https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549 https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116 @ExplodingDragon fyi	2023-12-05 08:01:02 +00:00
Nanguan Lin	0aab2d38a7	Remove deprecated query condition in ListReleases (#28339) ... close #24057 call stack: 25faee3c5f/routers/api/v1/repo/release.go (L154) ec1feedbf5/routers/api/v1/utils/page.go (L13-L18) ec1feedbf5/services/convert/utils.go (L15-L22) ## ⚠️ Breaking ⚠️ (though it's not caused by this PR) Do not use `per_page` to specify pagination; use `limit` instead	2023-12-05 07:30:43 +00:00
Lunny Xiao	882e502327	Fix comment permissions (#28213) ... This PR will fix some missed checks for private repositories' data on web routes and API routes.	2023-11-25 17:21:21 +00:00
Lunny Xiao	df1e7d0067	Use db.Find instead of writing methods for every object (#28084) ... For those simple objects, it's unnecessary to write the find and count methods again and again.	2023-11-24 03:49:41 +00:00
yp05327	4d0eba8e0a	Fix swagger title (#28164) ...  Don't know why there's a `.` behind. 🤔	2023-11-22 08:09:19 +00:00
Earl Warren	340055ab6c	Enable system users search via the API (#28013) ... Refs: https://codeberg.org/forgejo/forgejo/issues/1403 (cherry picked from commit dd4d17c159eaf8b642aa9e6105b0532e25972bb7)	2023-11-13 15:31:38 +01:00
KN4CK3R	4f4fea734c	Unify two factor check (#27915) ... Fixes #27819 We have support for two factor logins with the normal web login and with basic auth. For basic auth the two factor check was implemented at three different places and you need to know that this check is necessary. This PR moves the check into the basic auth itself.	2023-11-06 08:22:39 +00:00
FuXiaoHei	ec0c6829d4	Fix/upload artifact error windows (#27802) ... From issue https://github.com/go-gitea/gitea/issues/27314 When act_runner in `host` mode on Windows. `upload_artifact@v3` actions use `path.join` to generate `itemPath` params when uploading artifact chunk. `itemPath` is encoded as `${artifact_name}\${artifact_path}`. <del>It's twice query escaped from ${artifact_name}/${artifact_path} that joined by Windows slash \.</del> **So we need convert Windows slash to linux**. In https://github.com/go-gitea/gitea/issues/27314, runner shows logs from `upload_artifact@v3` like with `%255C`: ``` [artifact-cases/test-artifact-cases] | ::error::Unexpected response. Unable to upload chunk to http://192.168.31.230:3000/api/actions_pipeline/_apis/pipelines/workflows/6/artifacts/34d628a422db9367c869d3fb36be81f5/upload?itemPath=more-files%255Css.json ``` But in gitea server at the same time, But shows `%5C` ``` 2023/10/27 19:29:51 ...eb/routing/logger.go:102:func1() [I] router: completed PUT /api/actions_pipeline/_apis/pipelines/workflows/6/artifacts/34d628a422db9367c869d3fb36be81f5/upload?itemPath=more-files%5Css.json for 192.168.31.230:55340, 400 Bad Request in 17.6ms @ <autogenerated>:1(actions.artifactRoutes.uploadArtifact-fm) ``` I found `%255C` is escaped by `https://github.com/actions/upload-artifact/blob/main/dist/index.js#L2329`. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-10-30 10:40:05 +00:00
Jean-Baptiste Gomond	641e8165c7	Fix bad method call when deleting user secrets via API (#27829) ... Fixed a little mistake when you deleting user secrets via the API. Found it when working on #27725. It should be backported to 1.21 I think.	2023-10-29 13:19:57 +01:00
merlleu	796ff26e0e	Do not force creation of _cargo-index repo on publish (#27266) ... Hello there, Cargo Index over HTTP is now prefered over git for package updates: we should not force users who do not need the GIT repo to have the repo created/updated on each publish (it can still be created in the packages settings). The current behavior when publishing is to check if the repo exist and create it on the fly if not, then update it's content. Cargo HTTP Index does not rely on the repo itself so this will be useless for everyone not using the git protocol for cargo registry. This PR only disable the creation on the fly of the repo when publishing a crate. This is linked to #26844 (error 500 when trying to publish a crate if user is missing write access to the repo) because it's now optional. --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-10-24 03:26:38 +00:00
silverwind	ce83609ff6	Upgrade to golangci-lint@v1.55.0 (#27756) ... https://github.com/golangci/golangci-lint/releases/tag/v1.55.0	2023-10-24 02:54:59 +00:00
Nanguan Lin	1859bbbf91	Fix org team endpoint (#27721) ... Fix #27711	2023-10-22 01:40:59 +02:00
JakobDev	3dc0c962bf	Delete repos of org when purge delete user (#27273) ... Fixes https://codeberg.org/forgejo/forgejo/issues/1514 I had to remove `RenameOrganization` to avoid circular import. We should really add some foreign keys to the database.	2023-10-19 13:16:11 +00:00
Lunny Xiao	9852c92e9a	Remove unnecessary parameter (#27671)	2023-10-18 15:03:10 +00:00
Lunny Xiao	cddf245c12	Replace more db.DefaultContext (#27628) ... Target #27065	2023-10-15 17:46:06 +02:00
JakobDev	76a85a4ce9	Final round of `db.DefaultContext` refactor (#27587) ... Last part of #27065	2023-10-14 08:37:24 +00:00
Evan Tobin	ae419fa494	Fix permissions for Token DELETE endpoint to match GET and POST (#27610) ... Fixes #27598 In #27080, the logic for the tokens endpoints were updated to allow admins to create and view tokens in other accounts. However, the same functionality was not added to the DELETE endpoint. This PR makes the DELETE endpoint function the same as the other token endpoints and adds unit tests	2023-10-14 08:04:44 +00:00
JakobDev	ebe803e514	Penultimate round of `db.DefaultContext` refactor (#27414) ... Part of #27065 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-10-11 04:24:07 +00:00
Nanguan Lin	5b6258a0b9	Fix the wrong HTTP response status code for duplicate packages (#27480) ... fix #27470 (hope there is nothing missing 😢 ) --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-10-10 15:39:58 +02:00
Michael Santos	5283ce9650	api: GetPullRequestCommits: return file list (#27483) ... Fixes https://github.com/go-gitea/gitea/issues/27481 ---- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-10-09 11:22:12 +00:00
JakobDev	f2b2608a86	Don't let API add 2 exclusive labels from same scope (#27433) ... Fixes #27380	2023-10-05 03:37:36 +00:00
JakobDev	cc5df26680	Even more `db.DefaultContext` refactor (#27352) ... Part of #27065 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de>	2023-10-03 10:30:41 +00:00
JakobDev	cf0df023be	More `db.DefaultContext` refactor (#27265) ... Part of #27065 This PR touches functions used in templates. As templates are not static typed, errors are harder to find, but I hope I catch it all. I think some tests from other persons do not hurt.	2023-09-29 12:12:54 +00:00
Lunny Xiao	673cf6af76	make writing main test easier (#27270) ... This PR removed `unittest.MainTest` the second parameter `TestOptions.GiteaRoot`. Now it detects the root directory by current working directory. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-09-28 01:38:53 +00:00
Lunny Xiao	3b2da7e4ae	Redefine the meaning of column is_active to make Actions Registration Token generation easier (#27143) ... Partially Fix #25041 This PR redefined the meaning of column `is_active` in table `action_runner_token`. Before this PR, `is_active` means whether it has been used by any runner. If it's true, other runner cannot use it to register again. In this PR, `is_active` means whether it's validated to be used to register runner. And if it's true, then it can be used to register runners until it become false. When creating a new `is_active` register token, any previous tokens will be set `is_active` to false.	2023-09-27 05:37:48 +00:00
JakobDev	7047df36d4	Another round of `db.DefaultContext` refactor (#27103) ... Part of #27065 --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-09-25 13:17:37 +00:00
JakobDev	28f9b313ba	Updates to the API for archived repos (#27149)	2023-09-21 23:43:29 +00:00
Dionysios Kakouris	e46274b5b4	Fix organization field being null in POST /orgs/{orgid}/teams (#27150) ... Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694, this addresses the team creation not returning the organization information in the response. This fix is connected to the [issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27) discovered in the terraform provider. Moreover, the [documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam) suggests that the response body should include the `organization` field (currently being `null`).	2023-09-21 08:09:59 +00:00
CaiCandong	f93ee5937b	Fix token endpoints ignore specified account (#27080) ... Fix #26234 close #26323 close #27040 --------- Co-authored-by: silverwind <me@silverwind.io>	2023-09-18 00:21:15 +00:00
wxiaoguang	8531ca0837	Make SSPI auth mockable (#27036) ... Before, the SSPI auth is only complied for Windows, it's difficult to test and it breaks a lot. Now, make the SSPI auth mockable and testable.	2023-09-17 23:32:56 +00:00
KN4CK3R	c766140dad	Add `RemoteAddress` to mirrors (#26952) ... This PR adds a new field `RemoteAddress` to both mirror types which contains the sanitized remote address for easier (database) access to that information. Will be used in the audit PR if merged.	2023-09-16 16:03:02 +00:00
JakobDev	f91dbbba98	Next round of `db.DefaultContext` refactor (#27089) ... Part of #27065	2023-09-16 14:39:12 +00:00
KN4CK3R	d513628db9	Allow empty Conan files (#27092) ... Fixes #27090 Looks like the Conan upload process has changed since last year. The empty uploads don't occur anymore.	2023-09-15 23:14:36 +00:00
JakobDev	c548dde205	More refactoring of `db.DefaultContext` (#27083) ... Next step of #27065	2023-09-15 06:13:19 +00:00
JakobDev	76659b1114	Reduce usage of `db.DefaultContext` (#27073) ... Part of #27065 This reduces the usage of `db.DefaultContext`. I think I've got enough files for the first PR. When this is merged, I will continue working on this. Considering how many files this PR affect, I hope it won't take to long to merge, so I don't end up in the merge conflict hell. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-09-14 17:09:32 +00:00
JakobDev	aaeec2a392	Add missing 404 response to Swagger (#27038) ... Most middleware throw a 404 in case something is not found e.g. a Repo that is not existing. But most API endpoints don't include the 404 response in their documentation. This PR changes this.	2023-09-13 10:37:54 +08:00
KN4CK3R	591f586bf1	Extract auth middleware from service (#27028) ... Related #27027 Extract the router logic from `services/auth/middleware.go` into `routers/web` <-> `routers/common` <-> `routers/api`.	2023-09-12 08:15:16 +02:00
Lunny Xiao	e3ed67859a	Move some functions to service layer (#26969)	2023-09-08 21:09:23 +00:00
Lunny Xiao	9c0a3532a4	Add a new column schedule_id for action_run to track (#26975) ... Fix #26971 And the UI now will display it's scheduled but not triggered by a push. <img width="954" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/d211845c-457e-4c3e-af1f-a0d654d3f365">	2023-09-08 23:01:19 +08:00
Lunny Xiao	4f32abaf94	move repository deletion to service layer (#26948) ... Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-09-08 04:51:15 +00:00
CaiCandong	a78c2eae24	Replace `util.SliceXxx` with `slices.Xxx` (#26958)	2023-09-07 09:37:47 +00:00
Lunny Xiao	e97e883ad5	Add reverseproxy auth for API back with default disabled (#26703) ... This feature was removed by #22219 to avoid possible CSRF attack. This PR takes reverseproxy auth for API back but with default disabled. To prevent possbile CSRF attack, the responsibility will be the reverseproxy but not Gitea itself. For those want to enable this `ENABLE_REVERSE_PROXY_AUTHENTICATION_API`, they should know what they are doing. --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-09-07 08:31:46 +00:00
Lunny Xiao	b9df9fa2e2	Move createrepository from module to service layer (#26927) ... Repository creation depends on many models, so moving it to service layer is better.	2023-09-06 12:08:51 +00:00
FuXiaoHei	460a2b0edf	Artifacts retention and auto clean up (#26131) ... Currently, Artifact does not have an expiration and automatic cleanup mechanism, and this feature needs to be added. It contains the following key points: - [x] add global artifact retention days option in config file. Default value is 90 days. - [x] add cron task to clean up expired artifacts. It should run once a day. - [x] support custom retention period from `retention-days: 5` in `upload-artifact@v3`. - [x] artifacts link in actions view should be non-clickable text when expired.	2023-09-06 07:41:06 +00:00
Lunny Xiao	540bf9fa6d	Move notification interface to services layer (#26915) ... Extract from #22266	2023-09-05 18:37:47 +00:00
KN4CK3R	0eebeeec90	Remove `Named` interface (#26913) ... `Named` is implemented by every `Method` and future implementations should implement the method too.	2023-09-05 15:58:30 +00:00
KN4CK3R	a99b96cbcd	Refactor secrets modification logic (#26873) ... - Share code between web and api - Add some tests	2023-09-05 15:21:02 +00:00
JakobDev	e9f5067653	Add missing `reqToken()` to notifications endpoints (#26914) ... They currently throw a Internal Server Error when you use them without a token. Now they correctly return a `token is required` error. This is no security issue. If you use this endpoints with a token that don't have the correct permission, you get the correct error. This is not affected by this PR.	2023-09-05 14:43:34 +00:00
Bo-Yi Wu	f79f6a26ae	feat(API): add routes and functions for managing user's secrets (#26909) ... - Add routes for creating or updating a user's actions secrets in `routers/api/v1/api.go` - Add a new file `routers/api/v1/user/action.go` with functions for creating or updating a user's secrets and deleting a user's secret - Modify the `templates/swagger/v1_json.tmpl` file to include the routes for creating or updating a user's secrets and deleting a user's secret --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-09-05 14:02:50 +00:00
Zettat123	04771b5ff7	Allow users with write permissions for issues to add attachments with API (#26837) ... Fixes #24944 Since a user with write permissions for issues can add attachments to an issue via the the web interface, the user should also be able to add attachments via the API	2023-09-01 15:35:38 +00:00
Bo-Yi Wu	9eb4a9e601	feat(API): add secret deletion functionality for repository (#26808) ... - Modify the `CreateOrUpdateSecret` function in `api.go` to include a `Delete` operation for the secret - Modify the `DeleteOrgSecret` function in `action.go` to include a `DeleteSecret` operation for the organization - Modify the `DeleteSecret` function in `action.go` to include a `DeleteSecret` operation for the repository - Modify the `v1_json.tmpl` template file to update the `operationId` and `summary` for the `deleteSecret` operation in both the organization and repository sections --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2023-09-01 13:02:49 +00:00
wxiaoguang	e8aae43f56	Move web/api context related testing function into a separate package (#26859) ... Just like `models/unittest`, the testing helper functions should be in a separate package: `contexttest` And complete the TODO: > // TODO: move this function to other packages, because it depends on "models" package	2023-09-01 11:26:07 +00:00
KN4CK3R	5315153059	Use `Set[Type]` instead of `map[Type]bool/struct{}`. (#26804)	2023-08-30 06:55:25 +00:00
js6pak	4f5a2117c3	Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) ... Include `GITHUB_TOKEN`/`GITEA_TOKEN` secrets for actions triggered by pull requests This makes it consistent with the environment variables which you can already access ```shell echo env: $GITHUB_TOKEN echo expression: ${{ secrets.GITHUB_TOKEN }} ``` before  after  --------- Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Giteabot <teabot@gitea.io>	2023-08-29 22:13:16 +00:00
Bo-Yi Wu	b91057b172	feat(API): add route and implementation for creating/updating repository secret (#26766) ... spec: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-a-repository-secret - Add a new route for creating or updating a secret value in a repository - Create a new file `routers/api/v1/repo/action.go` with the implementation of the `CreateOrUpdateSecret` function - Update the Swagger documentation for the `updateRepoSecret` operation in the `v1_json.tmpl` template file --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>	2023-08-29 20:54:49 +00:00
Chongyi Zheng	ad43486cd3	Fix some slice append usages (#26778) ... Co-authored-by: delvh <dev.lh@web.de>	2023-08-29 15:47:26 +00:00
merlleu	a587d25261	Add auth-required to config.json for Cargo http registry (#26729) ... Cargo registry-auth feature requires config.json to have a property auth-required set to true in order to send token to all registry requests. This is ok for git index because you can manually edit the config.json file to add the auth-required, but when using sparse (setting index url to "sparse+https://git.example.com/api/packages/{owner}/cargo/"), the config.json is dynamically rendered, and does not reflect changes to the config.json file in the repo. I see two approaches: - Serve the real config.json file when fetching the config.json on the cargo service. - Automatically detect if the registry requires authorization. (This is what I implemented in this PR). What the PR does: - When a cargo index repository is created, on the config.json, set auth-required to wether or not the repository is private. - When the cargo/config.json endpoint is called, set auth-required to wether or not the request was authorized using an API token.	2023-08-28 07:05:39 +00:00
Bo-Yi Wu	8cd46024fd	refactor(API): refactor secret creation and update functionality (#26751) ... According to the GitHub API Spec: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret Merge the Create and Update secret into a single API. - Remove the `CreateSecretOption` struct and replace it with `CreateOrUpdateSecretOption` in `modules/structs/secret.go` - Update the `CreateOrUpdateOrgSecret` function in `routers/api/v1/org/action.go` to use `CreateOrUpdateSecretOption` instead of `UpdateSecretOption` - Remove the `CreateOrgSecret` function in `routers/api/v1/org/action.go` and replace it with `CreateOrUpdateOrgSecret` - Update the Swagger documentation in `routers/api/v1/swagger/options.go` and `templates/swagger/v1_json.tmpl` to reflect the changes in the struct names and function names Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2023-08-28 13:08:19 +08:00
Chongyi Zheng	43652746f2	Move `modules/mirror` to `services` (#26737) ... To solve the cyclic imports in a better way Closes #20261	2023-08-27 10:24:45 +08:00
Infinoid	86ee5b4b1b	PATCH branch-protection updates check list even when checks are disabled (#26351) ... Fixes: #26333. Previously, this endpoint only updates the `StatusCheckContexts` field when `EnableStatusCheck==true`, which makes it impossible to clear the array otherwise. This patch uses slice `nil`-ness to decide whether to update the list of checks. The field is ignored when either the client explicitly passes in a null, or just omits the field from the json ([which causes `json.Unmarshal` to leave the struct field unchanged](https://go.dev/play/p/Z2XHOILuB1Q)). I think this is a better measure of intent than whether the `EnableStatusCheck` flag was set, because it matches the semantics of other field types. Also adds a test case. I noticed that [`testAPIEditBranchProtection` only checks the branch name](c1c83dbaec/tests/integration/api_branch_test.go (L68)) and no other fields, so I added some extra `GET` calls and specific checks to make sure the fields are changing properly. I added those checks the existing integration test; is that the right place for it?	2023-08-24 05:36:04 +00:00
Bo-Yi Wu	b62c8e7765	feat(API): update and delete secret for managing organization secrets (#26660) ... - Add `UpdateSecret` function to modify org or user repo secret - Add `DeleteSecret` function to delete secret from an organization - Add `UpdateSecretOption` struct for updating secret options - Add `UpdateOrgSecret` function to update a secret in an organization - Add `DeleteOrgSecret` function to delete a secret in an organization GitHub API 1. Update Org Secret: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret 2. Delete Org Secret: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#delete-an-organization-secret --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2023-08-24 02:07:00 +00:00
Bo-Yi Wu	23addde28e	feat: implement organization secret creation API (#26566) ... - Add a new `CreateSecretOption` struct for creating secrets - Implement a `CreateOrgSecret` function to create a secret in an organization - Add a new route in `api.go` to handle the creation of organization secrets - Update the Swagger template to include the new `CreateOrgSecret` API endpoint --------- Signed-off-by: appleboy <appleboy.tw@gmail.com>	2023-08-22 11:20:34 +08:00
Jason Song	b658f2c61b	Return empty when searching issues with no repos (#26545)	2023-08-17 12:42:17 -05:00
Bo-Yi Wu	79d74d208f	Add API route to list org secrets (#26485) ... - Add a new function `CountOrgSecrets` in the file `models/secret/secret.go` - Add a new file `modules/structs/secret.go` - Add a new function `ListActionsSecrets` in the file `routers/api/v1/api.go` - Add a new file `routers/api/v1/org/action.go` - Add a new function `listActionsSecrets` in the file `routers/api/v1/org/action.go` go-sdk: https://gitea.com/gitea/go-sdk/pulls/629 --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: Giteabot <teabot@gitea.io>	2023-08-15 14:32:43 +02:00
puni9869	cafce3b4b5	Allow to archive labels (#26478) ... ## Archived labels This adds the structure to allow for archived labels. Archived labels are, just like closed milestones or projects, a medium to hide information without deleting it. It is especially useful if there are outdated labels that should no longer be used without deleting the label entirely. ## Changes 1. UI and API have been equipped with the support to mark a label as archived 2. The time when a label has been archived will be stored in the DB ## Outsourced for the future There's no special handling for archived labels at the moment. This will be done in the future. ## Screenshots   Part of https://github.com/go-gitea/gitea/issues/25237 --------- Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-08-14 11:56:14 +02:00
KN4CK3R	ecd51f710b	Fix NuGet search endpoints (#25613) ... Fixes #25564 Fixes #23191 - Api v2 search endpoint should return only the latest version matching the query - Api v3 search endpoint should return `take` packages not package versions	2023-08-14 02:50:55 +00:00
wxiaoguang	c2e0143bfe	Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) ... Fix #26389 And complete an old TODO: `ctx.Params does un-escaping,..., which is incorrect.`	2023-08-09 14:57:45 +08:00
FuXiaoHei	ad69f7175a	fix artifact merging chunks path with correct slash on Windows (#26400) ... From Discord https://discord.com/channels/322538954119184384/1069795723178160168/1136719889684500480 Artifact chunks merging is break on Windows. ``` Gitea Log: 2023/08/03 20:51:15 ...actions/artifacts.go:271:comfirmUploadArtifact() [E] Error merge chunks: parse content range error: input does not match format ``` Artifact uses wrong slash to parse saved chunks path.	2023-08-08 17:21:48 +00:00
Jason Song	1e76a824bc	Refactor and enhance issue indexer to support both searching, filtering and paging (#26012) ... Fix #24662. Replace #24822 and #25708 (although it has been merged) ## Background In the past, Gitea supported issue searching with a keyword and conditions in a less efficient way. It worked by searching for issues with the keyword and obtaining limited IDs (as it is heavy to get all) on the indexer (bleve/elasticsearch/meilisearch), and then querying with conditions on the database to find a subset of the found IDs. This is why the results could be incomplete. To solve this issue, we need to store all fields that could be used as conditions in the indexer and support both keyword and additional conditions when searching with the indexer. ## Major changes - Redefine `IndexerData` to include all fields that could be used as filter conditions. - Refactor `Search(ctx context.Context, kw string, repoIDs []int64, limit, start int, state string)` to `Search(ctx context.Context, options *SearchOptions)`, so it supports more conditions now. - Change the data type stored in `issueIndexerQueue`. Use `IndexerMetadata` instead of `IndexerData` in case the data has been updated while it is in the queue. This also reduces the storage size of the queue. - Enhance searching with Bleve/Elasticsearch/Meilisearch, make them fully support `SearchOptions`. Also, update the data versions. - Keep most logic of database indexer, but remove `issues.SearchIssueIDsByKeyword` in `models` to avoid confusion where is the entry point to search issues. - Start a Meilisearch instance to test it in unit tests. - Add unit tests with almost full coverage to test Bleve/Elasticsearch/Meilisearch indexer. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-07-31 06:28:53 +00:00
KN4CK3R	2d7fe4cc1e	Fix handling of plenty Nuget package versions (#26075) ... Fixes #25953 - Do not load full version information (v3) - Add pagination support (v2)	2023-07-26 19:43:21 +00:00
wxiaoguang	915cdf8f87	Remove "misc" scope check from public API endpoints (#26134) ... Fix #26035	2023-07-26 02:53:31 +00:00
JakobDev	6598d0291c	Allow Organisations to have a E-Mail (#25082) ... Resolves #25057 This adds a E-Mail field to Organisations. The E-Mail is just shown on the Profile when it is visited by a logged in User. The E-mail is not used for something else. **Screenshots:**   --------- Co-authored-by: Denys Konovalov <kontakt@denyskon.de> Co-authored-by: Denys Konovalov <privat@denyskon.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>	2023-07-25 08:26:27 +00:00
KN4CK3R	6aa30af724	Fix handling of Debian files with trailing slash (#26087) ... Fixes #26022 - Fix handling of files with trailing slash - Fix handling of duplicate package file errors - Added test for both	2023-07-24 16:19:44 +02:00
caicandong	4211efe8b7	fix Missing 404 swagger response docs for /admin/users/{username} (#26086) ... close #26079	2023-07-24 10:48:44 +02:00
sillyguodong	f5c7d4cfdd	Reduce unnecessary DB queries for Actions tasks (#25199) ... Close #24544 Changes: - Create `action_tasks_version` table to store the latest version of each scope (global, org and repo). - When a job with the status of `waiting` is created, the tasks version of the scopes it belongs to will increase. - When the status of a job already in the database is updated to `waiting`, the tasks version of the scopes it belongs to will increase. - On Gitea side, in `FeatchTask()`, will try to query the `action_tasks_version` record of the scope of the runner that call `FetchTask()`. If the record does not exist, will insert a row. Then, Gitea will compare the version passed from runner to Gitea with the version in database, if inconsistent, try pick task. Gitea always returns the latest version from database to the runner. Related: - Protocol: https://gitea.com/gitea/actions-proto-def/pulls/10 - Runner: https://gitea.com/gitea/act_runner/pulls/219	2023-07-24 06:11:27 +00:00
delvh	f3d41c61eb	Remove `db.DefaultContext` in `routers/` and `cmd/` (#26076) ... Now, the only remaining usages of `models.db.DefaultContext` are in - `modules` - `models` - `services`	2023-07-23 23:47:27 -04:00
Lunny Xiao	b167f35113	Add context parameter to some database functions (#26055) ... To avoid deadlock problem, almost database related functions should be have ctx as the first parameter. This PR do a refactor for some of these functions.	2023-07-22 22:14:27 +08:00
Lunny Xiao	037c9895a7	Support copy protected branch from template repository (#25889) ... Fix #14303	2023-07-21 12:32:47 +08:00
FuXiaoHei	f3d293d2bb	Actions Artifacts support uploading multiple files and directories (#24874) ... current actions artifacts implementation only support single file artifact. To support multiple files uploading, it needs: - save each file to each db record with same run-id, same artifact-name and proper artifact-path - need change artifact uploading url without artifact-id, multiple files creates multiple artifact-ids - support `path` in download-artifact action. artifact should download to `{path}/{artifact-path}`. - in repo action view, it provides zip download link in artifacts list in summary page, no matter this artifact contains single or multiple files.	2023-07-21 10:42:01 +08:00
wxiaoguang	9b25bfa8f4	Remove redundant "RouteMethods" method (#26024) ... The `RouteMethods` is mainly an alias for `Methods` with different argument order. Remove it to keep the "route.go" code clear	2023-07-21 00:43:49 +02:00
wxiaoguang	236c645bf1	Refactor "Content" for file uploading (#25851) ... Before: the concept "Content string" is used everywhere. It has some problems: 1. Sometimes it means "base64 encoded content", sometimes it means "raw binary content" 2. It doesn't work with large files, eg: uploading a 1G LFS file would make Gitea process OOM This PR does the refactoring: use "ContentReader" / "ContentBase64" instead of "Content" This PR is not breaking because the key in API JSON is still "content": `` ContentBase64 string `json:"content"` ``	2023-07-18 18:14:47 +00:00
KN4CK3R	bd82d8974e	Add support for different Maven POM encoding (#25873) ... Fixes #25853 - Maven POM files aren't always UTF-8 encoded. - Reject the upload of unparsable POM files	2023-07-14 09:39:15 +00:00
Lunny Xiao	0fd1672ae4	For API attachments, use API URL (#25639) ... Fix #25257 --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-07-10 09:31:19 +00:00
silverwind	887a683af9	Update tool dependencies, lock govulncheck and actionlint (#25655) ... - Update all tool dependencies - Lock `govulncheck` and `actionlint` to their latest tags --------- Co-authored-by: 6543 <m.huber@kithara.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-07-09 11:58:06 +00:00
KN4CK3R	115f40e433	Test if container blob is accessible before mounting (#22759) ... related #16865 This PR adds an accessibility check before mounting container blobs. --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>	2023-07-09 11:24:43 +00:00
Zettat123	a42a838843	Fix `ref` for workflows triggered by `pull_request_target` (#25743) ... Follow #25229 At present, when the trigger event is `pull_request_target`, the `ref` and `sha` of `ActionRun` are set according to the base branch of the pull request. This makes it impossible for us to find the head branch of the `ActionRun` directly. In this PR, the `ref` and `sha` will always be set to the head branch and they will be changed to the base branch when generating the task context.	2023-07-07 19:22:03 +00:00
techknowlogick	cb01b8691d	Add open/closed field support for issue index (#25708) ... A couple of notes: * Future changes should refactor arguments into a struct * This filtering only is supported by meilisearch right now * Issue index number is bumped which will cause a re-index	2023-07-07 17:10:13 +00:00
6543	8995046110	Less naked returns (#25713) ... just a step towards #25655 and some related refactoring	2023-07-07 05:31:56 +00:00
silverwind	88f835192d	Replace `interface{}` with `any` (#25686) ... Result of running `perl -p -i -e 's#interface\{\}#any#g' **/*` and `make fmt`. Basically the same [as golang did](2580d0e08d).	2023-07-04 18:36:08 +00:00
KN4CK3R	c890454769	Add direct serving of package content (#25543) ... Fixes #24723 Direct serving of content aka HTTP redirect is not mentioned in any of the package registry specs but lots of official registries do that so it should be supported by the usual clients.	2023-07-03 15:33:28 +02:00
Lunny Xiao	de981c39e6	Fix bug of branches API with tests (#25578) ... Fix #25558 Extract from #22743 This PR added a repository's check when creating/deleting branches via API. Mirror repository and archive repository cannot do that.	2023-07-01 10:52:52 +08:00
Jason Song	67bd9d4f1e	Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581) ... Resolve #24789 ## ⚠️ BREAKING ⚠️ Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`. But now, `DEFAULT_ACTIONS_URL` supports only `github`(`https://github.com`) or `self`(the root url of current Gitea instance), and the default value is `github`. If it has configured with a URL, an error log will be displayed and it will fallback to `github`. Actually, what we really want to do is always make it `https://github.com`, however, this may not be acceptable for some instances of internal use, so there's extra support for `self`, but no more, even `https://gitea.com`. Please note that `uses: https://xxx/yyy/zzz` always works and it does exactly what it is supposed to do. Although it's breaking, I belive it should be backported to `v1.20` due to some security issues. Follow-up on the runner side: - https://gitea.com/gitea/act_runner/pulls/262 - https://gitea.com/gitea/act/pulls/70	2023-06-30 07:26:36 +00:00
JakobDev	254a82842a	Add API for changing Avatars (#25369) ... This adds an API for uploading and Deleting Avatars for of Users, Repos and Organisations. I'm not sure, if this should also be added to the Admin API. Resolves #25344 --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-06-29 23:22:55 +00:00
Lunny Xiao	6e19484f4d	Sync branches into databases (#22743) ... Related #14180 Related #25233 Related #22639 Close #19786 Related #12763 This PR will change all the branches retrieve method from reading git data to read database to reduce git read operations. - [x] Sync git branches information into database when push git data - [x] Create a new table `Branch`, merge some columns of `DeletedBranch` into `Branch` table and drop the table `DeletedBranch`. - [x] Read `Branch` table when visit `code` -> `branch` page - [x] Read `Branch` table when list branch names in `code` page dropdown - [x] Read `Branch` table when list git ref compare page - [x] Provide a button in admin page to manually sync all branches. - [x] Sync branches if repository is not empty but database branches are empty when visiting pages with branches list - [x] Use `commit_time desc` as the default FindBranch order by to keep consistent as before and deleted branches will be always at the end. --------- Co-authored-by: Jason Song <i@wolfogre.com>	2023-06-29 10:03:20 +00:00
Georg Dangl	9538842364	Use correct response code in push mirror creation response in v1_json.tmpl (#25476) ... In the process of doing a bit of automation via the API, we've discovered a _small_ issue in the Swagger definition. We tried to create a push mirror for a repository, but our generated client raised an exception due to an unexpected status code. When looking at this function: 3c7f5ed7b5/routers/api/v1/repo/mirror.go (L236-L240) We see it defines `201 - Created` as response: 3c7f5ed7b5/routers/api/v1/repo/mirror.go (L260-L262) But it actually returns `200 - OK`: 3c7f5ed7b5/routers/api/v1/repo/mirror.go (L373) So I've just updated the Swagger definitions to match the code😀 --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-06-28 22:00:19 +00:00
Zettat123	defd807073	Fix bugs related to notification endpoints (#25548)	2023-06-28 10:26:56 -04:00
Zettat123	48e5a74f21	Support `pull_request_target` event (#25229) ... Fix #25088 This PR adds the support for [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) workflow trigger. `pull_request_target` is similar to `pull_request`, but the workflow triggered by the `pull_request_target` event runs in the context of the base branch of the pull request rather than the head branch. Since the workflow from the base is considered trusted, it can access the secrets and doesn't need approvals to run.	2023-06-26 14:33:18 +08:00
Jason Song	174213530d	Fix `Permission` in API returned repository struct (#25388) ... The old code generates `structs.Repository.Permissions` with only `access.Permission.AccessMode`, however, it should check the units too, or the value could be incorrect. For example, `structs.Repository.Permissions.Push` could be false even the doer has write access to code unit. Should fix https://github.com/renovatebot/renovate/issues/14059#issuecomment-1047961128 (Not reported by it, I just found it when I was looking into this bug) --- Review tips: The major changes are - `modules/structs/repo.go` https://github.com/go-gitea/gitea/pull/25388/files#diff-870406f6857117f8b03611c43fca0ab9ed6d6e76a2d0069a7c1f17e8fa9092f7 - `services/convert/repository.go` https://github.com/go-gitea/gitea/pull/25388/files#diff-7736f6d2ae894c9edb7729a80ab89aa183b888a26a811a0c1fdebd18726a7101 And other changes are passive.	2023-06-22 13:08:08 +00:00
sillyguodong	35a653d7ed	Support configuration variables on Gitea Actions (#24724) ... Co-Author: @silverwind @wxiaoguang Replace: #24404 See: - [defining configuration variables for multiple workflows](https://docs.github.com/en/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) - [vars context](https://docs.github.com/en/actions/learn-github-actions/contexts#vars-context) Related to: - [x] protocol: https://gitea.com/gitea/actions-proto-def/pulls/7 - [x] act_runner: https://gitea.com/gitea/act_runner/pulls/157 - [x] act: https://gitea.com/gitea/act/pulls/43 #### Screenshoot Create Variable:   Workflow: ```yaml test_vars: runs-on: ubuntu-latest steps: - name: Print Custom Variables run: echo "${{ vars.test_key }}" - name: Try to print a non-exist var run: echo "${{ vars.NON_EXIST_VAR }}" ``` Actions Log:  --- This PR just implement the org / user (depends on the owner of the current repository) and repo level variables, The Environment level variables have not been implemented. Because [Environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#about-environments) is a module separate from `Actions`. Maybe it would be better to create a new PR to do it. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>	2023-06-20 22:54:15 +00:00
Daniel Wolf	bd2e3226be	Fix incorrect actions ref_name (#25358) ... Fix #25357 . Just a simple fix the result of `${{ gitea.ref_name }}` to show the shortened name rather than the full ref.	2023-06-19 17:32:09 +08:00
wxiaoguang	4e2f1ee58d	Refactor web package and context package (#25298) ... 1. The "web" package shouldn't depends on "modules/context" package, instead, let each "web context" register themselves to the "web" package. 2. The old Init/Free doesn't make sense, so simplify it * The ctx in "Init(ctx)" is never used, and shouldn't be used that way * The "Free" is never called and shouldn't be called because the SSPI instance is shared --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-06-18 09:59:09 +02:00
Lunny Xiao	d6dd6d641b	Fix all possible setting error related storages and added some tests (#23911) ... Follow up #22405 Fix #20703 This PR rewrites storage configuration read sequences with some breaks and tests. It becomes more strict than before and also fixed some inherit problems. - Move storage's MinioConfig struct into setting, so after the configuration loading, the values will be stored into the struct but not still on some section. - All storages configurations should be stored on one section, configuration items cannot be overrided by multiple sections. The prioioty of configuration is `[attachment]` > `[storage.attachments]` | `[storage.customized]` > `[storage]` > `default` - For extra override configuration items, currently are `SERVE_DIRECT`, `MINIO_BASE_PATH`, `MINIO_BUCKET`, which could be configured in another section. The prioioty of the override configuration is `[attachment]` > `[storage.attachments]` > `default`. - Add more tests for storages configurations. - Update the storage documentations. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-06-14 11:42:38 +08:00
sillyguodong	8228751c55	Support changing labels of Actions runner without re-registration (#24806) ... close #24540 related: - Protocol: https://gitea.com/gitea/actions-proto-def/pulls/9 - Runner side: https://gitea.com/gitea/act_runner/pulls/201 changes: - Add column of `labels` to table `action_runner`, and combine the value of `agent_labels` and `custom_labels` column to `labels` column. - Store `labels` when registering `act_runner`. - Update `labels` when `act_runner` starting and calling `Declare`. - Users cannot modify the `custom labels` in edit page any more. other changes: - Store `version` when registering `act_runner`. - If runner is latest version, parse version from `Declare`. But older version runner still parse version from request header.	2023-06-13 22:28:31 +08:00
Lunny Xiao	419804fd4d	Fix compatible for webhook ref type (#25195) ... Fix #25185 Caused by #24634	2023-06-13 06:05:28 +00:00
Denys Konovalov	eac1bddb8d	fix swagger documentation for multiple files API endpoint (#25110) ... Fixes some issues with the swagger documentation for the new multiple files API endpoint (#24887) which were overlooked when submitting the original PR: 1. add some missing parameter descriptions 2. set correct `required` option for required parameters 3. change endpoint description to match it full functionality (every kind of file modification is supported, not just creating and updating)	2023-06-07 23:49:58 +08:00
Jack Hay	18de83b2a3	Redesign Scoped Access Tokens (#24767) ... ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>	2023-06-04 20:57:16 +02:00
JakobDev	1b115296d3	Followup to pinned Issues (#24945) ... This addressees some things from #24406 that came up after the PR was merged. Mostly from @delvh. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: delvh <dev.lh@web.de>	2023-05-30 15:26:51 +00:00
Denys Konovalov	275d4b7e3f	API endpoint for changing/creating/deleting multiple files (#24887) ... This PR creates an API endpoint for creating/updating/deleting multiple files in one API call similar to the solution provided by [GitLab](https://docs.gitlab.com/ee/api/commits.html#create-a-commit-with-multiple-files-and-actions). To archive this, the CreateOrUpdateRepoFile and DeleteRepoFIle functions in files service are unified into one function supporting multiple files and actions. Resolves #14619	2023-05-29 17:41:35 +08:00
Lunny Xiao	e4922d484b	Fix ref type error (#24941)	2023-05-26 15:00:27 +08:00
Lunny Xiao	f9cfd6ce5b	Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) ... This PR replaces all string refName as a type `git.RefName` to make the code more maintainable. Fix #15367 Replaces #23070 It also fixed a bug that tags are not sync because `git remote --prune origin` will not remove local tags if remote removed. We in fact should use `git fetch --prune --tags origin` but not `git remote update origin` to do the sync. Some answer from ChatGPT as ref. > If the git fetch --prune --tags command is not working as expected, there could be a few reasons why. Here are a few things to check: > >Make sure that you have the latest version of Git installed on your system. You can check the version by running git --version in your terminal. If you have an outdated version, try updating Git and see if that resolves the issue. > >Check that your Git repository is properly configured to track the remote repository's tags. You can check this by running git config --get-all remote.origin.fetch and verifying that it includes +refs/tags/*:refs/tags/*. If it does not, you can add it by running git config --add remote.origin.fetch "+refs/tags/*:refs/tags/*". > >Verify that the tags you are trying to prune actually exist on the remote repository. You can do this by running git ls-remote --tags origin to list all the tags on the remote repository. > >Check if any local tags have been created that match the names of tags on the remote repository. If so, these local tags may be preventing the git fetch --prune --tags command from working properly. You can delete local tags using the git tag -d command. --------- Co-authored-by: delvh <dev.lh@web.de>	2023-05-26 01:04:48 +00:00
JakobDev	aaa1094663	Add the ability to pin Issues (#24406) ... This adds the ability to pin important Issues and Pull Requests. You can also move pinned Issues around to change their Position. Resolves #2175. ## Screenshots    The Design was mostly copied from the Projects Board. ## Implementation This uses a new `pin_order` Column in the `issue` table. If the value is set to 0, the Issue is not pinned. If it's set to a bigger value, the value is the Position. 1 means it's the first pinned Issue, 2 means it's the second one etc. This is dived into Issues and Pull requests for each Repo. ## TODO - [x] You can currently pin as many Issues as you want. Maybe we should add a Limit, which is configurable. GitHub uses 3, but I prefer 6, as this is better for bigger Projects, but I'm open for suggestions. - [x] Pin and Unpin events need to be added to the Issue history. - [x] Tests - [x] Migration **The feature itself is currently fully working, so tester who may find weird edge cases are very welcome!** --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-25 15:17:19 +02:00
谈笑风生间	309354c70e	New webhook trigger for receiving Pull Request review requests (#24481) ... close https://github.com/go-gitea/gitea/issues/16321 Provided a webhook trigger for requesting someone to review the Pull Request. Some modifications have been made to the returned `PullRequestPayload` based on the GitHub webhook settings, including: - add a description of the current reviewer object as `RequestedReviewer` . - setting the action to either **review_requested** or **review_request_removed** based on the operation. - adding the `RequestedReviewers` field to the issues_model.PullRequest. This field will be loaded into the PullRequest through `LoadRequestedReviewers()` when `ToAPIPullRequest` is called. After the Pull Request is merged, I will supplement the relevant documentation.	2023-05-24 22:06:27 -04:00
JakobDev	25dc1556cd	Add API for Label templates (#24602) ... This adds API that allows getting the Label templates of the Gitea Instance	2023-05-23 18:10:23 +08:00
yp05327	bebc3433c5	Add IsErrRepoFilesAlreadyExist check when fork repo (#24678) ... Before:  After: 	2023-05-22 18:21:46 +08:00
KN4CK3R	cdb088cec2	Add CRAN package registry (#22331) ... This PR adds a [CRAN](https://cran.r-project.org/) package registry. 	2023-05-22 10:57:49 +08:00
Lunny Xiao	c59a057297	Refactor rename user and rename organization (#24052) ... This PR is a refactor at the beginning. And now it did 4 things. - [x] Move renaming organizaiton and user logics into services layer and merged as one function - [x] Support rename a user capitalization only. For example, rename the user from `Lunny` to `lunny`. We just need to change one table `user` and others should not be touched. - [x] Before this PR, some renaming were missed like `agit` - [x] Fix bug the API reutrned from `http.StatusNoContent` to `http.StatusOK`	2023-05-21 23:13:47 +08:00
Lunny Xiao	64f6a5d113	Use `CommentList` instead of `[]*Comment` (#24828) ... As title.	2023-05-21 20:48:28 +08:00
Yevhen Pavlov	1dfaf83798	Return `404` in the API if the requested webhooks were not found (#24823) ... Should resolve first point of the issue https://github.com/go-gitea/gitea/issues/24574	2023-05-21 10:54:28 +08:00
wxiaoguang	6b33152b7d	Decouple the different contexts from each other (#24786) ... Replace #16455 Close #21803 Mixing different Gitea contexts together causes some problems: 1. Unable to respond proper content when error occurs, eg: Web should respond HTML while API should respond JSON 2. Unclear dependency, eg: it's unclear when Context is used in APIContext, which fields should be initialized, which methods are necessary. To make things clear, this PR introduces a Base context, it only provides basic Req/Resp/Data features. This PR mainly moves code. There are still many legacy problems and TODOs in code, leave unrelated changes to future PRs.	2023-05-21 09:50:53 +08:00
Lunny Xiao	38cf43d060	Some refactors for issues stats (#24793) ... This PR - [x] Move some functions from `issues.go` to `issue_stats.go` and `issue_label.go` - [x] Remove duplicated issue options `UserIssueStatsOption` to keep only one `IssuesOptions`	2023-05-19 22:17:48 +08:00
FuXiaoHei	c757765a9e	Implement actions artifacts (#22738) ... Implement action artifacts server api. This change is used for supporting https://github.com/actions/upload-artifact and https://github.com/actions/download-artifact in gitea actions. It can run sample workflow from doc https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts. The api design is inspired by https://github.com/nektos/act/blob/master/pkg/artifacts/server.go and includes some changes from gitea internal structs and methods. Actions artifacts contains two parts: - Gitea server api and storage (this pr implement basic design without some complex cases supports) - Runner communicate with gitea server api (in comming) Old pr https://github.com/go-gitea/gitea/pull/22345 is outdated after actions merged. I create new pr from main branch.  Add artifacts list in actions workflow page.	2023-05-19 21:37:57 +08:00
KN4CK3R	5968c63a11	Add Go package registry (#24687) ... Fixes #7608 This PR adds a Go package registry usable with the Go proxy protocol. 	2023-05-14 23:38:40 +08:00
Yarden Shoham	542adf50d5	Fix `organization` field being `null` in `GET /api/v1/teams/{id}` (#24694) ... Enabled the organization loading flag. - Fixes #20399 # Before ```json { ... "description": "", "organization": null, "includes_all_repositories": true, "permission": "owner", ... } ``` # After ```json { ... "description": "", "organization": { "id": 2, "name": "bigorg", "full_name": "", "avatar_url": "https://3000-yardenshoham-gitea-3gfrlc9gn4h.ws-us96b.gitpod.io/avatars/e2649b0c016d9102664a7d4349503eb9", "description": "", "website": "", "location": "", "visibility": "public", "repo_admin_change_team_access": true, "username": "bigorg" }, "includes_all_repositories": true, "permission": "owner", ... } ``` Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-13 14:47:58 +00:00
KN4CK3R	9173e079ae	Add Alpine package registry (#23714) ... This PR adds an Alpine package registry. You can follow [this tutorial](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) to build a *.apk package for testing. This functionality is similar to the Debian registry (#22854) and therefore shares some methods. I marked this PR as blocked because it should be merged after #22854.  --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-12 17:27:50 +00:00
Jason Song	2d0ff00823	Improve updating Actions tasks (#24600) ... Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-10 13:54:18 +02:00
Matthew Walowski	5930ab5fdf	Filter get single commit (#24613) ... Pretty much the same thing as #24568 but for getting a single commit instead of getting a list of commits	2023-05-10 09:34:07 +08:00
来自村里的小螃蟹	cd9a13ebb4	Create a branch directly from commit on the create branch API (#22956) ... #### Added - API: Create a branch directly from commit on the create branch API - Added `old_ref_name` parameter to allow creating a new branch from a specific commit, tag, or branch. - Deprecated `old_branch_name` parameter in favor of the new `old_ref_name` parameter. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-05-09 18:22:32 +08:00
wxiaoguang	023a048f52	Make repository response support HTTP range request (#24592) ... Replace #20480 Replace #18448 Close #16414	2023-05-09 15:34:36 +08:00
Matthew Walowski	1dd83dbb91	Filters for GetAllCommits (#24568) ... The `GetAllCommits` endpoint can be pretty slow, especially in repos with a lot of commits. The issue is that it spends a lot of time calculating information that may not be useful/needed by the user. The `stat` param was previously added in #21337 to address this, by allowing the user to disable the calculating stats for each commit. But this has two issues: 1. The name `stat` is rather misleading, because disabling `stat` disables the Stat **and** Files. This should be separated out into two different params, because getting a list of affected files is much less expensive than calculating the stats 2. There's still other costly information provided that the user may not need, such as `Verification` This PR, adds two parameters to the endpoint, `files` and `verification` to allow the user to explicitly disable this information when listing commits. The default behavior is true.	2023-05-09 09:06:05 +08:00
wxiaoguang	def4956122	Improve Gitea's web context, decouple "issue template" code into service package (#24590) ... 1. Remove unused fields/methods in web context. 2. Make callers call target function directly instead of the light wrapper like "IsUserRepoReaderSpecific" 3. The "issue template" code shouldn't be put in the "modules/context" package, so move them to the service package. --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-09 01:30:14 +02:00
wxiaoguang	cb700aedd1	Split "modules/context.go" to separate files (#24569) ... The "modules/context.go" is too large to maintain. This PR splits it to separate files, eg: context_request.go, context_response.go, context_serve.go This PR will help: 1. The future refactoring for Gitea's web context (eg: simplify the context) 2. Introduce proper "range request" support 3. Introduce context function This PR only moves code, doesn't change any logic.	2023-05-08 17:36:54 +08:00
Matthew Walowski	ff5629268c	Pass 'not' to commit count (#24473) ... Due to #24409 , we can now specify '--not' when getting all commits from a repo to exclude commits from a different branch. When I wrote that PR, I forgot to also update the code that counts the number of commits in the repo. So now, if the --not option is used, it may return too many commits, which can indicate that another page of data is available when it is not. This PR passes --not to the commands that count the number of commits in a repo	2023-05-08 07:10:53 +00:00
Lunny Xiao	e5a8ebc0ed	Require at least one unit to be enabled (#24189) ... Don't remember why the previous decision that `Code` and `Release` are non-disable units globally. Since now every unit include `Code` could be disabled, maybe we should have a new rule that the repo should have at least one unit. So any unit could be disabled. Fixes #20960 Fixes #7525 --------- Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: yp05327 <576951401@qq.com>	2023-05-06 17:39:06 +08:00