Backport #28454 (the only conflict is caused by some comments)
* Close#24483
* Close#28123
* Close#23682
* Close#23149
(cherry picked from commit a3f403f438e7f5b5dca3a5042fae8e68a896b1e7)
Conflicts:
modules/setting/ui.go
trivial context conflict
Backport #28487 by @earl-warren
- When a repository is orphaned and has objects stored in any of the
storages such as repository avatar or attachments the delete function
would error, because the storage module wasn't initalized.
- Add code to initialize the storage module.
Refs: https://codeberg.org/forgejo/forgejo/pulls/1954
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit 8ee1ed877b0207d9d8733ac32270325c54659909)
Backport #28421 by wxiaoguang
Refactor the code and add tests, keep the old logic.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6cbb6f303a602e566f80b0e82ad73a333614efd5)
Backport #28441 by wxiaoguang
Fix#28319
It only polyfills if there is no "SubmitEvent" class, so it has no side
effect for most users.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6af698fb81b9928c5d88c6bbca4b57229db1c2f3)
Backport #28392 by @nekrondev
Windows-based shells will add a CRLF when piping the token into
ssh-keygen command resulting in
verification error. This resolves#21527.
Co-authored-by: nekrondev <heiko@noordsee.de>
Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit b47482d58e86c636006f7b17b4d91786e6ed4d37)
Backport #28457 by @KN4CK3R
Recently Docker started to use the optional `POST /v2/token` endpoint
which should respond with a `404 Not Found` status code instead of the
current `405 Method Not Allowed`.
> Note: Not all token servers implement oauth2. If the request to the
endpoint returns 404 using the HTTP POST method, refer to Token
Documentation for using the HTTP GET method supported by all token
servers.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 74ab7980339da50e8a42db00677b457d5f340a5a)
Backport #28428 by @KN4CK3R
There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 97a0bf151a1fed2119b0ecb3c94f68462979c699)
Since a scheduled action is only run from the default branch, it
cannot be anything else.
Refs: https://codeberg.org/forgejo/forgejo/issues/1926
(cherry picked from commit eff0822856fd727915f6e6493a80844cffd7b02a)
- The transaction in combination with Git push was causing deadlocks if
you had the `push_update` queue set to `immediate`. This was the root
cause of slow integration tests in CI.
- Remove the sync branch code as this is already being done in the Git
post-receive hook.
- Add tests to proof the branch models are in sync even with this code
removed.
Backport of https://codeberg.org/forgejo/forgejo/pulls/1962
(cherry picked from commit a064065cb9a6e39597e38c37a405d066cfabf7f7)
This reverts commit 172fdd0d32.
This code was introduced for a test case that is no longer in use. It
should guard against the provider being null but that's not worth the
effort for deadcode. Just remove it.
Refs: https://codeberg.org/forgejo/forgejo/issues/1984
It will determine how anchors are created and will break existing
links otherwise.
Adapted from Revert "Make `user-content-* ` consistent with github (#26388)
It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.
su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.
This reverts commit 0e3a5abb69.
Conflicts:
routers/api/v1/api.go
To be rebuilt with latest golang version
---------
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 96d3fcf179d4eea98f62d380e04f246ff65694d7)
Backport #28390 by @jackHay22
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
```
HTTP/1.1 200 OK
...
Warning: token and access_token API authentication is deprecated
...
```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`
## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed
## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)
Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit f144521aea0d7a08b9bd5f17e49bae4021bd7a45)
Backport #28302 by @yp05327
Close#28287
## How to test it in local
convert Makefile L34 into:
```
cd .tmp/upstream-docs && git clean -f && git reset --hard && git fetch origin pull/28302/head:pr28302 && git switch pr28302
```
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 40d51188c039f6a674a37e67d0ea5504a7a3e282)
Fix#28056
Backport #28361
This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.
The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.
For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.
For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
(cherry picked from commit 87db4a47c8e22b7c2e4f2b9f9efc8df1e3622884)
- Backport #1911
- Currently there's code to recover gracefully from panics that happen
within the execution of cron tasks. However this recover code wasn't
being run, because `RunWithShutdownContext` also contains code to
recover from any panic and then gracefully shutdown Forgejo. Because
`RunWithShutdownContext` registers that code as last, that would get run
first which in this case is not behavior that we want.
- Move the recover code to inside the function, so that is run first
before `RunWithShutdownContext`'s recover code (which is now a noop).
- Resolves#1910
(cherry picked from commit 761e1c83414407b65e331c2eeb4348c47acf0fbb)
Backport #28348 by @AdamMajer
nogogit GetBranchNames() lists branches sorted in reverse commit date
order. On the other hand the gogit implementation doesn't apply any
ordering resulting in unpredictable behaviour. In my case, the unit
tests requiring particular order fail
repo_branch_test.go:24:
Error Trace:
./gitea/modules/git/repo_branch_test.go:24
Error: elements differ
extra elements in list A:
([]interface {}) (len=1) {
(string) (len=6) "master"
}
extra elements in list B:
([]interface {}) (len=1) {
(string) (len=7) "branch1"
}
listA:
([]string) (len=2) {
(string) (len=6) "master",
(string) (len=7) "branch2"
}
listB:
([]string) (len=2) {
(string) (len=7) "branch1",
(string) (len=7) "branch2"
}
Test: TestRepository_GetBranches
To fix this, we sort branches based on their commit date in gogit
implementation.
Fixes: #28318
Co-authored-by: Adam Majer <amajer@suse.de>
(cherry picked from commit 272ae03341561ad51228fc75bd12ca3180504100)
Backport #28314 by @yp05327
Fix#28264
`DataAsync()` will be called twice.
Caused by https://github.com/go-gitea/gitea/pull/27958.
I'm sorry, I didn't completely remove all unnecessary codes.
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit c5c44d095114901af745ef6a24f827c4cfe73ec4)
Backport #28373 by @capvor
In the documents, the `[attachment] MAX_SIZE` default value should be 4.
Reference the source code `modules/setting/attachment.go` line 29.
Co-authored-by: capvor <capvor@sina.com>
(cherry picked from commit 8f2805f7574da3382e7e2c5bc45641245e920cbc)
Backport #28359 by @lunny
The left menu will only display the default branch's workflows but the
right side will display the runs triggered by all branches' workflows.
So we cannot hide right side if default branch has no workflows.
Fix#28332
Replace #28333
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit b7e3adc66c01dc6c81126ca4c031cad48d6eb6c4)
Backport #28356 by @darrinsmart
The summary string ends up in the database, and (at least) MySQL &
PostgreSQL require valid UTF8 strings.
Fixes#28178
Co-authored-by: darrinsmart <darrin@djs.to>
Co-authored-by: Darrin Smart <darrin@filmlight.ltd.uk>
(cherry picked from commit fef34790bb73b12b8b11daa45f17bd30fe30f4f0)
Backport #28334 by @lng2020
Fix#28328
```
func (p *PullRequestComment) GetDiffHunk() string {
if p == nil || p.DiffHunk == nil {
return ""
}
return *p.DiffHunk
}
```
This function in the package `go-github` may return an empty diff. When
it's empty, the following code will panic because it access `ss[1]`
ec1feedbf5/services/migrations/gitea_uploader.go (L861-L867)ec1feedbf5/modules/git/diff.go (L97-L101)
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 8b590de186dffdbe240cb5c58f5ec17f16fdbe25)
