.deadcode-out

@@ -27,13 +27,15 @@ forgejo.org/models/db
 	TruncateBeans
 	InTransaction
 	DumpTables
-	GetTableNames
 
 forgejo.org/models/dbfs
 	file.renameTo
 	Create
 	Rename
 
+forgejo.org/models/forgefed
+	GetFederationHost
+
 forgejo.org/models/forgejo/semver
 	GetVersion
 	SetVersionString
@@ -65,6 +67,7 @@ forgejo.org/models/user
 	DeleteUserSetting
 	GetFederatedUser
 	GetFederatedUserByUserID
+	UpdateFederatedUser
 	GetFollowersForUser
 	AddFollower
 	RemoveFollower
@@ -245,9 +248,6 @@ forgejo.org/routers/web/org
 forgejo.org/services/context
 	GetPrivateContext
 
-forgejo.org/services/federation
-	Init
-
 forgejo.org/services/repository
 	IsErrForkAlreadyExist
 

.devcontainer/devcontainer.json

@@ -6,7 +6,7 @@
     "ghcr.io/devcontainers/features/node:1": {
       "version": "22"
     },
-    "ghcr.io/devcontainers/features/git-lfs:1.2.5": {},
+    "ghcr.io/devcontainers/features/git-lfs:1.2.4": {},
     "ghcr.io/warrenbuckley/codespace-features/sqlite:1": {}
   },
   "customizations": {

.forgejo/workflows/renovate.yml

@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:41.23.2
+      image: data.forgejo.org/renovate/renovate:41.17.2
 
     steps:
       - name: Load renovate repo cache

.golangci.yml

@@ -79,10 +79,6 @@ linters:
         - name: unreachable-code
         - name: var-declaration
         - name: var-naming
-          arguments:
-            - []
-            - []
-            - - skip-package-name-checks: true
         - name: redefines-builtin-id
           disabled: true
     staticcheck:

Makefile

@@ -39,7 +39,7 @@ XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.3.0 # renovate: datasource=go
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.8.0 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.2.1 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.34.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.2 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@41.23.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@41.17.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

cmd/admin_auth.go

@@ -17,15 +17,6 @@ import (
 	"github.com/urfave/cli/v3"
 )
 
-type (
-	authService struct {
-		initDB            func(ctx context.Context) error
-		createAuthSource  func(context.Context, *auth_model.Source) error
-		updateAuthSource  func(context.Context, *auth_model.Source) error
-		getAuthSourceByID func(ctx context.Context, id int64) (*auth_model.Source, error)
-	}
-)
-
 func microcmdAuthDelete() *cli.Command {
 	return &cli.Command{
 		Name:   "delete",
@@ -69,16 +60,6 @@ func microcmdAuthList() *cli.Command {
 	}
 }
 
-// newAuthService creates a service with default functions.
-func newAuthService() *authService {
-	return &authService{
-		initDB:            initDB,
-		createAuthSource:  auth_model.CreateSource,
-		updateAuthSource:  auth_model.UpdateSource,
-		getAuthSourceByID: auth_model.GetSourceByID,
-	}
-}
-
 func runListAuth(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()

cmd/admin_auth_ldap.go

@@ -14,6 +14,15 @@ import (
 	"github.com/urfave/cli/v3"
 )
 
+type (
+	authService struct {
+		initDB            func(ctx context.Context) error
+		createAuthSource  func(context.Context, *auth.Source) error
+		updateAuthSource  func(context.Context, *auth.Source) error
+		getAuthSourceByID func(ctx context.Context, id int64) (*auth.Source, error)
+	}
+)
+
 func commonLdapCLIFlags() []cli.Flag {
 	return []cli.Flag{
 		&cli.StringFlag{
@@ -175,6 +184,16 @@ func microcmdAuthUpdateLdapSimpleAuth() *cli.Command {
 	}
 }
 
+// newAuthService creates a service with default functions.
+func newAuthService() *authService {
+	return &authService{
+		initDB:            initDB,
+		createAuthSource:  auth.CreateSource,
+		updateAuthSource:  auth.UpdateSource,
+		getAuthSourceByID: auth.GetSourceByID,
+	}
+}
+
 // parseAuthSource assigns values on authSource according to command line flags.
 func parseAuthSource(c *cli.Command, authSource *auth.Source) {
 	if c.IsSet("name") {

cmd/admin_auth_oauth.go

@@ -86,11 +86,6 @@ func oauthCLIFlags() []cli.Flag {
 			Value: nil,
 			Usage: "Scopes to request when to authenticate against this OAuth2 source",
 		},
-		&cli.StringFlag{
-			Name:  "attribute-ssh-public-key",
-			Value: "",
-			Usage: "Claim name providing SSH public keys for this source",
-		},
 		&cli.StringFlag{
 			Name:  "required-claim-name",
 			Value: "",
@@ -132,7 +127,7 @@ func microcmdAuthAddOauth() *cli.Command {
 	return &cli.Command{
 		Name:   "add-oauth",
 		Usage:  "Add new Oauth authentication source",
-		Action: newAuthService().addOauth,
+		Action: runAddOauth,
 		Flags:  oauthCLIFlags(),
 	}
 }
@@ -141,7 +136,7 @@ func microcmdAuthUpdateOauth() *cli.Command {
 	return &cli.Command{
 		Name:   "update-oauth",
 		Usage:  "Update existing Oauth authentication source",
-		Action: newAuthService().updateOauth,
+		Action: runUpdateOauth,
 		Flags:  append(oauthCLIFlags()[:1], append([]cli.Flag{idFlag()}, oauthCLIFlags()[1:]...)...),
 	}
 }
@@ -168,7 +163,6 @@ func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source {
 		IconURL:                       c.String("icon-url"),
 		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),
 		Scopes:                        c.StringSlice("scopes"),
-		AttributeSSHPublicKey:         c.String("attribute-ssh-public-key"),
 		RequiredClaimName:             c.String("required-claim-name"),
 		RequiredClaimValue:            c.String("required-claim-value"),
 		GroupClaimName:                c.String("group-claim-name"),
@@ -179,11 +173,11 @@ func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source {
 	}
 }
 
-func (a *authService) addOauth(ctx context.Context, c *cli.Command) error {
+func runAddOauth(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()
 
-	if err := a.initDB(ctx); err != nil {
+	if err := initDB(ctx); err != nil {
 		return err
 	}
 
@@ -195,7 +189,7 @@ func (a *authService) addOauth(ctx context.Context, c *cli.Command) error {
 		}
 	}
 
-	return a.createAuthSource(ctx, &auth_model.Source{
+	return auth_model.CreateSource(ctx, &auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
@@ -203,7 +197,7 @@ func (a *authService) addOauth(ctx context.Context, c *cli.Command) error {
 	})
 }
 
-func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
+func runUpdateOauth(ctx context.Context, c *cli.Command) error {
 	if !c.IsSet("id") {
 		return errors.New("--id flag is missing")
 	}
@@ -211,11 +205,11 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 	ctx, cancel := installSignals(ctx)
 	defer cancel()
 
-	if err := a.initDB(ctx); err != nil {
+	if err := initDB(ctx); err != nil {
 		return err
 	}
 
-	source, err := a.getAuthSourceByID(ctx, c.Int64("id"))
+	source, err := auth_model.GetSourceByID(ctx, c.Int64("id"))
 	if err != nil {
 		return err
 	}
@@ -250,10 +244,6 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 		oAuth2Config.Scopes = c.StringSlice("scopes")
 	}
 
-	if c.IsSet("attribute-ssh-public-key") {
-		oAuth2Config.AttributeSSHPublicKey = c.String("attribute-ssh-public-key")
-	}
-
 	if c.IsSet("required-claim-name") {
 		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
 	}
@@ -310,5 +300,5 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config
 
-	return a.updateAuthSource(ctx, source)
+	return auth_model.UpdateSource(ctx, source)
 }

cmd/admin_auth_oauth_test.go

@@ -1,704 +0,0 @@
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package cmd
-
-import (
-	"context"
-	"testing"
-
-	"forgejo.org/models/auth"
-	"forgejo.org/modules/test"
-	"forgejo.org/services/auth/source/oauth2"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v3"
-)
-
-func TestAddOauth(t *testing.T) {
-	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
-
-	// Test cases
-	cases := []struct {
-		args   []string
-		source *auth.Source
-		errMsg string
-	}{
-		// case 0
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source full",
-				"--provider", "openidConnect",
-				"--key", "client id",
-				"--secret", "client secret",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--use-custom-urls", "",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-				"--icon-url", "https://example.com/icon.svg",
-				"--skip-local-2fa",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-				"--attribute-ssh-public-key", "ssh_public_key",
-				"--required-claim-name", "can_access",
-				"--required-claim-value", "yes",
-				"--group-claim-name", "groups",
-				"--admin-group", "admin",
-				"--restricted-group", "restricted",
-				"--group-team-map", `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-				"--group-team-map-removal",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source full",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					ClientID:                      "client id",
-					ClientSecret:                  "client secret",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					CustomURLMapping: &oauth2.CustomURLMapping{
-						AuthURL:    "https://example.com/auth",
-						TokenURL:   "https://example.com/token",
-						ProfileURL: "https://example.com/profile",
-						EmailURL:   "https://example.com/email",
-						Tenant:     "tenant id",
-					},
-					IconURL:               "https://example.com/icon.svg",
-					Scopes:                []string{"address", "email", "phone", "profile"},
-					AttributeSSHPublicKey: "ssh_public_key",
-					RequiredClaimName:     "can_access",
-					RequiredClaimValue:    "yes",
-					GroupClaimName:        "groups",
-					AdminGroup:            "admin",
-					GroupTeamMap:          `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-					GroupTeamMapRemoval:   true,
-					RestrictedGroup:       "restricted",
-					SkipLocalTwoFA:        true,
-				},
-			},
-		},
-		// case 1
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source min",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source min",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					Scopes:                        []string{},
-				},
-			},
-		},
-		// case 2
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Scopes: []string{},
-				},
-			},
-		},
-		// case 3
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					Scopes:                        []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 4
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--scopes", "address,email,phone,profile",
-			},
-			source: &auth.Source{
-				Type:     auth.OAuth2,
-				Name:     "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				IsActive: true,
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					Scopes:                        []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 5
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source",
-				"--provider", "openidConnect",
-			},
-			errMsg: "invalid Auto Discovery URL:  (this must be a valid URL starting with http:// or https://)",
-		},
-		// case 6
-		{
-			args: []string{
-				"oauth-test",
-				"--name", "oauth2 (via openidConnect) source",
-				"--provider", "openidConnect",
-				"--auto-discover-url", "example.com",
-			},
-			errMsg: "invalid Auto Discovery URL: example.com (this must be a valid URL starting with http:// or https://)",
-		},
-	}
-
-	for n, c := range cases {
-		// Mock functions.
-		var createdAuthSource *auth.Source
-		service := &authService{
-			initDB: func(context.Context) error {
-				return nil
-			},
-			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				createdAuthSource = authSource
-				return nil
-			},
-			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call updateAuthSource", "case: %d", n)
-				return nil
-			},
-			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
-				assert.FailNow(t, "should not call getAuthSourceByID", "case: %d", n)
-				return nil, nil
-			},
-		}
-
-		// Create a copy of command to test
-		app := cli.Command{}
-		app.Flags = microcmdAuthAddOauth().Flags
-		app.Action = service.addOauth
-
-		// Run it
-		err := app.Run(t.Context(), c.args)
-		if c.errMsg != "" {
-			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
-		} else {
-			require.NoError(t, err, "case %d: should have no errors", n)
-			assert.Equal(t, c.source, createdAuthSource, "case %d: wrong authSource", n)
-		}
-	}
-}
-
-func TestUpdateOauth(t *testing.T) {
-	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
-
-	// Test cases
-	cases := []struct {
-		args               []string
-		id                 int64
-		existingAuthSource *auth.Source
-		authSource         *auth.Source
-		errMsg             string
-	}{
-		// case 0
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "23",
-				"--name", "oauth2 (via openidConnect) source full",
-				"--provider", "openidConnect",
-				"--key", "client id",
-				"--secret", "client secret",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-				"--use-custom-urls", "",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-				"--icon-url", "https://example.com/icon.svg",
-				"--skip-local-2fa",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-				"--attribute-ssh-public-key", "ssh_public_key",
-				"--required-claim-name", "can_access",
-				"--required-claim-value", "yes",
-				"--group-claim-name", "groups",
-				"--admin-group", "admin",
-				"--restricted-group", "restricted",
-				"--group-team-map", `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-				"--group-team-map-removal",
-			},
-			id: 23,
-			existingAuthSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg:  &oauth2.Source{},
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source full",
-				Cfg: &oauth2.Source{
-					Provider:                      "openidConnect",
-					ClientID:                      "client id",
-					ClientSecret:                  "client secret",
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					CustomURLMapping: &oauth2.CustomURLMapping{
-						AuthURL:    "https://example.com/auth",
-						TokenURL:   "https://example.com/token",
-						ProfileURL: "https://example.com/profile",
-						EmailURL:   "https://example.com/email",
-						Tenant:     "tenant id",
-					},
-					IconURL:               "https://example.com/icon.svg",
-					Scopes:                []string{"address", "email", "phone", "profile"},
-					AttributeSSHPublicKey: "ssh_public_key",
-					RequiredClaimName:     "can_access",
-					RequiredClaimValue:    "yes",
-					GroupClaimName:        "groups",
-					AdminGroup:            "admin",
-					GroupTeamMap:          `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-					GroupTeamMapRemoval:   true,
-					RestrictedGroup:       "restricted",
-					// `--skip-local-2fa` is currently ignored.
-					// SkipLocalTwoFA:        true,
-				},
-			},
-		},
-		// case 1
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 2
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source full",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source full",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 3
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--provider", "openidConnect",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					Provider:         "openidConnect",
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 4
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--key", "client id",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					ClientID:         "client id",
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 5
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--secret", "client secret",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					ClientSecret:     "client secret",
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 6
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--auto-discover-url", "https://example.com/.well-known/openid-configuration",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					OpenIDConnectAutoDiscoveryURL: "https://example.com/.well-known/openid-configuration",
-					CustomURLMapping:              &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 7
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--use-custom-urls", "",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{
-						AuthURL:    "https://example.com/auth",
-						TokenURL:   "https://example.com/token",
-						ProfileURL: "https://example.com/profile",
-						EmailURL:   "https://example.com/email",
-						Tenant:     "tenant id",
-					},
-				},
-			},
-		},
-		// case 8
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				"--custom-tenant-id", "tenant id",
-				"--custom-auth-url", "https://example.com/auth",
-				"--custom-token-url", "https://example.com/token",
-				"--custom-profile-url", "https://example.com/profile",
-				"--custom-email-url", "https://example.com/email",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--use-custom-urls` required for `--custom-*` flags",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-				},
-			},
-		},
-		// case 9
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--icon-url", "https://example.com/icon.svg",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					IconURL:          "https://example.com/icon.svg",
-				},
-			},
-		},
-		// case 10
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--skip-local-2fa` is currently ignored",
-				"--skip-local-2fa",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--skip-local-2fa` is currently ignored",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					// `--skip-local-2fa` is currently ignored.
-					// SkipLocalTwoFA: true,
-				},
-			},
-		},
-		// case 11
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				"--scopes", "address",
-				"--scopes", "email",
-				"--scopes", "phone",
-				"--scopes", "profile",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--scopes` aggregates multiple uses",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					Scopes:           []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 12
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--name", "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				"--scopes", "address,email,phone,profile",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Name: "oauth2 (via openidConnect) source `--scopes` supports commas as separators",
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					Scopes:           []string{"address", "email", "phone", "profile"},
-				},
-			},
-		},
-		// case 13
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--attribute-ssh-public-key", "ssh_public_key",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:      &oauth2.CustomURLMapping{},
-					AttributeSSHPublicKey: "ssh_public_key",
-				},
-			},
-		},
-		// case 14
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--required-claim-name", "can_access",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:  &oauth2.CustomURLMapping{},
-					RequiredClaimName: "can_access",
-				},
-			},
-		},
-		// case 15
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--required-claim-value", "yes",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:   &oauth2.CustomURLMapping{},
-					RequiredClaimValue: "yes",
-				},
-			},
-		},
-		// case 16
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--group-claim-name", "groups",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					GroupClaimName:   "groups",
-				},
-			},
-		},
-		// case 17
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--admin-group", "admin",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					AdminGroup:       "admin",
-				},
-			},
-		},
-		// case 18
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--restricted-group", "restricted",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					RestrictedGroup:  "restricted",
-				},
-			},
-		},
-		// case 19
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--group-team-map", `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping: &oauth2.CustomURLMapping{},
-					GroupTeamMap:     `{"org_a_team_1": {"organization-a": ["Team 1"]}, "org_a_all_teams": {"organization-a": ["Team 1", "Team 2", "Team 3"]}}`,
-				},
-			},
-		},
-		// case 20
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "1",
-				"--group-team-map-removal",
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:    &oauth2.CustomURLMapping{},
-					GroupTeamMapRemoval: true,
-				},
-			},
-		},
-		// case 21
-		{
-			args: []string{
-				"oauth-test",
-				"--id", "23",
-				"--group-team-map-removal=false",
-			},
-			id: 23,
-			existingAuthSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					GroupTeamMapRemoval: true,
-				},
-			},
-			authSource: &auth.Source{
-				Type: auth.OAuth2,
-				Cfg: &oauth2.Source{
-					CustomURLMapping:    &oauth2.CustomURLMapping{},
-					GroupTeamMapRemoval: false,
-				},
-			},
-		},
-		// case 22
-		{
-			args: []string{
-				"oauth-test",
-			},
-			errMsg: "--id flag is missing",
-		},
-	}
-
-	for n, c := range cases {
-		// Mock functions.
-		var updatedAuthSource *auth.Source
-		service := &authService{
-			initDB: func(context.Context) error {
-				return nil
-			},
-			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call createAuthSource", "case: %d", n)
-				return nil
-			},
-			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				updatedAuthSource = authSource
-				return nil
-			},
-			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
-				if c.id != 0 {
-					assert.Equal(t, c.id, id, "case %d: wrong id", n)
-				}
-				if c.existingAuthSource != nil {
-					return c.existingAuthSource, nil
-				}
-				return &auth.Source{
-					Type: auth.OAuth2,
-					Cfg:  &oauth2.Source{},
-				}, nil
-			},
-		}
-
-		// Create a copy of command to test
-		app := cli.Command{}
-		app.Flags = microcmdAuthUpdateOauth().Flags
-		app.Action = service.updateOauth
-
-		// Run it
-		err := app.Run(t.Context(), c.args)
-		if c.errMsg != "" {
-			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
-		} else {
-			require.NoError(t, err, "case %d: should have no errors", n)
-			assert.Equal(t, c.authSource, updatedAuthSource, "case %d: wrong authSource", n)
-		}
-	}
-}

cmd/manager_logging.go

@@ -44,11 +44,6 @@ func defaultLoggingFlags() []cli.Flag {
 			Aliases: []string{"e"},
 			Usage:   "Matching expression for the logger",
 		},
-		&cli.StringFlag{
-			Name:    "exclusion",
-			Aliases: []string{"x"},
-			Usage:   "Exclusion for the logger",
-		},
 		&cli.StringFlag{
 			Name:    "prefix",
 			Aliases: []string{"p"},
@@ -291,9 +286,6 @@ func commonAddLogger(ctx context.Context, c *cli.Command, mode string, vals map[
 	if len(c.String("expression")) > 0 {
 		vals["expression"] = c.String("expression")
 	}
-	if len(c.String("exclusion")) > 0 {
-		vals["exclusion"] = c.String("exclusion")
-	}
 	if len(c.String("prefix")) > 0 {
 		vals["prefix"] = c.String("prefix")
 	}

custom/conf/app.example.ini

@@ -631,7 +631,6 @@ LEVEL = Info
 ;LEVEL=
 ;FLAGS = stdflags or journald
 ;EXPRESSION =
-;EXCLUSION =
 ;PREFIX =
 ;COLORIZE = false
 ;;
@@ -1768,9 +1767,6 @@ LEVEL = Info
 ;; Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;PASSWD =
 ;;
-;; Alternative location to specify mailer password. You cannot specify both this and PASSWD, and must pick one
-;PASSWD_URI = file:/etc/forgejo/mailer_passwd
-;;
 ;; Send mails only in plain text, without HTML alternative
 ;SEND_AS_PLAIN_TEXT = false
 ;;
@@ -1823,9 +1819,6 @@ LEVEL = Info
 ;; Password of the receiving account
 ;PASSWORD =
 ;;
-;; Alternative location to specify password of the receiving account. You cannot specify both this and PASSWORD, and must pick one
-;PASSWORD_URI = file:/etc/forgejo/email_incoming_password
-;;
 ;; Whether the IMAP server uses TLS.
 ;USE_TLS = false
 ;;

go.mod

@@ -2,7 +2,7 @@ module forgejo.org
 
 go 1.24
 
-toolchain go1.24.5
+toolchain go1.24.4
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.0
@@ -24,7 +24,7 @@ require (
 	github.com/ProtonMail/go-crypto v1.3.0
 	github.com/PuerkitoBio/goquery v1.10.3
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
-	github.com/alecthomas/chroma/v2 v2.19.0
+	github.com/alecthomas/chroma/v2 v2.18.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.5.2
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
@@ -42,21 +42,21 @@ require (
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
 	github.com/go-chi/chi/v5 v5.2.2
-	github.com/go-chi/cors v1.2.2
+	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.2
 	github.com/go-git/go-git/v5 v5.13.2
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-openapi/spec v0.21.0
 	github.com/go-sql-driver/mysql v1.9.3
-	github.com/go-webauthn/webauthn v0.13.1
+	github.com/go-webauthn/webauthn v0.13.0
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/google/go-github/v64 v64.0.0
-	github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5
+	github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.4.0
@@ -99,13 +99,13 @@ require (
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.130.1
 	go.uber.org/mock v0.5.2
-	golang.org/x/crypto v0.40.0
+	golang.org/x/crypto v0.39.0
 	golang.org/x/image v0.27.0
-	golang.org/x/net v0.42.0
+	golang.org/x/net v0.41.0
 	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.16.0
-	golang.org/x/sys v0.34.0
-	golang.org/x/text v0.27.0
+	golang.org/x/sync v0.15.0
+	golang.org/x/sys v0.33.0
+	golang.org/x/text v0.26.0
 	google.golang.org/protobuf v1.36.4
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
@@ -170,7 +170,7 @@ require (
 	github.com/go-openapi/jsonpointer v0.21.1 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
-	github.com/go-webauthn/x v0.1.22 // indirect
+	github.com/go-webauthn/x v0.1.21 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -244,7 +244,7 @@ require (
 
 replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.29.0
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.28.0
 
 replace github.com/mholt/archiver/v3 => code.forgejo.org/forgejo/archiver/v3 v3.5.1
 

go.sum

@@ -4,8 +4,8 @@ code.forgejo.org/f3/gof3/v3 v3.11.0 h1:f/xToKwqTgxG6PYxvewywjDQyCcyHEEJ6sZqUitFs
 code.forgejo.org/f3/gof3/v3 v3.11.0/go.mod h1:4FaRUNSQGBiD1M0DuB0yNv+Z2wMtlOeckgygHSSq4KQ=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
-code.forgejo.org/forgejo/act v1.29.0 h1:CPiI0LRPU0f6gUdQj1ZVax0ySc8CfegY4hiRsymdZU0=
-code.forgejo.org/forgejo/act v1.29.0/go.mod h1:RPqtuaI2FkC1SVOaYCRODo5jIfoMTBVgEOOP3Sdiuh4=
+code.forgejo.org/forgejo/act v1.28.0 h1:96njNC7C1YNyjWq5OWvLZMF/nw0PMthzIA8Nwbnn7jo=
+code.forgejo.org/forgejo/act v1.28.0/go.mod h1:dFuiwAmD5vyrzecysHB2kL/GM3wRpoVPl+WdbCTC8Bs=
 code.forgejo.org/forgejo/archiver/v3 v3.5.1 h1:UmmbA7D5550uf71SQjarmrn6yKwOGxtEjb3jaYYtmSE=
 code.forgejo.org/forgejo/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=
@@ -62,8 +62,8 @@ github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2/go.mod h1:JitQWJ8JuV4Y
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.19.0 h1:Im+SLRgT8maArxv81mULDWN8oKxkzboH07CHesxElq4=
-github.com/alecthomas/chroma/v2 v2.19.0/go.mod h1:RVX6AvYm4VfYe/zsk7mjHueLDZor3aWCNE14TFlepBk=
+github.com/alecthomas/chroma/v2 v2.18.0 h1:6h53Q4hW83SuF+jcsp7CVhLsMozzvQvO8HBbKQW+gn4=
+github.com/alecthomas/chroma/v2 v2.18.0/go.mod h1:RVX6AvYm4VfYe/zsk7mjHueLDZor3aWCNE14TFlepBk=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
 github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
 github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
@@ -215,8 +215,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkPro
 github.com/go-chi/chi/v5 v5.0.1/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
 github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
-github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
-github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
+github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
+github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
 github.com/go-enry/go-enry/v2 v2.9.2 h1:giOQAtCgBX08kosrX818DCQJTCNtKwoPBGu0qb6nKTY=
@@ -250,10 +250,10 @@ github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI6
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-webauthn/webauthn v0.13.1 h1:Q3/GLXsckVJUPE+BGR6ex26yRIiZ/X2ITaMeSkOftuc=
-github.com/go-webauthn/webauthn v0.13.1/go.mod h1:HeaBromTjgMg1sHZOzyjEiqcrk4Og7mxafDTWDepaXI=
-github.com/go-webauthn/x v0.1.22 h1:rHilV/rYXawarI0uA3uZ5nhLb30Ex8RgbVAsOSt/57o=
-github.com/go-webauthn/x v0.1.22/go.mod h1:+iV9BF4OsvLYzETdc0lmQO2webTos10oH6QydSoWxDM=
+github.com/go-webauthn/webauthn v0.13.0 h1:cJIL1/1l+22UekVhipziAaSgESJxokYkowUqAIsWs0Y=
+github.com/go-webauthn/webauthn v0.13.0/go.mod h1:Oy9o2o79dbLKRPZWWgRIOdtBGAhKnDIaBp2PFkICRHs=
+github.com/go-webauthn/x v0.1.21 h1:nFbckQxudvHEJn2uy1VEi713MeSpApoAv9eRqsb9AdQ=
+github.com/go-webauthn/x v0.1.21/go.mod h1:sEYohtg1zL4An1TXIUIQ5csdmoO+WO0R4R2pGKaHYKA=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
@@ -307,8 +307,8 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 h1:xhMrHhTJ6zxu3gA4enFM9MLn9AY7613teCdFnlUVbSQ=
-github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -585,8 +585,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
-golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/image v0.27.0 h1:C8gA4oWU/tKkdCfYT6T2u4faJu3MeNS5O8UPWlPF61w=
@@ -614,8 +614,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -627,8 +627,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -654,8 +654,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -665,8 +665,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
-golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -677,8 +677,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
-golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

models/actions/run.go

@@ -284,10 +284,16 @@ func GetLatestRun(ctx context.Context, repoID int64) (*ActionRun, error) {
 	return &run, nil
 }
 
-func GetRunBefore(ctx context.Context, _ *ActionRun) (*ActionRun, error) {
-	// TODO return the most recent run related to the run given in argument
-	// see https://codeberg.org/forgejo/user-research/issues/63 for context
-	return nil, nil
+// GetRunBefore returns the last run that completed a given timestamp (not inclusive).
+func GetRunBefore(ctx context.Context, repoID int64, timestamp timeutil.TimeStamp) (*ActionRun, error) {
+	var run ActionRun
+	has, err := db.GetEngine(ctx).Where("repo_id=? AND stopped IS NOT NULL AND stopped<?", repoID, timestamp).OrderBy("stopped DESC").Limit(1).Get(&run)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, fmt.Errorf("run before: %w", util.ErrNotExist)
+	}
+	return &run, nil
 }
 
 func GetLatestRunForBranchAndWorkflow(ctx context.Context, repoID int64, branch, workflowFile, event string) (*ActionRun, error) {

models/actions/run_test.go

@@ -5,7 +5,92 @@ package actions
 
 import (
 	"testing"
+	"time"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestGetRunBefore(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	// this repo is part of the test database requiring loading "repository.yml" in main_test.go
+	var repoID int64 = 1
+
+	workflowID := "test_workflow"
+
+	// third completed run
+	time1, err := time.Parse(time.RFC3339, "2024-07-31T15:47:55+08:00")
+	require.NoError(t, err)
+	timeutil.MockSet(time1)
+	run1 := ActionRun{
+		ID:         1,
+		Index:      1,
+		RepoID:     repoID,
+		Stopped:    timeutil.TimeStampNow(),
+		WorkflowID: workflowID,
+	}
+
+	// fourth completed run
+	time2, err := time.Parse(time.RFC3339, "2024-08-31T15:47:55+08:00")
+	require.NoError(t, err)
+	timeutil.MockSet(time2)
+	run2 := ActionRun{
+		ID:         2,
+		Index:      2,
+		RepoID:     repoID,
+		Stopped:    timeutil.TimeStampNow(),
+		WorkflowID: workflowID,
+	}
+
+	// second completed run
+	time3, err := time.Parse(time.RFC3339, "2024-07-31T15:47:54+08:00")
+	require.NoError(t, err)
+	timeutil.MockSet(time3)
+	run3 := ActionRun{
+		ID:         3,
+		Index:      3,
+		RepoID:     repoID,
+		Stopped:    timeutil.TimeStampNow(),
+		WorkflowID: workflowID,
+	}
+
+	// first completed run
+	time4, err := time.Parse(time.RFC3339, "2024-06-30T15:47:54+08:00")
+	require.NoError(t, err)
+	timeutil.MockSet(time4)
+	run4 := ActionRun{
+		ID:         4,
+		Index:      4,
+		RepoID:     repoID,
+		Stopped:    timeutil.TimeStampNow(),
+		WorkflowID: workflowID,
+	}
+	require.NoError(t, db.Insert(db.DefaultContext, &run1))
+	runBefore, err := GetRunBefore(db.DefaultContext, repoID, run1.Stopped)
+	// there is no run before run1
+	require.Error(t, err)
+	require.Nil(t, runBefore)
+
+	// now there is only run3 before run1
+	require.NoError(t, db.Insert(db.DefaultContext, &run3))
+	runBefore, err = GetRunBefore(db.DefaultContext, repoID, run1.Stopped)
+	require.NoError(t, err)
+	assert.Equal(t, run3.ID, runBefore.ID)
+
+	// there still is only run3 before run1
+	require.NoError(t, db.Insert(db.DefaultContext, &run2))
+	runBefore, err = GetRunBefore(db.DefaultContext, repoID, run1.Stopped)
+	require.NoError(t, err)
+	assert.Equal(t, run3.ID, runBefore.ID)
+
+	// run4 is further away from run1
+	require.NoError(t, db.Insert(db.DefaultContext, &run4))
+	runBefore, err = GetRunBefore(db.DefaultContext, repoID, run1.Stopped)
+	require.NoError(t, err)
+	assert.Equal(t, run3.ID, runBefore.ID)
 }

models/asymkey/main_test.go

@@ -15,6 +15,8 @@ func TestMain(m *testing.M) {
 			"gpg_key.yml",
 			"public_key.yml",
 			"TestParseCommitWithSSHSignature/public_key.yml",
+			"deploy_key.yml",
+			"gpg_key_import.yml",
 			"user.yml",
 			"email_address.yml",
 		},

models/db/context.go

@@ -141,7 +141,7 @@ func TxContext(parentCtx context.Context) (*Context, Committer, error) {
 		return nil, nil, err
 	}
 
-	return newContext(parentCtx, sess, true), sess, nil
+	return newContext(DefaultContext, sess, true), sess, nil
 }
 
 // WithTx represents executing database operations on a transaction, if the transaction exist,

models/db/context_test.go

@@ -84,16 +84,4 @@ func TestTxContext(t *testing.T) {
 			return nil
 		}))
 	}
-
-	t.Run("Reuses parent context", func(t *testing.T) {
-		type unique struct{}
-
-		ctx := context.WithValue(db.DefaultContext, unique{}, "yes!")
-		assert.False(t, db.InTransaction(ctx))
-
-		require.NoError(t, db.WithTx(ctx, func(ctx context.Context) error {
-			assert.Equal(t, "yes!", ctx.Value(unique{}))
-			return nil
-		}))
-	})
 }

models/db/engine.go

@@ -15,7 +15,6 @@ import (
 	"strings"
 	"time"
 
-	"forgejo.org/modules/container"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 
@@ -439,12 +438,3 @@ func GetMasterEngine(x Engine) (*xorm.Engine, error) {
 
 	return engine, nil
 }
-
-// GetTableNames returns the table name of all registered models.
-func GetTableNames() container.Set[string] {
-	names := make(container.Set[string])
-	for _, table := range tables {
-		names.Add(x.TableName(table))
-	}
-	return names
-}

models/db/table_names_test.go

@@ -1,40 +0,0 @@
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package db
-
-import (
-	"slices"
-	"testing"
-
-	"forgejo.org/modules/test"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetTableNames(t *testing.T) {
-	t.Run("Simple", func(t *testing.T) {
-		defer test.MockVariableValue(&tables, []any{new(GPGKey)})()
-
-		assert.Equal(t, []string{"gpg_key"}, GetTableNames().Values())
-	})
-
-	t.Run("Multiple tables", func(t *testing.T) {
-		defer test.MockVariableValue(&tables, []any{new(GPGKey), new(User), new(BlockedUser)})()
-
-		tableNames := GetTableNames().Values()
-		slices.Sort(tableNames)
-
-		assert.Equal(t, []string{"forgejo_blocked_user", "gpg_key", "user"}, tableNames)
-	})
-}
-
-type GPGKey struct{}
-
-type User struct{}
-
-type BlockedUser struct{}
-
-func (*BlockedUser) TableName() string {
-	return "forgejo_blocked_user"
-}

models/fixtures/TestActivateUserEmail/email_address.yml

@@ -1,7 +0,0 @@
--
-  id: 1001
-  uid: 1001
-  email: AnotherTestUserWithUpperCaseEmail@otto.splvs.net
-  lower_email: anothertestuserwithuppercaseemail@otto.splvs.net
-  is_activated: false
-  is_primary: true

models/fixtures/TestActivateUserEmail/user.yml

@@ -1,12 +0,0 @@
--
-  id: 1001
-  lower_name: user1001
-  name: user1001
-  full_name: User That loves Upper Cases
-  email: AnotherTestUserWithUpperCaseEmail@otto.splvs.net
-  passwd: ZogKvWdyEx:password
-  passwd_hash_algo: dummy
-  avatar: ''
-  avatar_email: anothertestuserwithuppercaseemail@otto.splvs.net
-  login_name: user1
-  created_unix: 1672578000

models/fixtures/action_variable.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/deploy_key.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/external_login_user.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/federated_user.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/federation_host.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/gpg_key_import.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/label.yml

@@ -3,7 +3,6 @@
   repo_id: 1
   org_id: 0
   name: label1
-  description: 'First label'
   color: '#abcdef'
   exclusive: false
   num_issues: 2
@@ -108,26 +107,3 @@
   num_issues: 0
   num_closed_issues: 0
   archived_unix: 0
-
--
-  id: 11
-  repo_id: 3
-  org_id: 0
-  name: "  <script>malicious</script> /'?&"
-  description: "Malicious label ' <script>malicious</script>"
-  color: '#000000'
-  exclusive: true
-  num_issues: 0
-  num_closed_issues: 0
-  archived_unix: 0
-
--
-  id: 12
-  repo_id: 3
-  org_id: 0
-  name: 'archived label<>'
-  color: '#000000'
-  exclusive: false
-  num_issues: 0
-  num_closed_issues: 0
-  archived_unix: 2991092130

models/fixtures/login_source.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/protected_branch.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/pull_auto_merge.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/push_mirror.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/repo_archiver.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/repo_indexer_status.yml

@@ -0,0 +1 @@
+[] # empty

models/fixtures/secret.yml

@@ -0,0 +1 @@
+[] # empty

models/forgejo_migrations/main_test.go

@@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"testing"

models/forgejo_migrations/migrate.go

@@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"context"
@@ -108,9 +108,7 @@ var migrations = []*Migration{
 	// v33 -> v34
 	NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
 	// v34 -> v35
-	NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped),
-	// v35 -> v36
-	NewMigration("Fix wiki unit default permission", FixWikiUnitDefaultPermission),
+	NewMigration("Add index to `stopped` column in `action_run` table", AddIndexToActionRunStopped),
 }
 
 // GetCurrentDBVersion returns the current Forgejo database version.

models/forgejo_migrations/migrate_test.go

@@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"testing"

models/forgejo_migrations/v13.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v14.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"forgejo.org/models/migrations/base"

models/forgejo_migrations/v15.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"time"

models/forgejo_migrations/v16.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v17.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v18.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v19.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v1_20/v1.go

@@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_v1_20
+package forgejo_v1_20 //nolint:revive
 
 import (
 	"forgejo.org/modules/timeutil"

models/forgejo_migrations/v1_20/v2.go

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 
-package forgejo_v1_20
+package forgejo_v1_20 //nolint:revive
 
 import (
 	"xorm.io/xorm"

models/forgejo_migrations/v1_20/v3.go

@@ -1,7 +1,7 @@
 // Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_v1_20
+package forgejo_v1_20 //nolint:revive
 
 import (
 	"forgejo.org/modules/timeutil"

models/forgejo_migrations/v1_22/main_test.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"testing"

models/forgejo_migrations/v1_22/v10.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"xorm.io/xorm"

models/forgejo_migrations/v1_22/v11.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"forgejo.org/modules/timeutil"

models/forgejo_migrations/v1_22/v12.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v1_22/v4.go

@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"xorm.io/xorm"

models/forgejo_migrations/v1_22/v5.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"xorm.io/xorm"

models/forgejo_migrations/v1_22/v6.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"xorm.io/xorm"

models/forgejo_migrations/v1_22/v7.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"xorm.io/xorm"

models/forgejo_migrations/v1_22/v8.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"strings"

models/forgejo_migrations/v1_22/v8_test.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import (
 	"testing"

models/forgejo_migrations/v1_22/v9.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_22
+package v1_22 //nolint
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v20.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v21.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v22.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v23.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v24.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v25.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"context"

models/forgejo_migrations/v25_test.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"testing"

models/forgejo_migrations/v26.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v27.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"forgejo.org/modules/timeutil"

models/forgejo_migrations/v28.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v29.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"database/sql"

models/forgejo_migrations/v30.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"time"

models/forgejo_migrations/v30_test.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"testing"

models/forgejo_migrations/v31.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"xorm.io/xorm"

models/forgejo_migrations/v31_test.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"testing"

models/forgejo_migrations/v32.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"encoding/xml"

models/forgejo_migrations/v32_test.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"bytes"

models/forgejo_migrations/v33.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"fmt"

models/forgejo_migrations/v33_test.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
 	"testing"

models/forgejo_migrations/v34.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import "xorm.io/xorm"
 

models/forgejo_migrations/v35.go

@@ -1,13 +1,19 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package forgejo_migrations
+package forgejo_migrations //nolint:revive
 
 import (
+	"forgejo.org/modules/timeutil"
+
 	"xorm.io/xorm"
 )
 
-// see https://codeberg.org/forgejo/forgejo/issues/8373
-func NoopAddIndexToActionRunStopped(x *xorm.Engine) error {
-	return nil
+func AddIndexToActionRunStopped(x *xorm.Engine) error {
+	type ActionRun struct {
+		ID      int64
+		Stopped timeutil.TimeStamp `xorm:"index"`
+	}
+
+	return x.Sync(&ActionRun{})
 }

models/forgejo_migrations/v36.go

@@ -1,55 +0,0 @@
-// Copyright 2025 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package forgejo_migrations
-
-import (
-	"xorm.io/xorm"
-)
-
-func FixWikiUnitDefaultPermission(x *xorm.Engine) error {
-	// Type is Unit's Type
-	type Type int
-
-	// Enumerate all the unit types
-	const (
-		TypeInvalid         Type = iota // 0 invalid
-		TypeCode                        // 1 code
-		TypeIssues                      // 2 issues
-		TypePullRequests                // 3 PRs
-		TypeReleases                    // 4 Releases
-		TypeWiki                        // 5 Wiki
-		TypeExternalWiki                // 6 ExternalWiki
-		TypeExternalTracker             // 7 ExternalTracker
-		TypeProjects                    // 8 Projects
-		TypePackages                    // 9 Packages
-		TypeActions                     // 10 Actions
-	)
-
-	// RepoUnitAccessMode specifies the users access mode to a repo unit
-	type UnitAccessMode int
-
-	const (
-		// UnitAccessModeUnset - no unit mode set
-		UnitAccessModeUnset UnitAccessMode = iota // 0
-		// UnitAccessModeNone no access
-		UnitAccessModeNone // 1
-		// UnitAccessModeRead read access
-		UnitAccessModeRead // 2
-		// UnitAccessModeWrite write access
-		UnitAccessModeWrite // 3
-	)
-	_ = UnitAccessModeNone
-	_ = UnitAccessModeWrite
-
-	type RepoUnit struct {
-		DefaultPermissions UnitAccessMode `xorm:"NOT NULL DEFAULT 0"`
-	}
-	_, err := x.Where("type = ?", TypeWiki).
-		Where("default_permissions = ?", UnitAccessModeRead).
-		Cols("default_permissions").
-		Update(RepoUnit{
-			DefaultPermissions: UnitAccessModeUnset,
-		})
-	return err
-}

models/migrations/test/tests.go

@@ -95,8 +95,7 @@ func PrepareTestEnv(t *testing.T, skip int, syncModels ...any) (*xorm.Engine, fu
 		t.Logf("initializing fixtures from: %s", fixturesDir)
 		if err := unittest.InitFixtures(
 			unittest.FixturesOptions{
-				Dir:                     fixturesDir,
-				SkipCleanRegistedModels: true,
+				Dir: fixturesDir,
 			}, x); err != nil {
 			t.Errorf("error whilst initializing fixtures from %s: %v", fixturesDir, err)
 			return x, deferFn

models/migrations/v1_10/v100.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import (
 	"net/url"

models/migrations/v1_10/v101.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import (
 	"xorm.io/xorm"

models/migrations/v1_10/v88.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import (
 	"crypto/sha1"

models/migrations/v1_10/v89.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v90.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v91.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v92.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import (
 	"xorm.io/builder"

models/migrations/v1_10/v93.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v94.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v95.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v96.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import (
 	"path/filepath"

models/migrations/v1_10/v97.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v98.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import "xorm.io/xorm"
 

models/migrations/v1_10/v99.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_10
+package v1_10 //nolint
 
 import (
 	"forgejo.org/modules/timeutil"

models/migrations/v1_11/v102.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_11
+package v1_11 //nolint
 
 import (
 	"forgejo.org/models/migrations/base"

models/migrations/v1_11/v103.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_11
+package v1_11 //nolint
 
 import (
 	"xorm.io/xorm"

models/migrations/v1_11/v104.go

@@ -1,7 +1,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package v1_11
+package v1_11 //nolint
 
 import (
 	"forgejo.org/models/migrations/base"