18207 Commits

Author SHA1 Message Date
Giteabot
4815c4aeae
Add null check for responseData.invalidTopics (#32212) (#32217)
Backport #32212 by @cloudchamb3r

<img width="553" alt="Screenshot 2024-10-08 at 10 49 10 AM"
src="https://github.com/user-attachments/assets/faeef64d-684a-4aba-b7fc-c7c6a0301abe">

`responseData.invalidTopics` can be null but it wasn't handled.

Co-authored-by: cloudchamb3r <jizon0123@protonmail.com>
2024-10-09 09:18:29 +08:00
2e3a191097
Fix javascript error when an anonymous user visiting migration page (#32144) (#32179)
backport #32144

This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.

The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-04 17:58:04 +00:00
Giteabot
361221c531
Fixed race condition when deleting documents by repoId in ElasticSearch (#32185) (#32188)
Backport #32185 by @bsofiato

Resolves #32184

Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
Co-authored-by: Bruno Sofiato <bruno.sofiato@gmail.com>
2024-10-03 16:33:26 +00:00
d86433cce2
Don't init singing keys if oauth2 provider disabled (#32177)
Backport #32148
2024-10-03 11:34:56 -04:00
85897f9b28
Upgrade some dependencies include minio-go (#32166)
backport #32156

Co-authored-by: Manuel Valls Fernández <manuel@valls.dev>
2024-10-03 02:08:06 +00:00
Giteabot
4703e5270f
Ensure GetCSRF doesn't return an empty token (#32130) (#32157)
Backport #32130 by @wolfogre

Since page templates keep changing, some pages that contained forms with
CSRF token no longer have them.

It leads to some calls of `GetCSRF` returning an empty string, which
fails the tests. Like


3269b04d61/tests/integration/attachment_test.go (L62-L63)

The test did try to get the CSRF token and provided it, but it was
empty.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-10-01 05:27:37 +00:00
Giteabot
9fc3915e04
Fix the logic of finding the latest pull review commit ID (#32139) (#32165)
Backport #32139 by @Zettat123

Fix #31423

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-10-01 13:10:03 +09:00
a4a6c785b4
Don't join repository when loading action table data (#32127) (#32143)
backport #32127
2024-09-30 11:04:08 +08:00
Giteabot
634454c48c
Fix wrong status of Set up Job when first step is skipped (#32120) (#32125)
Backport #32120 by @yp05327

Fix #32089

Co-authored-by: yp05327 <576951401@qq.com>
2024-09-25 10:19:35 +08:00
Zettat123
737c947287
Fix bug in getting merged pull request by commit (#32079) (#32117)
Backport #32079

Fix #32027
2024-09-25 00:12:02 +08:00
Giteabot
1ef74004a2
Fix bug when deleting a migrated branch (#32075) (#32123)
Backport #32075 by @lunny

After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 17:01:05 +08:00
Giteabot
5c73da7c54
Include collaboration repositories on dashboard source/forks/mirrors list (#31946) (#32122)
Backport #31946 by @lunny

Fix #13489

In the original implementation, only `All` will display your owned and
collaborated repositories. For other filters like `Source`, `Mirrors`
and etc. will only display your owned repositories.

This PR removed the limitations. Now except `collbrations`, other
filters will always display your owned and collaborated repositories.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 15:17:30 +08:00
Giteabot
a32aaf4d43
Truncate commit message during Discord webhook push events (#31970) (#32121)
Backport #31970 by @kemzeb

Resolves #31668.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-09-24 13:28:01 +08:00
Giteabot
0f834f052b
Allow set branch protection in an empty repository (#32095) (#32119)
Backport #32095 by @lunny

Resolve #32093

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 11:42:52 +09:00
Giteabot
a3c660f89a
Fix panic when cloning with wrong ssh format. (#32076) (#32118)
Backport #32076 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 01:58:58 +00:00
Giteabot
d5d5fb1925
Fix Bug in Issue/pulls list (#32081) (#32115) 2024-09-24 01:26:10 +00:00
Giteabot
ae37f31df6
use rebuilt mssql-2017 image (#32109) (#32114)
Backport #32109 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
2024-09-23 21:23:04 +00:00
Giteabot
1f8cbbab3d
Fix rename branch permission bug (#32066) (#32108)
Backport #32066 by @lunny

The previous implementation requires admin permission to rename branches
which should be write permission.

Fix #31993

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-22 19:43:13 +00:00
Giteabot
af0cab23ea
Fix wrong last modify time (#32102) (#32104)
Backport #32102 by @lunny

Fix #31930 and more places which use `http.TimeFormat` wrongly.
`http.TimeFormat` requires a UTC time. refer to
https://pkg.go.dev/net/http#TimeFormat

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-22 19:12:57 +00:00
Giteabot
73066e3f97
Add bin to Composer Metadata (#32099) (#32106)
Backport #32099 by @maantje

This PR addresses the missing `bin` field in Composer metadata, which
currently causes vendor-provided binaries to not be symlinked to
`vendor/bin` during installation.

In the current implementation, running `composer install` does not
publish the binaries, leading to issues where expected binaries are not
available.

By properly declaring the `bin` field, this PR ensures that binaries are
correctly symlinked upon installation, as described in the [Composer
documentation](https://getcomposer.org/doc/articles/vendor-binaries.md).

Co-authored-by: Jamie Schouten <j4mie@hey.com>
2024-09-22 18:42:02 +00:00
Giteabot
919b82461a
Fix incorrect /tokens api (#32085) (#32092)
Backport #32085 by @KN4CK3R

Fixes #32078

- Add missing scopes output.
- Disallow empty scope.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-09-22 18:02:09 +00:00
69ba37e9fd
Fix mssql ci with a new mssql version on ci (#32094)
backport from https://github.com/go-gitea/gitea/pull/32060
2024-09-23 01:32:26 +08:00
Giteabot
ea9e09abe5
Fix: database not update release when using git push --tags --force (#32040) (#32074)
Backport #32040 by @ExplodingDragon

link: https://codeberg.org/forgejo/forgejo/issues/4274

Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
2024-09-19 07:57:28 +08:00
2891edbbcb
Refactor CSRF protector (#32057) (#32069)
#32057 improves the CSRF handling and is worth to backport
2024-09-18 17:02:45 +00:00
Giteabot
8dbe83d205
Add missing comment reply handling (#32050) (#32065)
Backport #32050 by @KN4CK3R

Fixes #31937

- Add missing comment reply handling
- Use `onGiteaRun` in the test because the fixtures are not present
otherwise (did this behaviour change?)

Compare without whitespaces.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-09-18 09:23:28 +00:00
Giteabot
2831ae369e
Lazy load avatar images (#32051) (#32063)
Backport #32051 by @hiifong

Before:

https://github.com/user-attachments/assets/7b1681ba-4781-432a-ae20-c07e94c1dbb6

After:

https://github.com/user-attachments/assets/5154e160-e22c-460e-b0d9-28768486c178

Co-authored-by: hiifong <i@hiif.ong>
2024-09-18 16:52:44 +08:00
Giteabot
e6395e1e81
Handle invalid target when creating releases using API (#31841) (#32043)
Backport #31841 by @kemzeb

A 500 status code was thrown when passing a non-existent target to the
create release API. This snapshot handles this error and instead throws
a 404 status code.

Discovered while working on #31840.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-09-17 02:23:40 +00:00
Giteabot
8a39a4812f
Do not escape relative path in RPM primary index (#32038) (#32054)
Backport #32038 by @KN4CK3R

Fixes #32021

Do not escape the relative path.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-09-17 08:19:35 +08:00
Giteabot
3d7d0c36e7
Check if the due_date is nil when editing issues (#32035) (#32042)
Backport #32035 by @Zettat123

Fix #32030

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-09-15 01:31:34 +08:00
30d989d411
Fix container parallel upload bugs (#32022)
This PR should be replaced by #31860 in v1.23. The aim of creating this
PR is to fix it in 1.22 because globallock hasn't been introduced.

Fix #27640
Fix #29563
Fix #31215
2024-09-12 03:11:03 +00:00
Giteabot
b3af359cc6
Fix /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename (#32017) (#32028)
Backport #32017 by @charles-plutohealth

---
`status == "rename"` should have read `status == "renamed"`. The typo
means that file.PreviousFilename would never be populated, which e.g.
breaks usage of the Github Action at
https://github.com/dorny/paths-filter.

Co-authored-by: charles-plutohealth <143208583+charles-plutohealth@users.noreply.github.com>
2024-09-12 08:58:43 +09:00
Giteabot
0629c08a6d
Support allowed hosts for migrations to work with proxy (#32025) (#32026)
Backport #32025 by @wolfogre

Fix #32024. Follow #27655.

After this PR, all usage of "new dial context" needs to provide a proxy,
so I dropped the old `NewDialContext` and renamed
`NewDialContextWithProxy` to `NewDialContext`.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-09-11 14:54:19 +08:00
Giteabot
54d828f8ec
Increase cacheContextLifetime to reduce false reports (#32011) (#32023)
Backport #32011 by @wolfogre

Replace #32001.

To prevent the context cache from being misused for long-term work
(which would result in using invalid cache without awareness), the
context cache is designed to exist for a maximum of 10 seconds. This
leads to many false reports, especially in the case of slow SQL.

This PR increases it to 5 minutes to reduce false reports.

5 minutes is not a very safe value, as a lot of changes may have
occurred within that time frame. However, as far as I know, there has
not been a case of misuse of context cache discovered so far, so I think
5 minutes should be OK.

Please note that after this PR, if warning logs are found again, it
should get attention, at that time it can be almost 100% certain that it
is a misuse.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-09-11 11:14:40 +08:00
6d4dfcd187
Upgrade cache to v0.2.1 (#32003) (#32009)
Fix #31757
Backport #32003
2024-09-07 21:44:28 +00:00
Giteabot
f7f4256c82
Use forum.gitea.com instead of old URL (#31989) (#31992)
Backport #31989 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-07 03:47:23 +08:00
5e36e9f5a7
Add changelog for 1.22.2 (#31935) v1.22.2 2024-09-06 00:16:54 +08:00
Giteabot
b39aa8528b
Fix nuget/conan/container packages upload bugs (#31967) (#31982)
Backport #31967 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-05 07:34:41 +00:00
244fb11c6b
Replace v-html with v-text in search inputbox (#31966) (#31973) (#31975)
Backport #31966, #31973
Cherry-pick 30da734f37f0bd60d13044374c1d5af54f2eb416,
74b1c589c6c1a4261556e1a1a868bbcb2964a5d3
Replace #31972

---------

Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
2024-09-05 01:59:57 +00:00
9c990ac043
Add lock for parallel maven upload (#31954)
Backport #31851 
Fix #30171
2024-09-03 14:33:28 +08:00
d3b0bc22c0
Fix index too many file names bug (#31903) (#31953)
Try to fix #31884
Fix #28584 
Backport #31903
2024-09-03 01:15:30 +00:00
Giteabot
6f5748c507
Prevent update pull refs manually and will not affect other refs update (#31931) (#31955)
Backport #31931 by @lunny

All refs under `refs/pull` should only be changed from Gitea inside but
not by pushing from outside of Gitea.
This PR will prevent the pull refs update but allow other refs to be
updated on the same pushing with `--mirror` operations.

The main changes are to add checks on `update` hook but not
`pre-receive` because `update` will be invoked by every ref but
`pre-receive` will revert all changes once one ref update fails.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-02 18:28:00 +08:00
cc1520221a
Fix sort order for organization home and user profile page (#31921) (#31922)
Backport #31921
2024-09-02 07:58:18 +00:00
Giteabot
b5500cded1
Fix 500 error when state params is set when editing issue/PR by API (#31880) (#31952)
Backport #31880 by @yp05327

A quick fix for #31871

Co-authored-by: yp05327 <576951401@qq.com>
2024-09-01 18:38:10 +00:00
0de69c26ec
Upgrade micromatch to 4.0.8 (#31944)
backport #31939
2024-08-30 10:36:49 +08:00
24e8825f1f
Update webpack to 5.94.0 (#31941)
Update webpack on v1.22 branch because of
https://github.com/go-gitea/gitea/security/dependabot/70.
2024-08-29 16:10:25 +00:00
Giteabot
1d98d4e69a
Fix search team (#31923) (#31942)
Backport #31923 by @lunny

Fix #20658

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-30 00:05:21 +08:00
Giteabot
b140f647fc
Remove "dsa-1024" testcases from Test_SSHParsePublicKey and Test_calcFingerprint (#31905) (#31914)
Backport #31905 by @s4uliu5

DSA is considered inherently insecure and is already disabled/removed in
OpenSSH 9.8.

Therefore "dsa-1024" tescases are failing.

```
--- FAIL: Test_calcFingerprint (0.02s)
    --- FAIL: Test_calcFingerprint/dsa-1024 (0.00s)
        --- FAIL: Test_calcFingerprint/dsa-1024/SSHKeygen (0.00s)
            ssh_key_test.go:196:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:196
                        Error:          Received unexpected error:
                                        Unable to verify key content [result: /tmp/gitea_keytest1239408114 is not a public key file.
                                        ]
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
            ssh_key_test.go:197:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:197
                        Error:          Not equal:
                                        expected: "SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc"
                                        actual  : ""

                                        Diff:
                                        --- Expected
                                        +++ Actual
                                        @@ -1 +1 @@
                                        -SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc
                                        +
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
FAIL
```

Fix #31624

Co-authored-by: Saulius Gurklys <s4uliu5@gmail.com>
2024-08-25 20:39:00 +08:00
e060ae88e5
Don't return 500 if mirror url contains special chars (#31859) (#31895)
Backport #31859
2024-08-22 00:10:50 +08:00
d9c65c9a52
Upgrade bleve to 2.4.2 (#31894)
backport #31762
2024-08-21 05:13:59 +00:00
96de5c2a9f
bug fix for translation in ru (#31892)
Fix #31891
2024-08-21 10:01:36 +08:00