Commit Graph

19933 Commits

Author SHA1 Message Date
silverwind
49a0a11f55 Update JS deps, misc tweaks (#35643)
- Update all JS dependencies
- Enable eslint `no-useless-assignment` and fix 2 discovered issues
- Replace `gitea-vscode` svg with new `octicon-vscode`
- Remove now-unused `@ts-expect-error` comments
- Change Monaco wrapping behaviour to match the wrapping in code view:
no wrapping indent and break on any character.
2025-10-12 21:07:15 +00:00
silverwind
912515e63a Bump actions/checkout to v5 (#35644) 2025-10-12 18:01:42 +00:00
techknowlogick
f9a4b2753c nix flake update (#35639) 2025-10-12 15:59:00 +00:00
ChristopherHX
2401812b76 Cleanup ActionRun creation (#35624)
Closes #35622

---------

Signed-off-by: ChristopherHX <christopher.homberger@web.de>
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-12 12:23:37 +00:00
techknowlogick
3d264ba636 bump archives&rar dep (#35637) 2025-10-12 05:48:19 +02:00
Lunny Xiao
662a44d924 Fix merge panic (#35606)
To prevent potential bugs, the logic in #35543 makes `gitcmd.Command`
panic when attempting to override stdout or stderr. Instead of using
`PrepareCmd`, this PR now uses the WithXXX methods directly to avoid the
panic.

Fix #35603
2025-10-12 04:24:00 +02:00
dependabot[bot]
24a595c3fc Bump happy-dom from 19.0.2 to 20.0.0 (#35625) 2025-10-12 01:52:03 +00:00
ChristopherHX
25c4eb1659 Refactor ActionRunJob parsing into a reusable function (#35623)
Use a helper method around the jobparser for parsing a single job
structure from an ActionRunJob

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-11 12:58:36 -07:00
鲁汀
b029ad431b Fix code tag style problem and LFS view bug (#35628)
Fix #35567

---------

Signed-off-by: 鲁汀 <131967983+lutinglt@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-12 02:38:42 +08:00
Zettat123
40f71bcd4c Support Actions concurrency syntax (#32751)
Fix #24769
Fix #32662
Fix #33260

Depends on https://gitea.com/gitea/act/pulls/124

-
https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#concurrency

## ⚠️ BREAKING ⚠️

This PR removes the auto-cancellation feature added by #25716. Users
need to manually add `concurrency` to workflows to control concurrent
workflows or jobs.

---------

Signed-off-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-10 18:58:55 +00:00
鲁汀
327d0a7fdd The status icon of the Action step is consistent with GitHub (#35618)
Before:
running:
<img width="45" height="34" alt="image"
src="https://github.com/user-attachments/assets/e2508f98-2f1f-4b7e-a80c-30b406f42531"
/>
waiting:
<img width="44" height="33" alt="image"
src="https://github.com/user-attachments/assets/e7c8164e-fdc3-4546-b088-31166544edb0"
/>

---
After:
running:
<img width="49" height="43" alt="image"
src="https://github.com/user-attachments/assets/b5a9b245-a995-458a-af23-d1723daa3692"
/>
waiting:
<img width="42" height="44" alt="image"
src="https://github.com/user-attachments/assets/ff72551e-cfb5-4665-af52-938ef0cf8f1c"
/>

`gitea-running.svg` is not an icon from the @ primer/octicon library,
extracted from the Github page. Github did not assign a clear class name
to this icon

---------

Signed-off-by: 鲁汀 <131967983+lutinglt@users.noreply.github.com>
Co-authored-by: lutinglt <lutinglt@users.noreply.github.com>
2025-10-10 11:25:03 -07:00
silverwind
165a3ead52 Mock external service in hcaptcha TestCaptcha (#35604)
The test calls out to a web service which may be down or unreachable as
seen in the linked issue. It's better for tests to not have such
external dependencies to make them absolutely stable.

Fixes: https://github.com/go-gitea/gitea/issues/35571
2025-10-10 06:21:45 +02:00
Lunny Xiao
9f664ab330 Fix inputing review comment will remove reviewer (#35591)
Fix #34617
2025-10-09 19:55:14 -07:00
GiteaBot
94d99c9c3c [skip ci] Updated translations via Crowdin 2025-10-10 00:34:09 +00:00
Surya Purohit
b8e5e2a93e Fix diffpatch API endpoint (#35610)
Fix the swagger documentation for the `diffpatch` API endpoint,
and fix the wrong API path caused by a refactoring change.

Closes #35602

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-10 00:39:14 +08:00
da Kai
0bc129481d Print PR-Title into tooltip for actions (#35579)
This PR updates the tooltip for Pull-Request triggered runs to show the
PR title instead of the PR number.

---
I dont remember PR numbers, so having the title in the tooltip makes it
much easier to recognize the right one 😊

Current
<img width="290" height="88" alt="Screenshot 2025-10-03 231547"
src="https://github.com/user-attachments/assets/dd8d264d-933f-4fb1-a945-82b172f95861"
/>

After
<img width="301" height="91" alt="Screenshot 2025-10-03 224628"
src="https://github.com/user-attachments/assets/74c9809a-c09a-4804-bb27-79058a99238b"
/>

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-09 10:01:47 +02:00
shashank-netapp
03fce8f3d0 Fixing issue #35530: Password Leak in Log Messages (#35584)
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-07 09:26:47 -07:00
Lunny Xiao
69f5ee970c Move some functions to gitrepo package (#35543)
Refactor Git command functions to use WithXXX methods instead of
exposing RunOpts.
This change simplifies reuse across gitrepo and improves consistency,
encapsulation, and maintainability of command options.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-07 17:06:51 +08:00
Rob Gonnella
c9e7fde8b3 feat: adds option to force update new branch in contents routes (#35592)
Allows users to specify a "force" option in API /contents routes when
modifying files in a new branch. When "force" is true, and the branch
already exists, a force push will occur provided the branch does not
have a branch protection rule that disables force pushing.

This is useful as a way to manage a branch remotely through only the
API. For example in an automated release tool you can pull commits,
analyze, and update a release PR branch all remotely without needing to
clone or perform any local git operations.

Resolve #35538

---------

Co-authored-by: Rob Gonnella <rob.gonnella@papayapay.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-06 21:23:14 -07:00
Lunny Xiao
ad2ff67343 Move archive function to repo_model and gitrepo (#35514) 2025-10-06 15:01:26 -07:00
Zettat123
cdc0733047 Use inputs context when parsing workflows (#35590)
Depends on [gitea/act#143](https://gitea.com/gitea/act/pulls/143)

The [`inputs`
context](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#inputs-context)
is used when parsing workflows so that `run-name` like `run-name: Deploy
to ${{ inputs.deploy_target }}` can be parsed correctly.
2025-10-06 06:09:27 +02:00
Shafi Ahmed
0a0baeb3b0 fix: auto-expand and auto-scroll for actions logs (#35570) (#35583)
Implements reliable auto-expand and auto-scroll behavior for the Actions
logs view.

* Expands running or unfinished steps automatically.
* Smoothly scrolls to the latest log line during execution.
* Controlled via existing “Always auto-scroll” and “Expand running
steps” options.

Fixes #35570.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-05 10:31:06 +08:00
GiteaBot
851d8f9f7c [skip ci] Updated translations via Crowdin 2025-10-05 00:38:21 +00:00
GiteaBot
4e7a97dea0 [skip ci] Updated translations via Crowdin 2025-10-04 00:32:04 +00:00
Lunny Xiao
e1c2fef593 Fix creating pull request failure when the target branch name is the same as some tag (#35552)
Use full reference name in the git command to avoid ambiguity.

Fix #35470
2025-10-03 22:54:37 +00:00
silverwind
6589326e96 Use bundled version of spectral (#35573)
To reduce the risk of npm supply chain attacks and to speed up
dependency installation, I've
[bundled](https://github.com/silverwind/spectral-cli-bundle) the
spectral package into a zero-dependency module. The upstream package is
pretty dead currently, so I expect to keep up with their updates.

The package
[exports](de05948c53/package.json (L9))
a `spectral` bin script, so `pnpm exec spectral` continues to work
as-is.

In total, this removes 86 dependencies from the npm dependency tree.
2025-10-03 22:25:09 +00:00
Lunny Xiao
17c8aa6587 Add rebase push display wrong comments bug (#35560)
Fix #35518

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-03 15:16:17 -07:00
wxiaoguang
71360a94cb Address some CodeQL security concerns (#35572)
Although there is no real security problem
2025-10-04 01:21:26 +08:00
Kausthubh J Rao
c4532101a4 fix(webhook): prevent tag events from bypassing branch filters targets #35449 (#35567)
Tag creation/deletion was triggering push webhooks even when branch
filters were configured, causing unintended pipeline executions.

This change modifies the branch filter logic to check the full ref
name directly instead of first determining if it's a "branch" event.

Fixes: Tag events now properly respect branch filters
- Add getPayloadRef() function to extract full ref names
- Update PrepareWebhook() to use direct ref matching
- Prevents refs/tags/* from matching refs/heads/* filters

Closes #35449

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2025-10-03 08:51:57 +02:00
Aleksandr Denisovich
efc48c36ff Added button to copy file name in PR files (#35509)
The merge request file viewer has a button for copying the file path,
but it is not always convenient. Often, you only want to copy the file
name, which is currently not possible. This change request adds this
capability.

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: a.kiselev <a.kiselev@reglab.ru>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-02 18:08:11 +00:00
silverwind
340aed3982 Update JS and PY deps (#35565)
Updated all dependencies and did a quick test of the UI.
2025-10-02 08:45:56 +02:00
silverwind
b907b9fb1a Enable a few more tsconfig options (#35553)
Enable a few more useful options in tsconfig. `noImplicitReturns` had
two cases which I've fixed. Also, partially sort the file.
2025-09-30 21:43:41 -07:00
dependabot[bot]
c5d74e5869 Bump github.com/wneessen/go-mail from 0.6.2 to 0.7.1 (#35557) 2025-10-01 00:14:53 +00:00
Steven Noonan
c5332fdc55 add more routes to the "expensive" list (#35547)
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2025-09-29 17:33:28 +08:00
wxiaoguang
0f668145e9 Drop json-iterator dependency (#35544) 2025-09-28 22:30:28 +08:00
6543
fbe80e6df2 Add proper error message if session provider can not be created (#35520)
the middleware that creates the session provider just panics if on
creation the config is wrong.
this is not catched and so you just get an cryptic stacktrace with no
point where to look at (as user).

## Before

```
2025/09/16 03:56:37 ...xer/stats/indexer.go:87:populateRepoIndexer() [I] Done (re)populating the repo stats indexer with existing repositories
2025/09/16 03:56:37 modules/ssh/ssh.go:387:Listen() [I] Adding SSH host key: /var/lib/gitea/data/ssh/gitea.rsa
2025/09/16 03:56:37 modules/ssh/init.go:26:Init() [I] SSH server started on :1234. Cipher list ([chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com]), key exchange algorithms ([curve25519-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1]), MACs ([hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1])
2025/09/16 03:56:37 ...s/graceful/server.go:50:NewServer() [I] Starting new SSH server: tcp::1234 on PID: 83337
2025/09/16 03:56:38 cmd/web.go:231:func1() [F] PANIC: dial tcp 127.0.0.1:6379: connect: connection refused
gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96/session.go:239 (0x1cdb908)
code.gitea.io/gitea/routers/common/middleware.go:108 (0x2547f5a)
code.gitea.io/gitea/routers/web/web.go:270 (0x278b8e9)
code.gitea.io/gitea/routers/init.go:185 (0x2850d89)
code.gitea.io/gitea/cmd/web.go:211 (0x295c5ad)
code.gitea.io/gitea/cmd/web.go:262 (0x295cacb)
code.gitea.io/gitea/cmd/main.go:111 (0x2953422)
github.com/urfave/cli/v2@v2.27.2/command.go:276 (0x1cc3dfd)
github.com/urfave/cli/v2@v2.27.2/command.go:269 (0x1cc4084)
github.com/urfave/cli/v2@v2.27.2/app.go:333 (0x1cc086a)
github.com/urfave/cli/v2@v2.27.2/app.go:307 (0x2953f18)
code.gitea.io/gitea/cmd/main.go:172 (0x2953efc)
code.gitea.io/gitea/main.go:46 (0x2998498)
runtime/proc.go:283 (0x4471ca)
runtime/asm_amd64.s:1700 (0x484a20)
```

## After

```
2025/09/22 22:52:35 .../templates/htmlrenderer.go:118:initHTMLRenderer() [D] Creating static HTML Renderer
2025/09/22 22:52:35 routers/web/web.go:273:Routes() [F] common.Sessioner failed: failed to create session middleware: dial tcp 127.0.0.1:6379: connect: connection refused
```

---------

Signed-off-by: 6543 <6543@obermui.de>
2025-09-28 12:24:19 +00:00
junoberryferry
151ef80e28 use experimental go json v2 library (#35392)
details: https://pkg.go.dev/encoding/json/v2

---------

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-09-28 08:03:36 +00:00
Lunny Xiao
8106d95577 Use global lock instead of status pool for cron lock (#35507) 2025-09-27 10:11:52 -07:00
Lunny Xiao
1f32170060 Move some functions to gitrepo package (#35503) 2025-09-26 10:14:20 -07:00
Lunny Xiao
7bf2972379 Move GetDiverging functions to gitrepo (#35524)
Extracted from #35469

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-09-26 15:15:42 +00:00
GiteaBot
8ad2a538da [skip ci] Updated translations via Crowdin 2025-09-26 00:34:11 +00:00
Fabien Benetou
53dfbbb2ee Update issue.go with labels documentation (labels content, not ids) (#35522)
For https://github.com/go-gitea/gitea/issues/35521

---------

Signed-off-by: Fabien Benetou <fabien-services@benetou.fr>
2025-09-25 16:56:49 +00:00
wxiaoguang
d83676c97a Fix markup init after issue comment editing (#35536)
Fix #35533
2025-09-25 09:29:32 -07:00
Sumit
f09bea7af1 [Fix] Trigger 'unlabeled' event when label is Deleted from PR (#34316)
This pull request updates the handling of issue label events in
workflows to distinguish between label additions and deletions,
introduces corresponding test cases, and extends the `IssuePayload`
structure to support this functionality.

### Enhancements to issue label event handling:
* Updated `matchIssuesEvent` in `modules/actions/workflows.go` to
differentiate between "labeled" and "unlabeled" events based on whether
labels were added or removed.
* Added a new field, `RemovedLabels`, to the `IssuePayload` struct in
`modules/structs/hook.go` to track labels that were removed during an
issue event.

### Testing improvements:
* Added `TestMatchIssuesEvent` in `modules/actions/workflows_test.go` to
cover scenarios such as label addition, label deletion, and label
clearing, ensuring the correct event type is triggered.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
v1.26.0-dev
2025-09-24 09:45:38 -07:00
GiteaBot
0b706b0825 [skip ci] Updated translations via Crowdin 2025-09-24 00:34:35 +00:00
Lunny Xiao
198f37e33c Move updateref and removeref to gitrepo and remove unnecessary open repository (#35511)
Extracted from #35077
`UpdateRef` and `RemoveRef` will call git commands even for gogit
version.
2025-09-19 08:04:18 -07:00
ChristopherHX
9a0ec53ee3 Stream repo zip/tar.gz/bundle achives by default (#35487)
Initial implementation of linked proposal.

* Closes #29942
* Fix #34003
* Fix #30443

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-09-19 11:51:21 +08:00
silverwind
90cb5f9a1f Clean up npm dependencies (#35508)
- Remove `minimatch`, was inadvertently re-introduced in
https://github.com/go-gitea/gitea/pull/35482
- Remove `postcss-nesting`, originally introduced in
https://github.com/go-gitea/gitea/pull/29746 to support some fork, but
I'm now of the opinion we should not ship dependencies that we don't use
ourselves.
- Remove `eslint-plugin-no-jquery`, plugin is currently disabled because
of compat issues with eslint 9
(https://github.com/wikimedia/eslint-plugin-no-jquery/issues/311)
2025-09-17 21:39:44 +00:00
Bjarne Koll
2f3da6d6b3 Correctly override user unitmodes (#35501)
Commit 6a97ab0af4 reworked team permission
application. The introduced logic overrode the unitModes for *every*
team a user is in, max(...) the current value and the team value
together.

The logic completely fails in case the team does not have a unit for the
specific unit type defined, in which case the logic inserted the
minimumVisibility, overriding any previous aggregation of access modes
for the unit.

This is resolved by simply always merging the unit access mode of the
team as it will simply default to None in case the team does not have a
permission defined for the unit, which will be swallowed by the max(..)
call in favour of the previous aggregated permission.
2025-09-17 12:26:58 -07:00
GiteaBot
4730bb596c [skip ci] Updated translations via Crowdin 2025-09-17 00:33:50 +00:00