Dockerfile: rename user to _gitea instead of git

(cherry picked from commit d4243578ddab98d77878a9f0402f1f49f7251d76)

.drone.yml

@@ -507,81 +507,6 @@ steps:
       - name: deps
         path: /go
 
----
-kind: pipeline
-type: docker
-name: testing-e2e
-
-platform:
-  os: linux
-  arch: amd64
-
-depends_on:
-  - compliance
-
-trigger:
-  event:
-    - pull_request
-  paths:
-    exclude:
-      - docs/**
-
-volumes:
-  - name: deps
-    temp: {}
-
-services:
-  - name: pgsql
-    pull: default
-    image: postgres:10
-    environment:
-      POSTGRES_DB: testgitea-e2e
-      POSTGRES_PASSWORD: postgres
-      POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
-
-steps:
-  - name: deps-frontend
-    image: node:18
-    pull: always
-    commands:
-      - make deps-frontend
-
-  - name: build-frontend
-    image: node:18
-    commands:
-      - make frontend
-    depends_on: [deps-frontend]
-
-  - name: deps-backend
-    image: golang:1.18
-    pull: always
-    commands:
-      - make deps-backend
-    volumes:
-      - name: deps
-        path: /go
-
-  # TODO: We should probably build all dependencies into a test image
-  - name: test-e2e
-    image: mcr.microsoft.com/playwright:v1.29.2-focal
-    commands:
-      - curl -sLO https://go.dev/dl/go1.20.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
-      - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
-      - apt-get -qq update && apt-get -qqy install build-essential
-      - export TEST_PGSQL_SCHEMA=''
-      - ./build/test-env-prepare.sh
-      - su gitea bash -c "export PATH=$PATH:/usr/local/go/bin && timeout -s ABRT 40m make test-e2e-pgsql"
-    environment:
-      GOPROXY: https://goproxy.io
-      GOSUMDB: sum.golang.org
-      USE_REPO_TEST_DIR: 1
-      TEST_PGSQL_DBNAME: 'testgitea-e2e'
-      DEBIAN_FRONTEND: noninteractive
-    depends_on: [build-frontend, deps-backend]
-    volumes:
-      - name: deps
-        path: /go
-
 ---
 kind: pipeline
 name: update_translations

CHANGELOG.md

@@ -4,6 +4,54 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.19.4](https://github.com/go-gitea/gitea/releases/tag/v1.19.4) - 2023-07-04
+
+* SECURITY
+  * Fix open redirect check for more cases (#25143) (#25155)
+* API
+  * Return `404` in the API if the requested webhooks were not found (#24823) (#24830)
+  * Fix `organization` field being `null` in `GET /api/v1/teams/{id}` (#24694) (#24696)
+* ENHANCEMENTS
+  * Set `--font-weight-bold` to 600 (#24840)
+  * Make mailer SMTP check have timed context (#24751) (#24759)
+  * Do not select line numbers when selecting text from the action run logs (#24594) (#24596)
+* BUGFIXES
+  * Fix bug when change user name (#25637) (#25645)
+  * Fix task list checkbox toggle to work with YAML front matter (#25184) (#25236)
+  * Hide limited users if viewed by anonymous ghost (#25214) (#25224)
+  * Add `WithPullRequest` for `actionsNotifier` (#25144) (#25196)
+  * Fix parallelly generating index failure with Mysql (#24567) (#25081)
+  * GitLab migration: Sanitize response for reaction list (#25054) (#25059)
+  * Fix users cannot visit issue attachment bug (#25019) (#25027)
+  * Fix missing reference prefix of commits when sync mirror repository (#24994)
+  * Only validate changed columns when update user (#24867) (#24903)
+  * Make DeleteIssue use correct context (#24885)
+  * Fix topics deleted via API not being deleted in org page (#24825) (#24829)
+  * Fix Actions being enabled accidentally (#24802) (#24810)
+  * Fix missed table name on iterate lfs meta objects (#24768) (#24774)
+  * Fix safari cookie session bug (#24772)
+  * Respect original content when creating secrets (#24745) (#24746)
+  * Fix Pull Mirror out-of-sync bugs (#24732) (#24733)
+  * Fix run list broken when trigger user deleted (#24706) (#24709)
+  * Fix issues list page multiple selection update milestones (#24660) (#24663)
+  * Fix: release page for empty or non-existing target (#24659)
+  * Fix close org projects (#24588) (#24591)
+  * Refresh the refernce of the closed PR when reopening (#24231) (#24587)
+  * Fix the permission of team's `Actions` unit issue (#24536) (#24545)
+  * Bump go.etcd.io/bbolt and blevesearch deps (#23062) (#24519)
+  * Fix new wiki page mirror (#24518)
+  * Match unqualified references when syncing pulls as well (#23070)
+* DOCS
+  * Change branch name from master to main in some documents' links (#25126) (#25139)
+  * Remove unnecessary content on docs (#24976) (#25001)
+  * Unify doc links to use paths relative to doc folder (#24979) (#25000)
+  * Fix docs documenting invalid `@every` for `OLDER_THAN` cron settings (#24695) (#24698)
+* MISC
+  * Merge different languages for language stats (#24900) (#24921)
+  * Hiding Secrets options when Actions feature is disabled (#24792)
+  * Improve decryption failure message (#24573) (#24575)
+  * Makefile: Use portable !, not GNUish -not, with find(1). (#24565) (#24572)
+
 ## [1.19.3](https://github.com/go-gitea/gitea/releases/tag/1.19.3) - 2023-05-03
 
 * SECURITY

Dockerfile

@@ -50,10 +50,10 @@ RUN addgroup \
     -s /bin/bash \
     -u 1000 \
     -G git \
-    git && \
-  echo "git:*" | chpasswd -e
+    _gitea && \
+  echo "_gitea:*" | chpasswd -e
 
-ENV USER git
+ENV USER _gitea
 ENV GITEA_CUSTOM /data/gitea
 
 VOLUME ["/data"]

Makefile

@@ -103,7 +103,7 @@ ifeq ($(VERSION),main)
 endif
 
 # SemVer
-FORGEJO_VERSION := 4.2.1+0-gitea-1.19.3
+FORGEJO_VERSION := 4.2.2+0-gitea-1.19.4
 
 LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)"
 
@@ -784,7 +784,7 @@ merge-locales:
 
 .PHONY: security-check
 security-check:
-	go run $(GOVULNCHECK_PACKAGE) -v ./...
+	go run $(GOVULNCHECK_PACKAGE) ./...
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

docker/manifest.rootless.tmpl

@@ -5,7 +5,6 @@ tags:
 {{#each build.tags}}
   - {{this}}-rootless
 {{/each}}
-  - "latest-rootless"
 {{/unless}}
 {{/if}}
 manifests:

docker/manifest.tmpl

@@ -5,7 +5,6 @@ tags:
 {{#each build.tags}}
   - {{this}}
 {{/each}}
-  - "latest"
 {{/unless}}
 {{/if}}
 manifests:

models/user/redirect.go

@@ -64,6 +64,10 @@ func NewUserRedirect(ctx context.Context, ID int64, oldUserName, newUserName str
 	oldUserName = strings.ToLower(oldUserName)
 	newUserName = strings.ToLower(newUserName)
 
+	if err := DeleteUserRedirect(ctx, oldUserName); err != nil {
+		return err
+	}
+
 	if err := DeleteUserRedirect(ctx, newUserName); err != nil {
 		return err
 	}

models/webhook/hooktask.go

@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/timeutil"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 
 	gouuid "github.com/google/uuid"
@@ -40,15 +41,14 @@ type HookResponse struct {
 
 // HookTask represents a hook task.
 type HookTask struct {
-	ID              int64  `xorm:"pk autoincr"`
-	HookID          int64  `xorm:"index"`
-	UUID            string `xorm:"unique"`
-	api.Payloader   `xorm:"-"`
-	PayloadContent  string `xorm:"LONGTEXT"`
-	EventType       webhook_module.HookEventType
-	IsDelivered     bool
-	Delivered       int64
-	DeliveredString string `xorm:"-"`
+	ID             int64  `xorm:"pk autoincr"`
+	HookID         int64  `xorm:"index"`
+	UUID           string `xorm:"unique"`
+	api.Payloader  `xorm:"-"`
+	PayloadContent string `xorm:"LONGTEXT"`
+	EventType      webhook_module.HookEventType
+	IsDelivered    bool
+	Delivered      timeutil.TimeStampNano
 
 	// History info.
 	IsSucceed       bool
@@ -75,8 +75,6 @@ func (t *HookTask) BeforeUpdate() {
 
 // AfterLoad updates the webhook object upon setting a column
 func (t *HookTask) AfterLoad() {
-	t.DeliveredString = time.Unix(0, t.Delivered).Format("2006-01-02 15:04:05 MST")
-
 	if len(t.RequestContent) == 0 {
 		return
 	}
@@ -115,12 +113,17 @@ func HookTasks(hookID int64, page int) ([]*HookTask, error) {
 // CreateHookTask creates a new hook task,
 // it handles conversion from Payload to PayloadContent.
 func CreateHookTask(ctx context.Context, t *HookTask) (*HookTask, error) {
-	data, err := t.Payloader.JSONPayload()
-	if err != nil {
-		return nil, err
-	}
 	t.UUID = gouuid.New().String()
-	t.PayloadContent = string(data)
+	if t.Payloader != nil {
+		data, err := t.Payloader.JSONPayload()
+		if err != nil {
+			return nil, err
+		}
+		t.PayloadContent = string(data)
+	}
+	if t.Delivered == 0 {
+		t.Delivered = timeutil.TimeStampNanoNow()
+	}
 	return t, db.Insert(ctx, t)
 }
 
@@ -161,13 +164,11 @@ func ReplayHookTask(ctx context.Context, hookID int64, uuid string) (*HookTask,
 		}
 	}
 
-	newTask := &HookTask{
-		UUID:           gouuid.New().String(),
+	return CreateHookTask(ctx, &HookTask{
 		HookID:         task.HookID,
 		PayloadContent: task.PayloadContent,
 		EventType:      task.EventType,
-	}
-	return newTask, db.Insert(ctx, newTask)
+	})
 }
 
 // FindUndeliveredHookTaskIDs will find the next 100 undelivered hook tasks with ID greater than the provided lowerID

models/webhook/webhook_test.go

@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/json"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 
@@ -222,7 +223,6 @@ func TestUpdateHookTask(t *testing.T) {
 
 	hook := unittest.AssertExistsAndLoadBean(t, &HookTask{ID: 1})
 	hook.PayloadContent = "new payload content"
-	hook.DeliveredString = "new delivered string"
 	hook.IsDelivered = true
 	unittest.AssertNotExistsBean(t, hook)
 	assert.NoError(t, UpdateHookTask(hook))
@@ -235,7 +235,7 @@ func TestCleanupHookTaskTable_PerWebhook_DeletesDelivered(t *testing.T) {
 		HookID:      3,
 		Payloader:   &api.PushPayload{},
 		IsDelivered: true,
-		Delivered:   time.Now().UnixNano(),
+		Delivered:   timeutil.TimeStampNanoNow(),
 	}
 	unittest.AssertNotExistsBean(t, hookTask)
 	_, err := CreateHookTask(db.DefaultContext, hookTask)
@@ -268,7 +268,7 @@ func TestCleanupHookTaskTable_PerWebhook_LeavesMostRecentTask(t *testing.T) {
 		HookID:      4,
 		Payloader:   &api.PushPayload{},
 		IsDelivered: true,
-		Delivered:   time.Now().UnixNano(),
+		Delivered:   timeutil.TimeStampNanoNow(),
 	}
 	unittest.AssertNotExistsBean(t, hookTask)
 	_, err := CreateHookTask(db.DefaultContext, hookTask)
@@ -285,7 +285,7 @@ func TestCleanupHookTaskTable_OlderThan_DeletesDelivered(t *testing.T) {
 		HookID:      3,
 		Payloader:   &api.PushPayload{},
 		IsDelivered: true,
-		Delivered:   time.Now().AddDate(0, 0, -8).UnixNano(),
+		Delivered:   timeutil.TimeStampNano(time.Now().AddDate(0, 0, -8).UnixNano()),
 	}
 	unittest.AssertNotExistsBean(t, hookTask)
 	_, err := CreateHookTask(db.DefaultContext, hookTask)
@@ -318,7 +318,7 @@ func TestCleanupHookTaskTable_OlderThan_LeavesTaskEarlierThanAgeToDelete(t *test
 		HookID:      4,
 		Payloader:   &api.PushPayload{},
 		IsDelivered: true,
-		Delivered:   time.Now().AddDate(0, 0, -6).UnixNano(),
+		Delivered:   timeutil.TimeStampNano(time.Now().AddDate(0, 0, -6).UnixNano()),
 	}
 	unittest.AssertNotExistsBean(t, hookTask)
 	_, err := CreateHookTask(db.DefaultContext, hookTask)

modules/timeutil/timestampnano.go

@@ -0,0 +1,28 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package timeutil
+
+import (
+	"time"
+
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// TimeStampNano is for nano time in database, do not use it unless there is a real requirement.
+type TimeStampNano int64
+
+// TimeStampNanoNow returns now nano int64
+func TimeStampNanoNow() TimeStampNano {
+	return TimeStampNano(time.Now().UnixNano())
+}
+
+// AsTime convert timestamp as time.Time in Local locale
+func (tsn TimeStampNano) AsTime() (tm time.Time) {
+	return tsn.AsTimeInLocation(setting.DefaultUILocation)
+}
+
+// AsTimeInLocation convert timestamp as time.Time in Local locale
+func (tsn TimeStampNano) AsTimeInLocation(loc *time.Location) time.Time {
+	return time.Unix(0, int64(tsn)).In(loc)
+}

services/webhook/deliver.go

@@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/proxy"
 	"code.gitea.io/gitea/modules/queue"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/timeutil"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 
 	"github.com/gobwas/glob"
@@ -179,7 +180,7 @@ func Deliver(ctx context.Context, t *webhook_model.HookTask) error {
 
 	// All code from this point will update the hook task
 	defer func() {
-		t.Delivered = time.Now().UnixNano()
+		t.Delivered = timeutil.TimeStampNanoNow()
 		if t.IsSucceed {
 			log.Trace("Hook delivered: %s", t.UUID)
 		} else if !w.IsActive {

templates/repo/settings/navbar.tmpl

@@ -27,7 +27,7 @@
 		<a class="{{if .PageIsSettingsKeys}}active {{end}}item" href="{{.RepoLink}}/settings/keys">
 			{{.locale.Tr "repo.settings.deploy_keys"}}
 		</a>
-		{{if .EnableActions}}
+		{{if and .EnableActions (not .UnitActionsGlobalDisabled) (.Permission.CanRead $.UnitTypeActions)}}
 		<a class="{{if .PageIsSettingsSecrets}}active {{end}}item" href="{{.RepoLink}}/settings/secrets">
 			{{.locale.Tr "secrets.secrets"}}
 		</a>

templates/repo/settings/webhook/history.tmpl

@@ -21,7 +21,7 @@
 						<a class="ui primary sha label toggle button" data-target="#info-{{.ID}}">{{.UUID}}</a>
 						<div class="ui right">
 							<span class="text grey time">
-								{{.DeliveredString}}
+								{{TimeSince .Delivered.AsTime $.locale}}
 							</span>
 						</div>
 					</div>