Compare commits

..

1 commit

Author SHA1 Message Date
d224514695 Dockerfile: rename user to _gitea instead of git 2024-04-04 18:11:00 -03:00
19 changed files with 29 additions and 282 deletions

View file

@ -57,7 +57,7 @@ jobs:
uses: https://code.forgejo.org/actions/setup-go@v4
if: secrets.ROLE == 'forgejo-experimental'
with:
go-version: "1.21"
go-version: "1.21.9"
check-latest: true
- name: update the _release.experimental DNS record
if: secrets.ROLE == 'forgejo-experimental'

View file

@ -16,7 +16,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.21"
go-version: "1.21.9"
check-latest: true
- run: make deps-backend deps-tools
- run: make lint-backend
@ -30,7 +30,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.21"
go-version: "1.21.9"
check-latest: true
- run: make deps-backend deps-tools
- run: make --always-make checks-backend # ensure the "go-licenses" make target runs
@ -49,7 +49,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.21"
go-version: "1.21.9"
- run: |
git config --add safe.directory '*'
adduser --quiet --comment forgejo --disabled-password forgejo
@ -85,7 +85,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.21"
go-version: "1.21.9"
- name: install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
@ -128,7 +128,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.21"
go-version: "1.21.9"
- name: install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
@ -162,7 +162,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.21"
go-version: "1.21.9"
- name: install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive

View file

@ -89,7 +89,7 @@ endif
VERSION = ${GITEA_VERSION}
# SemVer
FORGEJO_VERSION := 6.0.11+0-gitea-1.21.11
FORGEJO_VERSION := 6.0.10+0-gitea-1.21.10
LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)" -X "main.ForgejoVersion=$(FORGEJO_VERSION)"

2
go.mod
View file

@ -72,7 +72,7 @@ require (
github.com/lib/pq v1.10.9
github.com/markbates/goth v1.78.0
github.com/mattn/go-isatty v0.0.20
github.com/mattn/go-sqlite3 v1.14.22
github.com/mattn/go-sqlite3 v1.14.17
github.com/meilisearch/meilisearch-go v0.25.1
github.com/mholt/archiver/v3 v3.5.1
github.com/microcosm-cc/bluemonday v1.0.26

4
go.sum
View file

@ -714,8 +714,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/meilisearch/meilisearch-go v0.25.1 h1:D5wY22sn5kkpRH3uYMGlwltdUEq5regIFmO7awHz3Vo=

View file

@ -17,23 +17,3 @@
updated: 1683636626
need_approval: 0
approved_by: 0
-
id: 891
title: "update actions"
repo_id: 1
owner_id: 1
workflow_id: "artifact.yaml"
index: 187
trigger_user_id: 1
ref: "refs/heads/branch2"
commit_sha: "985f0301dba5e7b34be866819cd15ad3d8f508ee"
event: "push"
is_fork_pull_request: 0
status: 1 # success
started: 1683636528
stopped: 1683636626
created: 1683636108
updated: 1683636626
need_approval: 0
approved_by: 0
event_payload: '{"head_commit":{"id":"5f22f7d0d95d614d25a5b68592adb345a4b5c7fd"}}'

View file

@ -12,17 +12,3 @@
status: 1
started: 1683636528
stopped: 1683636626
-
id: 292
run_id: 891
repo_id: 1
owner_id: 1
commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
is_fork_pull_request: 0
name: job_2
attempt: 1
job_id: job_2
task_id: 47
status: 1
started: 1683636528
stopped: 1683636626

View file

@ -9,7 +9,6 @@ import (
"fmt"
"strings"
actions_model "code.gitea.io/gitea/models/actions"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/perm"
repo_model "code.gitea.io/gitea/models/repo"
@ -402,8 +401,6 @@ func DeleteOrganization(ctx context.Context, org *Organization) error {
&TeamUnit{OrgID: org.ID},
&TeamInvite{OrgID: org.ID},
&secret_model.Secret{OwnerID: org.ID},
&actions_model.ActionRunner{OwnerID: org.ID},
&actions_model.ActionRunnerToken{OwnerID: org.ID},
); err != nil {
return fmt.Errorf("DeleteBeans: %w", err)
}

View file

@ -44,7 +44,7 @@ func (c *FilesystemClient) Download(ctx context.Context, objects []Pointer, call
if err != nil {
return err
}
defer f.Close()
if err := callback(p, f, nil); err != nil {
return err
}
@ -75,7 +75,7 @@ func (c *FilesystemClient) Upload(ctx context.Context, objects []Pointer, callba
if err != nil {
return err
}
defer f.Close()
_, err = io.Copy(f, content)
return err

View file

@ -9,8 +9,6 @@ import (
"net/http"
actions_model "code.gitea.io/gitea/models/actions"
repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/actions"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/util"
@ -56,18 +54,6 @@ func (s *Service) Register(
return nil, errors.New("runner registration token has been invalidated, please use the latest one")
}
if runnerToken.OwnerID > 0 {
if _, err := user_model.GetUserByID(ctx, runnerToken.OwnerID); err != nil {
return nil, errors.New("owner of the token not found")
}
}
if runnerToken.RepoID > 0 {
if _, err := repo_model.GetRepositoryByID(ctx, runnerToken.RepoID); err != nil {
return nil, errors.New("repository of the token not found")
}
}
labels := req.Msg.Labels
// TODO: agent_labels should be removed from pb after Gitea 1.20 released.
// Old version runner's agent_labels slice is not empty and labels slice is empty.

View file

@ -101,57 +101,6 @@ func (ctx *preReceiveContext) AssertCreatePullRequest() bool {
return true
}
func (ctx *preReceiveContext) canChangeSettings() bool {
if !ctx.loadPusherAndPermission() {
return false
}
perm, err := access_model.GetUserRepoPermission(ctx, ctx.Repo.Repository, ctx.user)
if err != nil {
return false
}
if !perm.IsOwner() && !perm.IsAdmin() {
return false
}
if ctx.Repo.Repository.IsFork {
return false
}
return true
}
func (ctx *preReceiveContext) assertChangeSettings() bool {
opts := web.GetForm(ctx).(*private.HookOptions)
if len(opts.GitPushOptions) == 0 {
return true
}
_, hasPrivateOpt := opts.GitPushOptions[private.GitPushOptionRepoPrivate]
_, hasTemplateOpt := opts.GitPushOptions[private.GitPushOptionRepoTemplate]
if !hasPrivateOpt && !hasTemplateOpt {
// If neither `repo.private` nor `repo.template` is present in
// the push options, we're good to go without further permission
// checking.
return true
}
// Either `repo.private` or `repo.template` is among the push options,
// do some permission checks.
if !ctx.canChangeSettings() {
if ctx.Written() {
return false
}
ctx.JSON(http.StatusForbidden, private.Response{
UserMsg: "Permission denied for changing repo settings.",
})
return false
}
return true
}
// HookPreReceive checks whether a individual commit is acceptable
func HookPreReceive(ctx *gitea_context.PrivateContext) {
opts := web.GetForm(ctx).(*private.HookOptions)
@ -162,10 +111,6 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) {
opts: opts,
}
if !ourCtx.assertChangeSettings() {
return
}
// Iterate across the provided old commit IDs
for i := range opts.OldCommitIDs {
oldCommitID := opts.OldCommitIDs[i]

View file

@ -12,7 +12,6 @@ import (
"code.gitea.io/gitea/modules/charset"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/markup"
"code.gitea.io/gitea/modules/typesniffer"
"code.gitea.io/gitea/modules/util"
@ -45,17 +44,20 @@ func RenderFile(ctx *context.Context) {
isTextFile := st.IsText()
rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc), charset.ConvertOpts{})
ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
if markupType := markup.Type(blob.Name()); markupType == "" {
if isTextFile {
_, _ = io.Copy(ctx.Resp, rd)
} else {
http.Error(ctx.Resp, "Unsupported file type render", http.StatusInternalServerError)
_, err = io.Copy(ctx.Resp, rd)
if err != nil {
ctx.ServerError("Copy", err)
}
return
}
ctx.Error(http.StatusInternalServerError, "Unsupported file type render")
return
}
ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
err = markup.Render(&markup.RenderContext{
Ctx: ctx,
RelativePath: ctx.Repo.TreePath,
@ -69,8 +71,7 @@ func RenderFile(ctx *context.Context) {
InStandalonePage: true,
}, rd, ctx.Resp)
if err != nil {
log.Error("Failed to render file %q: %v", ctx.Repo.TreePath, err)
http.Error(ctx.Resp, "Failed to render file", http.StatusInternalServerError)
ctx.ServerError("Render", err)
return
}
}

View file

@ -15,7 +15,6 @@ import (
"code.gitea.io/gitea/modules/log"
api "code.gitea.io/gitea/modules/structs"
webhook_module "code.gitea.io/gitea/modules/webhook"
files_service "code.gitea.io/gitea/services/repository/files"
"github.com/nektos/act/pkg/jobparser"
)
@ -115,16 +114,19 @@ func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
}
creator := user_model.NewActionsUser()
if err := files_service.CreateCommitStatus(ctx, repo, creator,
sha,
&git_model.CommitStatus{
if err := git_model.NewCommitStatus(ctx, git_model.NewCommitStatusOptions{
Repo: repo,
SHA: sha,
Creator: creator,
CommitStatus: &git_model.CommitStatus{
SHA: sha,
TargetURL: fmt.Sprintf("%s/jobs/%d", run.Link(), index),
Description: description,
Context: ctxname,
CreatorID: creator.ID,
State: state,
}); err != nil {
},
}); err != nil {
return fmt.Errorf("NewCommitStatus: %w", err)
}

View file

@ -452,7 +452,7 @@ func handleSchedules(
RepoID: input.Repo.ID,
OwnerID: input.Repo.OwnerID,
WorkflowID: dwf.EntryName,
TriggerUserID: user_model.ActionsUserID,
TriggerUserID: input.Doer.ID,
Ref: input.Repo.DefaultBranch,
CommitSHA: commit.ID.String(),
Event: webhook_module.HookEventType(api.HookScheduleCreated),

View file

@ -72,11 +72,6 @@ func (g *GitBucketDownloader) LogString() string {
// NewGitBucketDownloader creates a GitBucket downloader
func NewGitBucketDownloader(ctx context.Context, baseURL, userName, password, token, repoOwner, repoName string) *GitBucketDownloader {
githubDownloader := NewGithubDownloaderV3(ctx, baseURL, userName, password, token, repoOwner, repoName)
// Gitbucket 4.40 uses different internal hard-coded perPage values.
// Issues, PRs, and other major parts use 25. Release page uses 10.
// Some API doesn't support paging yet. Sounds difficult, but using
// minimum number among them worked out very well.
githubDownloader.maxPerPage = 10
githubDownloader.SkipReactions = true
githubDownloader.SkipReviews = true
return &GitBucketDownloader{

View file

@ -164,7 +164,6 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, uid, r
&actions_model.ActionScheduleSpec{RepoID: repoID},
&actions_model.ActionSchedule{RepoID: repoID},
&actions_model.ActionArtifact{RepoID: repoID},
&actions_model.ActionRunnerToken{RepoID: repoID},
); err != nil {
return fmt.Errorf("deleteBeans: %w", err)
}

View file

@ -95,7 +95,6 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
&actions_model.ActionRunner{OwnerID: u.ID},
&user_model.BlockedUser{BlockID: u.ID},
&user_model.BlockedUser{UserID: u.ID},
&actions_model.ActionRunnerToken{OwnerID: u.ID},
); err != nil {
return fmt.Errorf("deleteBeans: %w", err)
}

View file

@ -1,48 +0,0 @@
// Copyright 20124 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"net/url"
"testing"
actions_model "code.gitea.io/gitea/models/actions"
"code.gitea.io/gitea/models/db"
issues_model "code.gitea.io/gitea/models/issues"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/services/actions"
"code.gitea.io/gitea/services/automerge"
"github.com/stretchr/testify/assert"
)
func TestActionsAutomerge(t *testing.T) {
onGiteaRun(t, func(t *testing.T, u *url.URL) {
assert.True(t, setting.Actions.Enabled, "Actions should be enabled")
ctx := db.DefaultContext
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 2})
job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 292})
assert.False(t, pr.HasMerged, "PR should not be merged")
assert.Equal(t, issues_model.PullRequestStatusMergeable, pr.Status, "PR should be mergable")
scheduled, err := automerge.ScheduleAutoMerge(ctx, user, pr, repo_model.MergeStyleMerge, "Dummy")
assert.NoError(t, err, "PR should be scheduled for automerge")
assert.True(t, scheduled, "PR should be scheduled for automerge")
actions.CreateCommitStatus(ctx, job)
pr = unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 2})
assert.True(t, pr.HasMerged, "PR should be merged")
},
)
}

View file

@ -1,95 +0,0 @@
// Copyright 2024 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"net/url"
"testing"
"code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
repo_module "code.gitea.io/gitea/modules/repository"
repo_service "code.gitea.io/gitea/services/repository"
"github.com/stretchr/testify/require"
)
func TestOptionsGitPush(t *testing.T) {
onGiteaRun(t, testOptionsGitPush)
}
func testOptionsGitPush(t *testing.T, u *url.URL) {
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
Name: "repo-to-push",
Description: "test git push",
AutoInit: false,
DefaultBranch: "main",
IsPrivate: false,
})
require.NoError(t, err)
require.NotEmpty(t, repo)
gitPath := t.TempDir()
doGitInitTestRepository(gitPath)(t)
u.Path = repo.FullName() + ".git"
u.User = url.UserPassword(user.LowerName, userPassword)
doGitAddRemote(gitPath, "origin", u)(t)
{
// owner sets private & template to true via push options
branchName := "branch1"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.True(t, repo.IsPrivate)
require.True(t, repo.IsTemplate)
}
{
// owner sets private & template to false via push options
branchName := "branch2"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=false", "-o", "repo.template=false")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
}
{
// create a collaborator with write access
collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
u.User = url.UserPassword(collaborator.LowerName, userPassword)
doGitAddRemote(gitPath, "collaborator", u)(t)
repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
}
{
// collaborator with write access is allowed to push
branchName := "branch3"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
}
{
// collaborator with write access fails to change private & template via push options
branchName := "branch4"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
}
require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, user.ID, repo.ID))
}