Dockerfile: rename user to _gitea instead of git

It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

.forgejo/workflows/publish-release.yml

@@ -57,7 +57,7 @@ jobs:
         uses: https://code.forgejo.org/actions/setup-go@v4
         if: secrets.ROLE == 'forgejo-experimental'
         with:
-          go-version: "1.21.9"
+          go-version: "1.21"
           check-latest: true
       - name: update the _release.experimental DNS record
         if: secrets.ROLE == 'forgejo-experimental'

.forgejo/workflows/testing.yml

@@ -16,7 +16,7 @@ jobs:
       - uses: https://code.forgejo.org/actions/checkout@v3
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version: "1.21.9"
+          go-version: "1.21"
           check-latest: true
       - run: make deps-backend deps-tools
       - run: make lint-backend
@@ -30,7 +30,7 @@ jobs:
       - uses: https://code.forgejo.org/actions/checkout@v3
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version: "1.21.9"
+          go-version: "1.21"
           check-latest: true
       - run: make deps-backend deps-tools
       - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
@@ -49,7 +49,7 @@ jobs:
       - uses: https://code.forgejo.org/actions/checkout@v3
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version: "1.21.9"
+          go-version: "1.21"
       - run: |
           git config --add safe.directory '*'
           adduser --quiet --comment forgejo --disabled-password forgejo
@@ -85,7 +85,7 @@ jobs:
       - uses: https://code.forgejo.org/actions/checkout@v3
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version: "1.21.9"
+          go-version: "1.21"
       - name: install dependencies
         run: |
           export DEBIAN_FRONTEND=noninteractive
@@ -128,7 +128,7 @@ jobs:
       - uses: https://code.forgejo.org/actions/checkout@v3
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version: "1.21.9"
+          go-version: "1.21"
       - name: install dependencies
         run: |
           export DEBIAN_FRONTEND=noninteractive
@@ -162,7 +162,7 @@ jobs:
       - uses: https://code.forgejo.org/actions/checkout@v3
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version: "1.21.9"
+          go-version: "1.21"
       - name: install dependencies
         run: |
           export DEBIAN_FRONTEND=noninteractive

Dockerfile

@@ -79,10 +79,10 @@ RUN addgroup \
     -s /bin/bash \
     -u 1000 \
     -G git \
-    git && \
+    _gitea && \
-  echo "git:*" | chpasswd -e
+  echo "_gitea:*" | chpasswd -e
 
-ENV USER git
+ENV USER _gitea
 ENV GITEA_CUSTOM /data/gitea
 
 VOLUME ["/data"]

Makefile

@@ -89,7 +89,7 @@ endif
 VERSION = ${GITEA_VERSION}
 
 # SemVer
-FORGEJO_VERSION := 6.0.10+0-gitea-1.21.10
+FORGEJO_VERSION := 6.0.11+0-gitea-1.21.11
 
 LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)" -X "main.ForgejoVersion=$(FORGEJO_VERSION)"
 

go.mod

@@ -72,7 +72,7 @@ require (
 	github.com/lib/pq v1.10.9
 	github.com/markbates/goth v1.78.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.17
+	github.com/mattn/go-sqlite3 v1.14.22
 	github.com/meilisearch/meilisearch-go v0.25.1
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.26

go.sum

@@ -714,8 +714,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
-github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/meilisearch/meilisearch-go v0.25.1 h1:D5wY22sn5kkpRH3uYMGlwltdUEq5regIFmO7awHz3Vo=

models/fixtures/action_run.yml

@@ -17,3 +17,23 @@
   updated: 1683636626
   need_approval: 0
   approved_by: 0
+-
+  id: 891
+  title: "update actions"
+  repo_id: 1
+  owner_id: 1
+  workflow_id: "artifact.yaml"
+  index: 187
+  trigger_user_id: 1
+  ref: "refs/heads/branch2"
+  commit_sha: "985f0301dba5e7b34be866819cd15ad3d8f508ee"
+  event: "push"
+  is_fork_pull_request: 0
+  status: 1 # success
+  started: 1683636528
+  stopped: 1683636626
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  event_payload: '{"head_commit":{"id":"5f22f7d0d95d614d25a5b68592adb345a4b5c7fd"}}'

models/fixtures/action_run_job.yml

@@ -12,3 +12,17 @@
   status: 1
   started: 1683636528
   stopped: 1683636626
+-
+  id: 292
+  run_id: 891
+  repo_id: 1
+  owner_id: 1
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: 0
+  name: job_2
+  attempt: 1
+  job_id: job_2
+  task_id: 47
+  status: 1
+  started: 1683636528
+  stopped: 1683636626

models/organization/org.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"strings"
 
+	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -401,6 +402,8 @@ func DeleteOrganization(ctx context.Context, org *Organization) error {
 		&TeamUnit{OrgID: org.ID},
 		&TeamInvite{OrgID: org.ID},
 		&secret_model.Secret{OwnerID: org.ID},
+		&actions_model.ActionRunner{OwnerID: org.ID},
+		&actions_model.ActionRunnerToken{OwnerID: org.ID},
 	); err != nil {
 		return fmt.Errorf("DeleteBeans: %w", err)
 	}

modules/lfs/filesystem_client.go

@@ -44,7 +44,7 @@ func (c *FilesystemClient) Download(ctx context.Context, objects []Pointer, call
 		if err != nil {
 			return err
 		}
-
+		defer f.Close()
 		if err := callback(p, f, nil); err != nil {
 			return err
 		}
@@ -75,7 +75,7 @@ func (c *FilesystemClient) Upload(ctx context.Context, objects []Pointer, callba
 			if err != nil {
 				return err
 			}
-
+			defer f.Close()
 			_, err = io.Copy(f, content)
 
 			return err

routers/api/actions/runner/runner.go

@@ -9,6 +9,8 @@ import (
 	"net/http"
 
 	actions_model "code.gitea.io/gitea/models/actions"
+	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/actions"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/util"
@@ -54,6 +56,18 @@ func (s *Service) Register(
 		return nil, errors.New("runner registration token has been invalidated, please use the latest one")
 	}
 
+	if runnerToken.OwnerID > 0 {
+		if _, err := user_model.GetUserByID(ctx, runnerToken.OwnerID); err != nil {
+			return nil, errors.New("owner of the token not found")
+		}
+	}
+
+	if runnerToken.RepoID > 0 {
+		if _, err := repo_model.GetRepositoryByID(ctx, runnerToken.RepoID); err != nil {
+			return nil, errors.New("repository of the token not found")
+		}
+	}
+
 	labels := req.Msg.Labels
 	// TODO: agent_labels should be removed from pb after Gitea 1.20 released.
 	// Old version runner's agent_labels slice is not empty and labels slice is empty.

routers/private/hook_pre_receive.go

@@ -101,6 +101,57 @@ func (ctx *preReceiveContext) AssertCreatePullRequest() bool {
 	return true
 }
 
+func (ctx *preReceiveContext) canChangeSettings() bool {
+	if !ctx.loadPusherAndPermission() {
+		return false
+	}
+
+	perm, err := access_model.GetUserRepoPermission(ctx, ctx.Repo.Repository, ctx.user)
+	if err != nil {
+		return false
+	}
+	if !perm.IsOwner() && !perm.IsAdmin() {
+		return false
+	}
+
+	if ctx.Repo.Repository.IsFork {
+		return false
+	}
+
+	return true
+}
+
+func (ctx *preReceiveContext) assertChangeSettings() bool {
+	opts := web.GetForm(ctx).(*private.HookOptions)
+
+	if len(opts.GitPushOptions) == 0 {
+		return true
+	}
+
+	_, hasPrivateOpt := opts.GitPushOptions[private.GitPushOptionRepoPrivate]
+	_, hasTemplateOpt := opts.GitPushOptions[private.GitPushOptionRepoTemplate]
+
+	if !hasPrivateOpt && !hasTemplateOpt {
+		// If neither `repo.private` nor `repo.template` is present in
+		// the push options, we're good to go without further permission
+		// checking.
+		return true
+	}
+
+	// Either `repo.private` or `repo.template` is among the push options,
+	// do some permission checks.
+	if !ctx.canChangeSettings() {
+		if ctx.Written() {
+			return false
+		}
+		ctx.JSON(http.StatusForbidden, private.Response{
+			UserMsg: "Permission denied for changing repo settings.",
+		})
+		return false
+	}
+	return true
+}
+
 // HookPreReceive checks whether a individual commit is acceptable
 func HookPreReceive(ctx *gitea_context.PrivateContext) {
 	opts := web.GetForm(ctx).(*private.HookOptions)
@@ -111,6 +162,10 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) {
 		opts:           opts,
 	}
 
+	if !ourCtx.assertChangeSettings() {
+		return
+	}
+
 	// Iterate across the provided old commit IDs
 	for i := range opts.OldCommitIDs {
 		oldCommitID := opts.OldCommitIDs[i]

routers/web/repo/render.go

@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/typesniffer"
 	"code.gitea.io/gitea/modules/util"
@@ -44,20 +45,17 @@ func RenderFile(ctx *context.Context) {
 	isTextFile := st.IsText()
 
 	rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc), charset.ConvertOpts{})
+	ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
 
 	if markupType := markup.Type(blob.Name()); markupType == "" {
 		if isTextFile {
-			_, err = io.Copy(ctx.Resp, rd)
+			_, _ = io.Copy(ctx.Resp, rd)
-			if err != nil {
+		} else {
-				ctx.ServerError("Copy", err)
+			http.Error(ctx.Resp, "Unsupported file type render", http.StatusInternalServerError)
 		}
 		return
 	}
-		ctx.Error(http.StatusInternalServerError, "Unsupported file type render")
-		return
-	}
 
-	ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
 	err = markup.Render(&markup.RenderContext{
 		Ctx:          ctx,
 		RelativePath: ctx.Repo.TreePath,
@@ -71,7 +69,8 @@ func RenderFile(ctx *context.Context) {
 		InStandalonePage: true,
 	}, rd, ctx.Resp)
 	if err != nil {
-		ctx.ServerError("Render", err)
+		log.Error("Failed to render file %q: %v", ctx.Repo.TreePath, err)
+		http.Error(ctx.Resp, "Failed to render file", http.StatusInternalServerError)
 		return
 	}
 }

services/actions/commit_status.go

@@ -15,6 +15,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	api "code.gitea.io/gitea/modules/structs"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
+	files_service "code.gitea.io/gitea/services/repository/files"
 
 	"github.com/nektos/act/pkg/jobparser"
 )
@@ -114,18 +115,15 @@ func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
 	}
 
 	creator := user_model.NewActionsUser()
-	if err := git_model.NewCommitStatus(ctx, git_model.NewCommitStatusOptions{
+	if err := files_service.CreateCommitStatus(ctx, repo, creator,
-		Repo:    repo,
+		sha,
-		SHA:     sha,
+		&git_model.CommitStatus{
-		Creator: creator,
-		CommitStatus: &git_model.CommitStatus{
 			SHA:         sha,
 			TargetURL:   fmt.Sprintf("%s/jobs/%d", run.Link(), index),
 			Description: description,
 			Context:     ctxname,
 			CreatorID:   creator.ID,
 			State:       state,
-		},
 		}); err != nil {
 		return fmt.Errorf("NewCommitStatus: %w", err)
 	}

services/actions/notifier_helper.go

@@ -452,7 +452,7 @@ func handleSchedules(
 			RepoID:        input.Repo.ID,
 			OwnerID:       input.Repo.OwnerID,
 			WorkflowID:    dwf.EntryName,
-			TriggerUserID: input.Doer.ID,
+			TriggerUserID: user_model.ActionsUserID,
 			Ref:           input.Repo.DefaultBranch,
 			CommitSHA:     commit.ID.String(),
 			Event:         webhook_module.HookEventType(api.HookScheduleCreated),

services/migrations/gitbucket.go

@@ -72,6 +72,11 @@ func (g *GitBucketDownloader) LogString() string {
 // NewGitBucketDownloader creates a GitBucket downloader
 func NewGitBucketDownloader(ctx context.Context, baseURL, userName, password, token, repoOwner, repoName string) *GitBucketDownloader {
 	githubDownloader := NewGithubDownloaderV3(ctx, baseURL, userName, password, token, repoOwner, repoName)
+	// Gitbucket 4.40 uses different internal hard-coded perPage values.
+	// Issues, PRs, and other major parts use 25.  Release page uses 10.
+	// Some API doesn't support paging yet.  Sounds difficult, but using
+	// minimum number among them worked out very well.
+	githubDownloader.maxPerPage = 10
 	githubDownloader.SkipReactions = true
 	githubDownloader.SkipReviews = true
 	return &GitBucketDownloader{

services/repository/delete.go

@@ -164,6 +164,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, uid, r
 		&actions_model.ActionScheduleSpec{RepoID: repoID},
 		&actions_model.ActionSchedule{RepoID: repoID},
 		&actions_model.ActionArtifact{RepoID: repoID},
+		&actions_model.ActionRunnerToken{RepoID: repoID},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %w", err)
 	}

services/user/delete.go

@@ -95,6 +95,7 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
 		&actions_model.ActionRunner{OwnerID: u.ID},
 		&user_model.BlockedUser{BlockID: u.ID},
 		&user_model.BlockedUser{UserID: u.ID},
+		&actions_model.ActionRunnerToken{OwnerID: u.ID},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %w", err)
 	}

tests/integration/actions_commit_status_test.go

@@ -0,0 +1,48 @@
+// Copyright 20124 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/url"
+	"testing"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/models/db"
+	issues_model "code.gitea.io/gitea/models/issues"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/services/actions"
+	"code.gitea.io/gitea/services/automerge"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionsAutomerge(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		assert.True(t, setting.Actions.Enabled, "Actions should be enabled")
+
+		ctx := db.DefaultContext
+
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+		pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 2})
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 292})
+
+		assert.False(t, pr.HasMerged, "PR should not be merged")
+		assert.Equal(t, issues_model.PullRequestStatusMergeable, pr.Status, "PR should be mergable")
+
+		scheduled, err := automerge.ScheduleAutoMerge(ctx, user, pr, repo_model.MergeStyleMerge, "Dummy")
+
+		assert.NoError(t, err, "PR should be scheduled for automerge")
+		assert.True(t, scheduled, "PR should be scheduled for automerge")
+
+		actions.CreateCommitStatus(ctx, job)
+
+		pr = unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 2})
+
+		assert.True(t, pr.HasMerged, "PR should be merged")
+	},
+	)
+}

tests/integration/git_push_test.go

@@ -0,0 +1,95 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/url"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	repo_module "code.gitea.io/gitea/modules/repository"
+	repo_service "code.gitea.io/gitea/services/repository"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestOptionsGitPush(t *testing.T) {
+	onGiteaRun(t, testOptionsGitPush)
+}
+
+func testOptionsGitPush(t *testing.T, u *url.URL) {
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
+		Name:          "repo-to-push",
+		Description:   "test git push",
+		AutoInit:      false,
+		DefaultBranch: "main",
+		IsPrivate:     false,
+	})
+	require.NoError(t, err)
+	require.NotEmpty(t, repo)
+
+	gitPath := t.TempDir()
+
+	doGitInitTestRepository(gitPath)(t)
+
+	u.Path = repo.FullName() + ".git"
+	u.User = url.UserPassword(user.LowerName, userPassword)
+	doGitAddRemote(gitPath, "origin", u)(t)
+
+	{
+		// owner sets private & template to true via push options
+		branchName := "branch1"
+		doGitCreateBranch(gitPath, branchName)(t)
+		doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
+		repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+		require.NoError(t, err)
+		require.True(t, repo.IsPrivate)
+		require.True(t, repo.IsTemplate)
+	}
+
+	{
+		// owner sets private & template to false via push options
+		branchName := "branch2"
+		doGitCreateBranch(gitPath, branchName)(t)
+		doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=false", "-o", "repo.template=false")(t)
+		repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+		require.NoError(t, err)
+		require.False(t, repo.IsPrivate)
+		require.False(t, repo.IsTemplate)
+	}
+
+	{
+		// create a collaborator with write access
+		collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+		u.User = url.UserPassword(collaborator.LowerName, userPassword)
+		doGitAddRemote(gitPath, "collaborator", u)(t)
+		repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+		require.NoError(t, err)
+		repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
+	}
+
+	{
+		// collaborator with write access is allowed to push
+		branchName := "branch3"
+		doGitCreateBranch(gitPath, branchName)(t)
+		doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
+	}
+
+	{
+		// collaborator with write access fails to change private & template via push options
+		branchName := "branch4"
+		doGitCreateBranch(gitPath, branchName)(t)
+		doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
+		repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
+		require.NoError(t, err)
+		require.False(t, repo.IsPrivate)
+		require.False(t, repo.IsTemplate)
+	}
+
+	require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, user.ID, repo.ID))
+}