Compare commits

..

17 commits

Author SHA1 Message Date
a689f330ce Dockerfile: rename user to _gitea instead of git 2024-04-18 21:18:33 -03:00
Gergely Nagy
cc80e66153
hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-18 11:53:30 +02:00
Lunny Xiao
b7cff17de1
Performance optimization for git push (#30104) (#30354)
Agit returned result should be from `ProcReceive` hook but not
`PostReceive` hook. Then for all non-agit pull requests, it will not
check the pull requests for every pushing `refs/pull/%d/head`.

Backport #30104

(cherry picked from commit 6e3aaa997549b83935241e486caf811793c88aea)

Conflicts:
    it is implemented differently in Forgejo, just keep the test
    in tests/integration/git_push_test.go
2024-04-18 09:39:47 +02:00
Earl Warren
82d1eeb47e Merge pull request '[gitea] v1.21.11-0 cherry-pick' (#3226) from earl-warren/forgejo:wip-v1.21-gitea-cherry-pick into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3226
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-04-17 10:19:07 +00:00
Earl Warren
5f64346931 Merge pull request 'fix(actions): call automerge service on successful commit state' (#3109) from viceice/forgejo:fix/actions/automerge into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3109
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-15 15:25:12 +00:00
Michael Kriese
4889a3a171
fix(actions): call automerge service on successful commit state
- Backport of https://github.com/go-gitea/gitea/pull/30225
2024-04-15 16:17:16 +02:00
Lunny Xiao
8dcc7d9e8c
Fix possible renderer security problem(#30136) (#30315)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 65d96725bb6cb0d0616c17844aca6c753aa5c851)
2024-04-15 11:36:01 +02:00
Earl Warren
8f5d5d49bc Merge pull request '[SEMVER] 6.0.11+0-gitea-1.21.11' (#3225) from earl-warren/forgejo:wip-semver into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3225
2024-04-15 08:39:30 +00:00
Lunny Xiao
e702e79625
Change the default maxPerPage for gitbucket (#30392) (#30471)
Backport #30392

This patch improves the migration from gitbucket to gitea.

The gitbucket uses it's own internal perPage value (= 25) for paging and
ignore per_page arguments in the requested URL. This cause gitea to
migrate only 25 issues and 25 PRs from gitbucket repository. This may
not happens on old gitbucket. But recent gitbucket 4.40 or 4.38.4 has
this problem.

This patch change to use this internally hardcoded perPage of gitbucket
as gitea's maxPerPage numer when migrating from gitbucket. There are
several perPage values in gitbucket like 25 for Isseus/PRs and 10 for
Releases. Some of those API doesn't support paging yet. It sounds
difficult to implement, but using the minimum number among them worked
out very well. So, I use 10 in this patch.

Brief descriptions of problems and this patch are also available in
https://github.com/go-gitea/gitea/issues/30316.

In addition, I'm not sure what kind of test cases are possible to write
here. It's a test for migration, so it requires testing gitbucket server
and gitea server, I guess. Please let me know if it is possible to write
such test cases here. Thanks!

Co-authored-by: Kazushi (Jam) Marukawa <jam@pobox.com>
(cherry picked from commit b6379d2f167551560c870d2d705269c9ba6fc3bc)
2024-04-15 09:52:00 +02:00
Lunny Xiao
c2f9eacd50
Upgrade go-sqlite to v1.14.22 (#30462)
(cherry picked from commit fc4e08f804704613d3a99347ef25813b9d38a422)
2024-04-15 09:41:13 +02:00
Zettat123
cb8ec2287f
Check the token's owner and repository when registering a runner (#30406) (#30412)
Backport #30406

Fix #30378

(cherry picked from commit 55990ebf9240fced8c58491521fc21bf4a4d8f23)

Conflicts:
	services/user/delete.go
	trivial context conflict because of `[MODERATION] User blocking`
2024-04-15 09:35:37 +02:00
Giteabot
fd47240545
Close file in the Upload func (#30262) (#30269)
Co-authored-by: guangwu <guoguangwu@magic-shield.com>
(cherry picked from commit 4588c7b705629ffed3108d09d665937c14d39716)
2024-04-15 09:17:54 +02:00
Earl Warren
127d9f743a
[SEMVER] 6.0.11+0-gitea-1.21.11 2024-04-15 09:14:39 +02:00
Earl Warren
2ee30d2651 Merge pull request '[v1.21/forgejo] fix(actions): the trigger user of a schedule is the action user' (#3215) from bp-v1.21/forgejo-c3e2c25 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3215
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-14 18:34:24 +00:00
Earl Warren
387aea4434 fix(actions): the trigger user of a schedule is the action user
The user that caused the notification to re-evaluates the
schedules is not the one that will trigger the workflows. They are
background tasks that are authored by the action user (id -2).

Such a mis-assignment is problematic when the user that caused the
notification is deleted.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3211
(cherry picked from commit c3e2c2535918b2fa46e40eea5618005e7e05ac0f)
2024-04-14 17:36:42 +00:00
Earl Warren
69007f1444 Merge pull request 'Revert "[CI] pin go v1.21.9 version"' (#3050) from earl-warren/forgejo:wip-v1.21-no-pin into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3050
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-05 09:35:55 +00:00
Earl Warren
c369619805
Revert "[CI] pin go v1.21.9 version"
The golang action now knows about the latest Go version.

This reverts commit d73ee02324.
2024-04-05 06:24:55 +02:00
19 changed files with 282 additions and 29 deletions

View file

@ -57,7 +57,7 @@ jobs:
uses: https://code.forgejo.org/actions/setup-go@v4 uses: https://code.forgejo.org/actions/setup-go@v4
if: secrets.ROLE == 'forgejo-experimental' if: secrets.ROLE == 'forgejo-experimental'
with: with:
go-version: "1.21.9" go-version: "1.21"
check-latest: true check-latest: true
- name: update the _release.experimental DNS record - name: update the _release.experimental DNS record
if: secrets.ROLE == 'forgejo-experimental' if: secrets.ROLE == 'forgejo-experimental'

View file

@ -16,7 +16,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3 - uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4 - uses: https://code.forgejo.org/actions/setup-go@v4
with: with:
go-version: "1.21.9" go-version: "1.21"
check-latest: true check-latest: true
- run: make deps-backend deps-tools - run: make deps-backend deps-tools
- run: make lint-backend - run: make lint-backend
@ -30,7 +30,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3 - uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4 - uses: https://code.forgejo.org/actions/setup-go@v4
with: with:
go-version: "1.21.9" go-version: "1.21"
check-latest: true check-latest: true
- run: make deps-backend deps-tools - run: make deps-backend deps-tools
- run: make --always-make checks-backend # ensure the "go-licenses" make target runs - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
@ -49,7 +49,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3 - uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4 - uses: https://code.forgejo.org/actions/setup-go@v4
with: with:
go-version: "1.21.9" go-version: "1.21"
- run: | - run: |
git config --add safe.directory '*' git config --add safe.directory '*'
adduser --quiet --comment forgejo --disabled-password forgejo adduser --quiet --comment forgejo --disabled-password forgejo
@ -85,7 +85,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3 - uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4 - uses: https://code.forgejo.org/actions/setup-go@v4
with: with:
go-version: "1.21.9" go-version: "1.21"
- name: install dependencies - name: install dependencies
run: | run: |
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
@ -128,7 +128,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3 - uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4 - uses: https://code.forgejo.org/actions/setup-go@v4
with: with:
go-version: "1.21.9" go-version: "1.21"
- name: install dependencies - name: install dependencies
run: | run: |
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
@ -162,7 +162,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v3 - uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4 - uses: https://code.forgejo.org/actions/setup-go@v4
with: with:
go-version: "1.21.9" go-version: "1.21"
- name: install dependencies - name: install dependencies
run: | run: |
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive

View file

@ -89,7 +89,7 @@ endif
VERSION = ${GITEA_VERSION} VERSION = ${GITEA_VERSION}
# SemVer # SemVer
FORGEJO_VERSION := 6.0.10+0-gitea-1.21.10 FORGEJO_VERSION := 6.0.11+0-gitea-1.21.11
LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)" -X "main.ForgejoVersion=$(FORGEJO_VERSION)" LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)" -X "main.ForgejoVersion=$(FORGEJO_VERSION)"

2
go.mod
View file

@ -72,7 +72,7 @@ require (
github.com/lib/pq v1.10.9 github.com/lib/pq v1.10.9
github.com/markbates/goth v1.78.0 github.com/markbates/goth v1.78.0
github.com/mattn/go-isatty v0.0.20 github.com/mattn/go-isatty v0.0.20
github.com/mattn/go-sqlite3 v1.14.17 github.com/mattn/go-sqlite3 v1.14.22
github.com/meilisearch/meilisearch-go v0.25.1 github.com/meilisearch/meilisearch-go v0.25.1
github.com/mholt/archiver/v3 v3.5.1 github.com/mholt/archiver/v3 v3.5.1
github.com/microcosm-cc/bluemonday v1.0.26 github.com/microcosm-cc/bluemonday v1.0.26

4
go.sum
View file

@ -714,8 +714,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/meilisearch/meilisearch-go v0.25.1 h1:D5wY22sn5kkpRH3uYMGlwltdUEq5regIFmO7awHz3Vo= github.com/meilisearch/meilisearch-go v0.25.1 h1:D5wY22sn5kkpRH3uYMGlwltdUEq5regIFmO7awHz3Vo=

View file

@ -17,3 +17,23 @@
updated: 1683636626 updated: 1683636626
need_approval: 0 need_approval: 0
approved_by: 0 approved_by: 0
-
id: 891
title: "update actions"
repo_id: 1
owner_id: 1
workflow_id: "artifact.yaml"
index: 187
trigger_user_id: 1
ref: "refs/heads/branch2"
commit_sha: "985f0301dba5e7b34be866819cd15ad3d8f508ee"
event: "push"
is_fork_pull_request: 0
status: 1 # success
started: 1683636528
stopped: 1683636626
created: 1683636108
updated: 1683636626
need_approval: 0
approved_by: 0
event_payload: '{"head_commit":{"id":"5f22f7d0d95d614d25a5b68592adb345a4b5c7fd"}}'

View file

@ -12,3 +12,17 @@
status: 1 status: 1
started: 1683636528 started: 1683636528
stopped: 1683636626 stopped: 1683636626
-
id: 292
run_id: 891
repo_id: 1
owner_id: 1
commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
is_fork_pull_request: 0
name: job_2
attempt: 1
job_id: job_2
task_id: 47
status: 1
started: 1683636528
stopped: 1683636626

View file

@ -9,6 +9,7 @@ import (
"fmt" "fmt"
"strings" "strings"
actions_model "code.gitea.io/gitea/models/actions"
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
@ -401,6 +402,8 @@ func DeleteOrganization(ctx context.Context, org *Organization) error {
&TeamUnit{OrgID: org.ID}, &TeamUnit{OrgID: org.ID},
&TeamInvite{OrgID: org.ID}, &TeamInvite{OrgID: org.ID},
&secret_model.Secret{OwnerID: org.ID}, &secret_model.Secret{OwnerID: org.ID},
&actions_model.ActionRunner{OwnerID: org.ID},
&actions_model.ActionRunnerToken{OwnerID: org.ID},
); err != nil { ); err != nil {
return fmt.Errorf("DeleteBeans: %w", err) return fmt.Errorf("DeleteBeans: %w", err)
} }

View file

@ -44,7 +44,7 @@ func (c *FilesystemClient) Download(ctx context.Context, objects []Pointer, call
if err != nil { if err != nil {
return err return err
} }
defer f.Close()
if err := callback(p, f, nil); err != nil { if err := callback(p, f, nil); err != nil {
return err return err
} }
@ -75,7 +75,7 @@ func (c *FilesystemClient) Upload(ctx context.Context, objects []Pointer, callba
if err != nil { if err != nil {
return err return err
} }
defer f.Close()
_, err = io.Copy(f, content) _, err = io.Copy(f, content)
return err return err

View file

@ -9,6 +9,8 @@ import (
"net/http" "net/http"
actions_model "code.gitea.io/gitea/models/actions" actions_model "code.gitea.io/gitea/models/actions"
repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/actions" "code.gitea.io/gitea/modules/actions"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/util"
@ -54,6 +56,18 @@ func (s *Service) Register(
return nil, errors.New("runner registration token has been invalidated, please use the latest one") return nil, errors.New("runner registration token has been invalidated, please use the latest one")
} }
if runnerToken.OwnerID > 0 {
if _, err := user_model.GetUserByID(ctx, runnerToken.OwnerID); err != nil {
return nil, errors.New("owner of the token not found")
}
}
if runnerToken.RepoID > 0 {
if _, err := repo_model.GetRepositoryByID(ctx, runnerToken.RepoID); err != nil {
return nil, errors.New("repository of the token not found")
}
}
labels := req.Msg.Labels labels := req.Msg.Labels
// TODO: agent_labels should be removed from pb after Gitea 1.20 released. // TODO: agent_labels should be removed from pb after Gitea 1.20 released.
// Old version runner's agent_labels slice is not empty and labels slice is empty. // Old version runner's agent_labels slice is not empty and labels slice is empty.

View file

@ -101,6 +101,57 @@ func (ctx *preReceiveContext) AssertCreatePullRequest() bool {
return true return true
} }
func (ctx *preReceiveContext) canChangeSettings() bool {
if !ctx.loadPusherAndPermission() {
return false
}
perm, err := access_model.GetUserRepoPermission(ctx, ctx.Repo.Repository, ctx.user)
if err != nil {
return false
}
if !perm.IsOwner() && !perm.IsAdmin() {
return false
}
if ctx.Repo.Repository.IsFork {
return false
}
return true
}
func (ctx *preReceiveContext) assertChangeSettings() bool {
opts := web.GetForm(ctx).(*private.HookOptions)
if len(opts.GitPushOptions) == 0 {
return true
}
_, hasPrivateOpt := opts.GitPushOptions[private.GitPushOptionRepoPrivate]
_, hasTemplateOpt := opts.GitPushOptions[private.GitPushOptionRepoTemplate]
if !hasPrivateOpt && !hasTemplateOpt {
// If neither `repo.private` nor `repo.template` is present in
// the push options, we're good to go without further permission
// checking.
return true
}
// Either `repo.private` or `repo.template` is among the push options,
// do some permission checks.
if !ctx.canChangeSettings() {
if ctx.Written() {
return false
}
ctx.JSON(http.StatusForbidden, private.Response{
UserMsg: "Permission denied for changing repo settings.",
})
return false
}
return true
}
// HookPreReceive checks whether a individual commit is acceptable // HookPreReceive checks whether a individual commit is acceptable
func HookPreReceive(ctx *gitea_context.PrivateContext) { func HookPreReceive(ctx *gitea_context.PrivateContext) {
opts := web.GetForm(ctx).(*private.HookOptions) opts := web.GetForm(ctx).(*private.HookOptions)
@ -111,6 +162,10 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) {
opts: opts, opts: opts,
} }
if !ourCtx.assertChangeSettings() {
return
}
// Iterate across the provided old commit IDs // Iterate across the provided old commit IDs
for i := range opts.OldCommitIDs { for i := range opts.OldCommitIDs {
oldCommitID := opts.OldCommitIDs[i] oldCommitID := opts.OldCommitIDs[i]

View file

@ -12,6 +12,7 @@ import (
"code.gitea.io/gitea/modules/charset" "code.gitea.io/gitea/modules/charset"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/markup" "code.gitea.io/gitea/modules/markup"
"code.gitea.io/gitea/modules/typesniffer" "code.gitea.io/gitea/modules/typesniffer"
"code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/util"
@ -44,20 +45,17 @@ func RenderFile(ctx *context.Context) {
isTextFile := st.IsText() isTextFile := st.IsText()
rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc), charset.ConvertOpts{}) rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc), charset.ConvertOpts{})
ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
if markupType := markup.Type(blob.Name()); markupType == "" { if markupType := markup.Type(blob.Name()); markupType == "" {
if isTextFile { if isTextFile {
_, err = io.Copy(ctx.Resp, rd) _, _ = io.Copy(ctx.Resp, rd)
if err != nil { } else {
ctx.ServerError("Copy", err) http.Error(ctx.Resp, "Unsupported file type render", http.StatusInternalServerError)
} }
return return
} }
ctx.Error(http.StatusInternalServerError, "Unsupported file type render")
return
}
ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
err = markup.Render(&markup.RenderContext{ err = markup.Render(&markup.RenderContext{
Ctx: ctx, Ctx: ctx,
RelativePath: ctx.Repo.TreePath, RelativePath: ctx.Repo.TreePath,
@ -71,7 +69,8 @@ func RenderFile(ctx *context.Context) {
InStandalonePage: true, InStandalonePage: true,
}, rd, ctx.Resp) }, rd, ctx.Resp)
if err != nil { if err != nil {
ctx.ServerError("Render", err) log.Error("Failed to render file %q: %v", ctx.Repo.TreePath, err)
http.Error(ctx.Resp, "Failed to render file", http.StatusInternalServerError)
return return
} }
} }

View file

@ -15,6 +15,7 @@ import (
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
api "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs"
webhook_module "code.gitea.io/gitea/modules/webhook" webhook_module "code.gitea.io/gitea/modules/webhook"
files_service "code.gitea.io/gitea/services/repository/files"
"github.com/nektos/act/pkg/jobparser" "github.com/nektos/act/pkg/jobparser"
) )
@ -114,18 +115,15 @@ func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
} }
creator := user_model.NewActionsUser() creator := user_model.NewActionsUser()
if err := git_model.NewCommitStatus(ctx, git_model.NewCommitStatusOptions{ if err := files_service.CreateCommitStatus(ctx, repo, creator,
Repo: repo, sha,
SHA: sha, &git_model.CommitStatus{
Creator: creator,
CommitStatus: &git_model.CommitStatus{
SHA: sha, SHA: sha,
TargetURL: fmt.Sprintf("%s/jobs/%d", run.Link(), index), TargetURL: fmt.Sprintf("%s/jobs/%d", run.Link(), index),
Description: description, Description: description,
Context: ctxname, Context: ctxname,
CreatorID: creator.ID, CreatorID: creator.ID,
State: state, State: state,
},
}); err != nil { }); err != nil {
return fmt.Errorf("NewCommitStatus: %w", err) return fmt.Errorf("NewCommitStatus: %w", err)
} }

View file

@ -452,7 +452,7 @@ func handleSchedules(
RepoID: input.Repo.ID, RepoID: input.Repo.ID,
OwnerID: input.Repo.OwnerID, OwnerID: input.Repo.OwnerID,
WorkflowID: dwf.EntryName, WorkflowID: dwf.EntryName,
TriggerUserID: input.Doer.ID, TriggerUserID: user_model.ActionsUserID,
Ref: input.Repo.DefaultBranch, Ref: input.Repo.DefaultBranch,
CommitSHA: commit.ID.String(), CommitSHA: commit.ID.String(),
Event: webhook_module.HookEventType(api.HookScheduleCreated), Event: webhook_module.HookEventType(api.HookScheduleCreated),

View file

@ -72,6 +72,11 @@ func (g *GitBucketDownloader) LogString() string {
// NewGitBucketDownloader creates a GitBucket downloader // NewGitBucketDownloader creates a GitBucket downloader
func NewGitBucketDownloader(ctx context.Context, baseURL, userName, password, token, repoOwner, repoName string) *GitBucketDownloader { func NewGitBucketDownloader(ctx context.Context, baseURL, userName, password, token, repoOwner, repoName string) *GitBucketDownloader {
githubDownloader := NewGithubDownloaderV3(ctx, baseURL, userName, password, token, repoOwner, repoName) githubDownloader := NewGithubDownloaderV3(ctx, baseURL, userName, password, token, repoOwner, repoName)
// Gitbucket 4.40 uses different internal hard-coded perPage values.
// Issues, PRs, and other major parts use 25. Release page uses 10.
// Some API doesn't support paging yet. Sounds difficult, but using
// minimum number among them worked out very well.
githubDownloader.maxPerPage = 10
githubDownloader.SkipReactions = true githubDownloader.SkipReactions = true
githubDownloader.SkipReviews = true githubDownloader.SkipReviews = true
return &GitBucketDownloader{ return &GitBucketDownloader{

View file

@ -164,6 +164,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, uid, r
&actions_model.ActionScheduleSpec{RepoID: repoID}, &actions_model.ActionScheduleSpec{RepoID: repoID},
&actions_model.ActionSchedule{RepoID: repoID}, &actions_model.ActionSchedule{RepoID: repoID},
&actions_model.ActionArtifact{RepoID: repoID}, &actions_model.ActionArtifact{RepoID: repoID},
&actions_model.ActionRunnerToken{RepoID: repoID},
); err != nil { ); err != nil {
return fmt.Errorf("deleteBeans: %w", err) return fmt.Errorf("deleteBeans: %w", err)
} }

View file

@ -95,6 +95,7 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
&actions_model.ActionRunner{OwnerID: u.ID}, &actions_model.ActionRunner{OwnerID: u.ID},
&user_model.BlockedUser{BlockID: u.ID}, &user_model.BlockedUser{BlockID: u.ID},
&user_model.BlockedUser{UserID: u.ID}, &user_model.BlockedUser{UserID: u.ID},
&actions_model.ActionRunnerToken{OwnerID: u.ID},
); err != nil { ); err != nil {
return fmt.Errorf("deleteBeans: %w", err) return fmt.Errorf("deleteBeans: %w", err)
} }

View file

@ -0,0 +1,48 @@
// Copyright 20124 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"net/url"
"testing"
actions_model "code.gitea.io/gitea/models/actions"
"code.gitea.io/gitea/models/db"
issues_model "code.gitea.io/gitea/models/issues"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/services/actions"
"code.gitea.io/gitea/services/automerge"
"github.com/stretchr/testify/assert"
)
func TestActionsAutomerge(t *testing.T) {
onGiteaRun(t, func(t *testing.T, u *url.URL) {
assert.True(t, setting.Actions.Enabled, "Actions should be enabled")
ctx := db.DefaultContext
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 2})
job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 292})
assert.False(t, pr.HasMerged, "PR should not be merged")
assert.Equal(t, issues_model.PullRequestStatusMergeable, pr.Status, "PR should be mergable")
scheduled, err := automerge.ScheduleAutoMerge(ctx, user, pr, repo_model.MergeStyleMerge, "Dummy")
assert.NoError(t, err, "PR should be scheduled for automerge")
assert.True(t, scheduled, "PR should be scheduled for automerge")
actions.CreateCommitStatus(ctx, job)
pr = unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 2})
assert.True(t, pr.HasMerged, "PR should be merged")
},
)
}

View file

@ -0,0 +1,95 @@
// Copyright 2024 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"net/url"
"testing"
"code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
repo_module "code.gitea.io/gitea/modules/repository"
repo_service "code.gitea.io/gitea/services/repository"
"github.com/stretchr/testify/require"
)
func TestOptionsGitPush(t *testing.T) {
onGiteaRun(t, testOptionsGitPush)
}
func testOptionsGitPush(t *testing.T, u *url.URL) {
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
Name: "repo-to-push",
Description: "test git push",
AutoInit: false,
DefaultBranch: "main",
IsPrivate: false,
})
require.NoError(t, err)
require.NotEmpty(t, repo)
gitPath := t.TempDir()
doGitInitTestRepository(gitPath)(t)
u.Path = repo.FullName() + ".git"
u.User = url.UserPassword(user.LowerName, userPassword)
doGitAddRemote(gitPath, "origin", u)(t)
{
// owner sets private & template to true via push options
branchName := "branch1"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.True(t, repo.IsPrivate)
require.True(t, repo.IsTemplate)
}
{
// owner sets private & template to false via push options
branchName := "branch2"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=false", "-o", "repo.template=false")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
}
{
// create a collaborator with write access
collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
u.User = url.UserPassword(collaborator.LowerName, userPassword)
doGitAddRemote(gitPath, "collaborator", u)(t)
repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
}
{
// collaborator with write access is allowed to push
branchName := "branch3"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
}
{
// collaborator with write access fails to change private & template via push options
branchName := "branch4"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
}
require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, user.ID, repo.ID))
}