aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add changelog for 1.22.5 (#32794)v1.22.5Lunny Xiao12 days1-4/+24
|
* 🐛 Fixe a keystring misuse and refactor duplicates keystrings (#32668) ↵Lunny Xiao12 days3-5/+3
| | | | | | | | | | | | | | | (#32792) Backport #32668 - Fixes a translation keystring misuse where the string 'open milestones' is used in place of 'closed milestones'. - De-duplicates the use of 'open milesones' and 'closed milestones' keystrings on the sidebar of an issue, reusing the ones on the issues filter and action bars. - Closes #32667 Co-authored-by: Simon Pistache <105607989+SimonPistache@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Upgrade crypto library (#32791)Lunny Xiao12 days2-14/+14
| | | backport #32750
* Add standard-compliant route to serve outdated R packages (#32783) (#32789)Giteabot12 days2-0/+9
| | | | | | | | | | | Backport #32783 by Sebastian-T-T The R package repository currently does not have support for older versions of packages which should be stored in a separate /Archive router. This PR remedies that by adding a new path router. Fixes #32782 Co-authored-by: Sebastian T. T. <109338575+Sebastian-T-T@users.noreply.github.com>
* Fix internal server error when updating labels without write permission ↵Giteabot12 days1-5/+5
| | | | (#32776) (#32785)
* Make wiki pages visit fast (#32732) (#32745)Giteabot2024-12-072-10/+44
| | | | | | | | | | | | | Backport #32732 by @lunny Fix #20156 We reuse the code from the repository code view instead of the current code. Previously it took `5653ms` for https://gitea.com/henri/wiki/wiki/?action=_pages in my local machine, now it's about `300ms` . Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Bump relative-time-element to v4.4.4 (#32739)silverwind2024-12-062-5/+5
| | | Backport https://github.com/go-gitea/gitea/pull/32730 to v1.22
* Fix fork page branch selection (#32711) (#32725)Giteabot2024-12-051-8/+6
| | | | | | | Backport #32711 by @lunny Fix #32709 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add Swift login endpoint (#32693) (#32701)KN4CK3R2024-12-063-43/+77
| | | | | | | Backport of #32693 Fix #32683 This PR adds the login endpoint and fixes the documentation links.
* Fix gogit `GetRefCommitID` (#32705) (#32712)Giteabot2024-12-042-2/+34
| | | | | | | | | | | | Backport #32705 by @Zettat123 Fix #32335 When we call `GetRefCommitID` and the reference is already a commit ID, the `GetRefCommitID` with go-git will return a `NotExist` error. This PR improves the `GetRefCommitID` for go-git. If the input is already a commit ID, it will be returned directly. Co-authored-by: Zettat123 <zettat123@gmail.com>
* Fix delete branch perm checking (#32654) (#32707)Giteabot2024-12-045-81/+128
| | | | | Backport #32654 by @lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix word overflow in file search page (#32695) (#32699)Giteabot2024-12-042-1/+2
| | | | | Backport #32695 by yp05327 Co-authored-by: yp05327 <576951401@qq.com>
* Fix race condition in mermaid observer (#32599) (#32673)Giteabot2024-11-291-8/+11
| | | Backport #32599 by william-allspice
* Don't create action when syncing mirror pull refs (#32659) (#32664)Giteabot2024-11-291-0/+6
| | | | | | | Backport #32659 by @lunny Fix #27961 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add release note for v1.22.4 (#32513)v1.22.4Lunny Xiao2024-11-261-0/+57
| | | | | | | Add release note for v1.22.4 --------- Co-authored-by: Kyle D. <kdumontnu@gmail.com>
* Fix get reviewers' bug (#32415) (#32616)Lunny Xiao2024-11-2312-158/+227
| | | | | | | | | | This PR rewrites `GetReviewer` function and move it to service layer. Reviewers should not be watchers, so that this PR removed all watchers from reviewers. When the repository is under an organization, the pull request unit read permission will be checked to resolve the bug of Fix #32394 Backport #32415
* Fix clean tmp dir (#32360) (#32593)Lunny Xiao2024-11-221-13/+23
| | | | | | | | | | | Backport #32360 Try to fix #31792 Credit to @jeroenlaylo Copied from https://github.com/go-gitea/gitea/issues/31792#issuecomment-2311920520 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix PR creation on forked repositories (#31863) (#32591)Lunny Xiao2024-11-222-3/+41
| | | | | | Resolves #20475 Backport #31863 Co-authored-by: Job <LordChunk@users.noreply.github.com>
* Fix the missing menu in organization project view page (#32313) (#32592)Lunny Xiao2024-11-221-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | Backport #32313 #29248 didn't modify the view page. The class name is not good enough, so this is a quick fix. Before: org: ![image](https://github.com/user-attachments/assets/3e26502d-66b4-4043-ab03-003ba7391487) user: ![image](https://github.com/user-attachments/assets/9b22b90c-d63c-4228-acad-4d9fb20590ac) After: org: ![image](https://github.com/user-attachments/assets/21bf98a7-8a5b-4dc6-950a-88f529e36450) user: (no change) ![image](https://github.com/user-attachments/assets/fea0dcae-3625-44e8-bb9e-4c3733da8764) Co-authored-by: yp05327 <576951401@qq.com>
* Support HTTP POST requests to `/userinfo`, aligning to OpenID Core ↵Lunny Xiao2024-11-211-1/+1
| | | | specification (#32578) (#32594)
* Fix debian package clean up (#32351) (#32590)wxiaoguang2024-11-213-19/+56
| | | Partially backport #32351
* Fix GetInactiveUsers (#32540) (#32588)Giteabot2024-11-213-6/+27
| | | | | | | Backport #32540 by @lunny Fix #31480 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* allow the actions user to login via the jwt token (#32527) (#32580)Rowan Bohde2024-11-214-3/+105
| | | | | | | | | | | | | | | | | | Backport #32527 We have some actions that leverage the Gitea API that began receiving 401 errors, with a message that the user was not found. These actions use the `ACTIONS_RUNTIME_TOKEN` env var in the actions job to authenticate with the Gitea API. The format of this env var in actions jobs changed with go-gitea/gitea/pull/28885 to be a JWT (with a corresponding update to `act_runner`) Since it was a JWT, the OAuth parsing logic attempted to parse it as an OAuth token, and would return user not found, instead of falling back to look up the running task and assigning it to the actions user. Make ACTIONS_RUNTIME_TOKEN in action runners could be used, attempting to parse Oauth JWTs. The code to parse potential old `ACTION_RUNTIME_TOKEN` was kept in case someone is running an older version of act_runner that doesn't support the Actions JWT.
* Fix submodule parsing (#32571) (#32577)wxiaoguang2024-11-212-14/+64
| | | | A quick fix for #32568 Partially backport from #32571
* Remove unnecessary code (#32560) (#32567)Giteabot2024-11-201-7/+0
| | | | | | | | Backport #32560 by @lunny PushMirrors only be used in the repository setting page. So it should not be loaded on every repository page. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor find forks and fix possible bugs that weak permissions check ↵Lunny Xiao2024-11-198-41/+203
| | | | | | | | | | | | | | | (#32528) (#32547) Backport #32528 - Move models/GetForks to services/FindForks - Add doer as a parameter of FindForks to check permissions - Slight performance optimization for get forks API with batch loading of repository units - Add tests for forking repository to organizations --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix some places which doesn't repsect org full name setting (#32243) (#32550)Giteabot2024-11-193-3/+3
| | | | | | | Backport #32243 by @lunny Partially fix #31345 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor push mirror find and add check for updating push mirror (#32539) ↵Lunny Xiao2024-11-188-108/+147
| | | | | | | | | (#32549) backport #32539 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Improve some sanitizer rules (#32534)wxiaoguang2024-11-183-7/+7
| | | | | This is a backport-only fix for 1.22 1.23 has a proper fix #32533
* Fix basic auth with webauthn (#32531) (#32536)Giteabot2024-11-162-0/+63
| | | | | | | | | Backport #32531 by @lunny WebAuthn should behave the same way as TOTP. When enabled, basic auth with username/password should need to WebAuthn auth, otherwise returned 401. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix artifact v4 upload above 8MB (#31664) (#32523)Giteabot2024-11-163-40/+286
|
* Remove transaction for archive download (#32186) (#32520)Giteabot2024-11-152-26/+19
| | | | | | | | | | | Backport #32186 by @lunny Since there is a status column in the database, the transaction is unnecessary when downloading an archive. The transaction is blocking database operations, especially with SQLite. Replace #27563 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix oauth2 error handle not return immediately (#32514) (#32516)Giteabot2024-11-151-0/+2
| | | | | Backport #32514 by lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Trim title before insert/update to database to match the size requirements ↵Lunny Xiao2024-11-148-0/+18
| | | | of database (#32498) (#32507)
* Fix nil panic if repo doesn't exist (#32501) (#32502)Giteabot2024-11-141-0/+6
| | | | | | | Backport #32501 by wxiaoguang fix #32496 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add a doctor check to disable the "Actions" unit for mirrors (#32424) (#32497)Giteabot2024-11-131-0/+70
| | | | | | | | | | | | Backport #32424 by @Zettat123 Resolve #32232 Users can disable the "Actions" unit for all mirror repos by running ``` gitea doctor check --run disable-mirror-actions-unit --fix ``` Co-authored-by: Zettat123 <zettat123@gmail.com>
* Update nix development environment vor v1.22.x (#32495)65432024-11-131-6/+6
| | | | | | | just bump: * golang: v1.22.2 -> v1.22.9 * nodejs: v20.12.2 -> v20.18.0 * python: v3.12.3 -> v3.12.7
* Refactor internal routers (partial backport, auth token const time ↵wxiaoguang2024-11-135-15/+28
| | | | | | | | | | | | | | comparing) (#32473) (#32479) Partially backport #32473. LFS related changes are not in 1.22, so skip them. 1. Ignore non-existing repos during migrations 2. Improve ReadBatchLine's comment 3. Use `X-Gitea-Internal-Auth` header for internal API calls and make the comparing constant time (it wasn't a serous problem because in a real world it's nearly impossible to timing-attack the token, but indeed security related and good to fix and backport) 4. Fix route mock nil check
* Disable Oauth check if oauth disabled (#32368) (#32480)wxiaoguang2024-11-121-0/+3
| | | Partially backport Disable Oauth check if oauth disabled #32368
* cargo registry - respect renamed dependencies (#32430) (#32478)Giteabot2024-11-122-17/+52
| | | | | | Backport #32430 by usbalbin Co-authored-by: Albin Hedman <albin9604@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix broken releases when re-pushing tags (#32435) (#32449)Giteabot2024-11-102-7/+59
| | | | | | | | | | Backport #32435 by @Zettat123 Fix #32427 --------- Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix mermaid diagram height when initially hidden (#32457) (#32464)Giteabot2024-11-111-1/+12
| | | | | | | | | | | | | | Backport #32457 by @silverwind In a hidden iframe, `document.body.clientHeight` is not reliable. Use `IntersectionObserver` to detect the visibility change and update the height there. Fixes: https://github.com/go-gitea/gitea/issues/32392 <img width="885" alt="image" src="https://github.com/user-attachments/assets/a95ef6aa-27e7-443f-9d06-400ef27919ae"> Co-authored-by: silverwind <me@silverwind.io>
* Only provide the commit summary for Discord webhook push events (#32432) ↵Giteabot2024-11-083-3/+17
| | | | | | | | | | | | | | | | | | (#32447) Backport #32432 by @kemzeb Resolves #32371. #31970 should have just showed the commit summary, but `strings.SplitN()` was misused such that we did not perform any splitting at all and just used the message. This was not caught in the unit test made in that PR since the test commit summary was > 50 (which truncated away the commit description). This snapshot resolves this and adds another unit test to ensure that we only show the commit summary. Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
* Only query team tables if repository is under org when getting assignees ↵Lunny Xiao2024-11-061-14/+16
| | | | | | | | (#32414) (#32426) backport #32414 It's unnecessary to query the team table if the repository is not under organization when getting assignees.
* Quick fix milestone deadline 9999 for 1.22 (#32423)wxiaoguang2024-11-051-1/+1
|
* Fix created_unix for mirroring (#32342) (#32406)Lunny Xiao2024-11-051-2/+3
| | | | Fix #32233 Backport #32342
* Fix broken image when editing comment with non-image attachments (#32319) ↵Lunny Xiao2024-11-022-2/+9
| | | | | | | | | | | (#32345) Backport #32319 Fix #32316 --------- Co-authored-by: yp05327 <576951401@qq.com>
* Fix `missing signature key` error when pulling Docker images with ↵Zettat1232024-11-0118-23/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `SERVE_DIRECT` enabled (#32365) (#32397) Backport #32365 Fix #28121 I did some tests and found that the `missing signature key` error is caused by an incorrect `Content-Type` header. Gitea correctly sets the `Content-Type` header when serving files. https://github.com/go-gitea/gitea/blob/348d1d0f322ca57c459acd902f54821d687ca804/routers/api/packages/container/container.go#L712-L717 However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may be set to an incorrect value by the storage service. To fix this issue, we can use query parameters to override response header values. https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html <img width="600px" src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555" /> In this PR, I introduced a new parameter to the `URL` method to support additional parameters. ``` URL(path, name string, reqParams url.Values) (*url.URL, error) ```
* Respect UI.ExploreDefaultSort setting again (#32357) (#32385)65432024-10-312-2/+4
| | | | | | | | Backport #32357 fix regression of https://github.com/go-gitea/gitea/pull/29430 --- *Sponsored by Kithara Software GmbH*
* Fix disable 2fa bug (#32320) (#32330)Lunny Xiao2024-10-251-3/+6
| | | Backport #32320