aboutsummaryrefslogtreecommitdiffstats
path: root/go.mod
Commit message (Collapse)AuthorAgeFilesLines
* bump x/net (#32896)techknowlogick2024-12-181-1/+1
|
* Fix misuse of PublicKeyCallback (#32810)wxiaoguang2024-12-131-1/+1
| | | Only upgrading the ssh package is not enough.
* Upgrade dependency crypto library (#32750)Lunny Xiao2024-12-111-4/+4
|
* Use new mail package instead of an unmintained one (#32682)Lunny Xiao2024-12-051-2/+1
| | | Resolve #18664
* Fix LFS route mock, realm, middleware names (#32488)wxiaoguang2024-11-131-0/+1
| | | | | | | | | | 1. move "internal-lfs" route mock to "common-lfs" 2. fine tune tests 3. fix "realm" strings, according to RFC: https://datatracker.ietf.org/doc/html/rfc2617: * realm = "realm" "=" realm-value * realm-value = quoted-string 4. clarify some names of the middlewares, rename `ignXxx` to `optXxx` to match `reqXxx`, and rename ambiguous `requireSignIn` to `reqGitSignIn`
* Update `github.com/meilisearch/meilisearch-go` (#32484)silverwind2024-11-121-2/+2
| | | | | | Result of `go get -u github.com/meilisearch/meilisearch-go && make tidy`. Fixes: https://github.com/go-gitea/gitea/security/dependabot/78
* Make LFS http_client parallel within a batch. (#32369)Royce Remer2024-11-041-1/+1
| | | | Signed-off-by: Royce Remer <royceremer@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update go dependencies (#32389)wxiaoguang2024-10-311-97/+94
|
* Update github.com/go-enry/go-enry to v2.9.1 (#32295)YR Chen2024-10-191-1/+1
| | | | `go-enry` v2.9.1 includes latest file patterns from Linguist, which can identify more generated file type, eg. `pdm.lock`.
* Fix bug when there are multiple triggers with workflow dispatch (#32200)Lunny Xiao2024-10-071-1/+1
|
* Support repo license (#24872)yp053272024-10-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Close #278 Close #24076 ## Solutions: - Use [google/licenseclassifier](https://github.com/google/licenseclassifier/) Test result between [google/licensecheck](https://github.com/google/licensecheck) and [go-license-detector](https://github.com/go-enry/go-license-detector): https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167 Test result between [google/licensecheck](https://github.com/google/licensecheck) and [google/licenseclassifier](https://github.com/google/licenseclassifier/): https://github.com/go-gitea/gitea/pull/24872#issuecomment-1576092178 - Generate License Convert Name List to avoid import license templates with same contents Gitea automatically get latest license data from[ spdx/license-list-data](https://github.com/spdx/license-list-data). But unfortunately, some license templates have same contents. #20915 [click here to see the list](https://github.com/go-gitea/gitea/pull/24872#issuecomment-1584141684) So we will generate a list of these license templates with same contents and create a new file to save the result when using `make generate-license`. (Need to decide the save path) - Save License info into a new table `repo_license` Can easily support searching repo by license in the future. ## Screen shot Single License: ![image](https://github.com/go-gitea/gitea/assets/18380374/41260bd7-0b4c-4038-8592-508706cffa9f) Multiple Licenses: ![image](https://github.com/go-gitea/gitea/assets/18380374/34ce2f73-7e18-446b-9b96-ecc4fb61bd70) Triggers: - [x] Push commit to default branch - [x] Create repo - [x] Mirror repo - [x] When Default Branch is changed, licenses should be updated Todo: - [x] Save Licenses info in to DB when there's a change to license file in the commit - [x] DB Migration - [x] A nominal test? - [x] Select which library to use(https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167) - [x] API Support - [x] Add repo license table - ~Select license in settings if there are several licenses(Not recommended)~ - License board(later, not in this PR) ![image](https://github.com/go-gitea/gitea/assets/18380374/2c3c3bf8-bcc2-4c6d-8ce0-81d1a9733878) --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Denys Konovalov <kontakt@denyskon.de> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: 6543 <m.huber@kithara.com> Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com>
* Bump minio-go to latest version (#32156)Manuel Valls Fernández2024-09-301-3/+4
| | | | | Current minio-go version has issues with S3 compatible storages like Backblaze or Wasabi. This was fixed in https://github.com/minio/minio-go/pull/1980 .
* Add pure SSH LFS support (#31516)ConcurrentCrab2024-09-271-0/+4
| | | | | | | | | Fixes #17554 /claim #17554 Docs PR https://gitea.com/gitea/docs/pulls/49 To test, run pushes like: `GIT_TRACE=1` git push. The trace output should mention "pure SSH connection".
* Fix CI (#32062)Lunny Xiao2024-09-171-0/+5
|
* Support migration from AWS CodeCommit (#31981)Zettat1232024-09-111-0/+7
| | | | | | | | | | | | | | | | | | | | This PR adds support for migrating repos from [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html). The access key ID and secret access key are required to get repository information and pull requests. And [HTTPS Git credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) are required to clone the repository. <img src="https://github.com/user-attachments/assets/82ecb2d0-8d43-42b0-b5af-f5347a13b9d0" width="680" /> The AWS CodeCommit icon is from [AWS Architecture Icons](https://aws.amazon.com/architecture/icons/). <img src="https://github.com/user-attachments/assets/3c44d21f-d753-40f5-9eae-5d3589e0d50d" width="320" />
* bump to go 1.23 (#31855)techknowlogick2024-09-101-8/+10
|
* Remove SHA1 for support for ssh rsa signing (#31857)Wim2024-09-071-5/+6
| | | | | | | | | | | | https://github.com/go-fed/httpsig seems to be unmaintained. Switch to github.com/42wim/httpsig which has removed deprecated crypto and default sha256 signing for ssh rsa. No impact for those that use ed25519 ssh certificates. This is a breaking change for: - gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too - activitypub using deprecated crypto (is this actually used?)
* Upgrade cache to v0.2.1 (#32003)Lunny Xiao2024-09-071-1/+1
| | | Fix #31757
* Introduce globallock as distributed locks (#31908)Jason Song2024-08-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To help #31813, but do not replace it, since this PR just introduces the new module but misses some work: - New option in settings. `#31813` has done it. - Use the locks in business logic. `#31813` has done it. So I think the most efficient way is to merge this PR first (if it's acceptable) and then finish #31813. ## Design principles ### Use spinlock even in memory implementation In actual use cases, users may cancel requests. `sync.Mutex` will block the goroutine until the lock is acquired even if the request is canceled. And the spinlock is more suitable for this scenario since it's possible to give up the lock acquisition. Although the spinlock consumes more CPU resources, I think it's acceptable in most cases. ### Do not expose the mutex to callers If we expose the mutex to callers, it's possible for callers to reuse the mutex, which causes more complexity. For example: ```go lock := GetLocker(key) lock.Lock() // ... // even if the lock is unlocked, we cannot GC the lock, // since the caller may still use it again. lock.Unlock() lock.Lock() // ... lock.Unlock() // callers have to GC the lock manually. RemoveLocker(key) ``` That's why https://github.com/go-gitea/gitea/pull/31813#discussion_r1721200549 In this PR, we only expose `ReleaseFunc` to callers. So callers just need to call `ReleaseFunc` to release the lock, and do not need to care about the lock's lifecycle. ```go _, release, err := locker.Lock(ctx, key) if err != nil { return err } // ... release() // if callers want to lock again, they have to re-acquire the lock. _, release, err := locker.Lock(ctx, key) // ... ``` In this way, it's also much easier for redis implementation to extend the mutex automatically, so that callers do not need to care about the lock's lifecycle. See also https://github.com/go-gitea/gitea/pull/31813#discussion_r1722659743 ### Use "release" instead of "unlock" For "unlock", it has the meaning of "unlock an acquired lock". So it's not acceptable to call "unlock" when failed to acquire the lock, or call "unlock" multiple times. It causes more complexity for callers to decide whether to call "unlock" or not. So we use "release" instead of "unlock" to make it clear. Whether the lock is acquired or not, callers can always call "release", and it's also safe to call "release" multiple times. But the code DO NOT expect callers to not call "release" after acquiring the lock. If callers forget to call "release", it will cause resource leak. That's why it's always safe to call "release" without extra checks: to avoid callers to forget to call it. ### Acquired locks could be lost Unlike `sync.Mutex` which will be locked forever once acquired until calling `Unlock`, in the new module, the acquired lock could be lost. For example, the caller has acquired the lock, and it holds the lock for a long time since auto-extending is working for redis. However, it lost the connection to the redis server, and it's impossible to extend the lock anymore. If the caller don't stop what it's doing, another instance which can connect to the redis server could acquire the lock, and do the same thing, which could cause data inconsistency. So the caller should know what happened, the solution is to return a new context which will be canceled if the lock is lost or released: ```go ctx, release, err := locker.Lock(ctx, key) if err != nil { return err } defer release() // ... DoSomething(ctx) // the lock is lost now, then ctx has been canceled. // Failed, since ctx has been canceled. DoSomethingElse(ctx) ``` ### Multiple ways to use the lock 1. Regular way ```go ctx, release, err := Lock(ctx, key) if err != nil { return err } defer release() // ... ``` 2. Early release ```go ctx, release, err := Lock(ctx, key) if err != nil { return err } defer release() // ... // release the lock earlier and reset the context back ctx = release() // continue to do something else // ... ``` 3. Functional way ```go if err := LockAndDo(ctx, key, func(ctx context.Context) error { // ... return nil }); err != nil { return err } ```
* Support compression for Actions logs (#31761)Jason Song2024-08-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support compression for Actions logs to save storage space and bandwidth. Inspired by https://github.com/go-gitea/gitea/issues/24256#issuecomment-1521153015 The biggest challenge is that the compression format should support [seekable](https://github.com/facebook/zstd/blob/dev/contrib/seekable_format/zstd_seekable_compression_format.md). So when users are viewing a part of the log lines, Gitea doesn't need to download the whole compressed file and decompress it. That means gzip cannot help here. And I did research, there aren't too many choices, like bgzip and xz, but I think zstd is the most popular one. It has an implementation in Golang with [zstd](https://github.com/klauspost/compress/tree/master/zstd) and [zstd-seekable-format-go](https://github.com/SaveTheRbtz/zstd-seekable-format-go), and what is better is that it has good compatibility: a seekable format zstd file can be read by a regular zstd reader. This PR introduces a new package `zstd` to combine and wrap the two packages, to provide a unified and easy-to-use API. And a new setting `LOG_COMPRESSION` is added to the config, although I don't see any reason why not to use compression, I think's it's a good idea to keep the default with `none` to be consistent with old versions. `LOG_COMPRESSION` takes effect for only new log files, it adds `.zst` as an extension to the file name, so Gitea can determine if it needs decompression according to the file name when reading. Old files will keep the format since it's not worth converting them, as they will be cleared after #31735. <img width="541" alt="image" src="https://github.com/user-attachments/assets/e9598764-a4e0-4b68-8c2b-f769265183c9">
* Upgrade bleve to 2.4.2 (#31762)Lunny Xiao2024-08-021-5/+5
|
* fix redis dep (#31662)techknowlogick2024-07-191-1/+1
| | | | fix https://github.com/go-gitea/gitea/issues/31658
* Upgrade xorm to v1.3.9 and improve some migrations Sync (#29899)Lunny Xiao2024-07-141-1/+1
| | | Co-authored-by: 6543 <6543@obermui.de>
* Update `golang.org/x/image` to v0.18.0 (#31541)silverwind2024-07-021-1/+1
| | | | | Result of `go get -u golang.org/x/image && make tidy` Fixes: https://github.com/go-gitea/gitea/security/dependabot/67
* bump golang deps (#31422)techknowlogick2024-06-241-65/+65
|
* Switch to upstream of `gorilla/feeds` (#31400)Yarden Shoham2024-06-181-3/+1
| | | | | | | | | They merged the PR we waited for. - Reference: https://github.com/gorilla/feeds/pull/107 - Follows: https://github.com/go-gitea/gitea/pull/28860 Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update `golang.org/x/net` (#31260)silverwind2024-06-061-7/+7
| | | | Result of `go get -u golang.org/x/net && make tidy`. ~~Fixes https://pkg.go.dev/vuln/GO-2024-2887.~~
* Add replacement module for `mholt/archiver` (#31267)silverwind2024-06-061-0/+3
| | | | | | | | | | | | Switch to this fork tag: https://github.com/anchore/archiver/releases/tag/v3.5.2 which includes https://github.com/anchore/archiver/commit/82ca88a2eb24d418c30bf960ef071b0bbec04631. Ref: https://pkg.go.dev/vuln/GO-2024-2698 Ref: https://github.com/advisories/GHSA-rhh4-rh7c-7r5v --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update chroma to v2.14.0 (#31177)silverwind2024-06-041-1/+1
| | | | | https://github.com/alecthomas/chroma/releases/tag/v2.14.0 Tested it with a typescript file.
* Azure blob storage support (#30995)Lunny Xiao2024-05-301-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | This PR implemented object storages(LFS/Packages/Attachments and etc.) for Azure Blob Storage. It depends on azure official golang SDK and can support both the azure blob storage cloud service and azurite mock server. Replace #25458 Fix #22527 - [x] CI Tests - [x] integration test, MSSQL integration tests will now based on azureblob - [x] unit test - [x] CLI Migrate Storage - [x] Documentation for configuration added ------ TODO (other PRs): - [ ] Improve performance of `blob download`. --------- Co-authored-by: yp05327 <576951401@qq.com>
* Remove external API calls in `TestPassword` (#30716)silverwind2024-05-021-0/+2
| | | | | | | | | | | The test had a dependency on `https://api.pwnedpasswords.com` which caused many failures on CI recently: ``` --- FAIL: TestPassword (2.37s) pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers) FAIL coverage: 82.9% of statements ```
* Upgrade chi-binding (#30826)Lunny Xiao2024-05-021-1/+1
| | | Front port #30742
* Bump `github.com/google/go-github` to v61 (#30738)Chongyi Zheng2024-04-281-1/+1
|
* Use `ProtonMail/go-crypto` for `opengpg` in tests (#30736)Chongyi Zheng2024-04-271-1/+1
|
* Use maintained gziphandler (#30592)Lunny Xiao2024-04-211-2/+1
| | | | | | | | Replace #27894 --------- Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Replace MSSQL driver with a better maintained version (#30390)Lunny Xiao2024-04-111-1/+1
| | | | | | | | As the latest tag of `github.com/denisenkom/go-mssqldb` is in 2022, but as a fork of it, `github.com/microsoft/go-mssqldb` has more activities than the original repository. We can convert the driver to the fork. Since the interface of Go database driver are the same, it should have no any affect for the end users.
* Upgrade `golang.org/x/net` to v0.24.0 (#30283)silverwind2024-04-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Result of `go get -u golang.org/x/net; make tidy`. This is related to the following vulncheck warning: ``` There are 2 vulnerabilities in modules that you require that are neither imported nor called. You may not need to take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. Vulnerability #1: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Module: golang.org/x/net Found in: golang.org/x/net@v0.22.0 Fixed in: golang.org/x/net@v0.23.0 Vulnerability #2: GO-2022-0470 No access control in github.com/blevesearch/bleve and bleve/v2 More info: https://pkg.go.dev/vuln/GO-2022-0470 Module: github.com/blevesearch/bleve/v2 Found in: github.com/blevesearch/bleve/v2@v2.3.10 Fixed in: N/A ```
* Upgrade Go 1.22 and upgrade dependency (#29869)wxiaoguang2024-03-171-76/+77
|
* Update Chroma to v2.13.0 (#29732)JakobDev2024-03-121-2/+2
| | | | | | | | | This adds new lexers and includes some fixes. See https://github.com/alecthomas/chroma/releases/tag/v2.13.0 for the full changelog. --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Make runs-on support variable expression (#29468)sillyguodong2024-03-081-1/+1
| | | | | | | | As title. Close issue: https://gitea.com/gitea/act_runner/issues/445 Follow: https://gitea.com/gitea/act/pulls/91 Move `getSecretsOfTask` and `getVariablesOfTask` under `models` because of circular dependency issues.
* Partially enable MSSQL case-sensitive collation support (#29238)wxiaoguang2024-03-081-5/+5
| | | Follow #28662
* bump protobuf module (#29617)techknowlogick2024-03-051-1/+1
|
* Use `crypto/sha256` (#29386)KN4CK3R2024-02-251-1/+1
| | | | | | | | Go 1.21 improved the performance of `crypto/sha256`. It's now similar to `minio/sha256-simd`, so we should just use the standard libs. https://go.dev/doc/go1.21#crypto/sha256 https://go-review.googlesource.com/c/go/+/408795 https://github.com/multiformats/go-multihash/pull/173
* Revert "Support SAML authentication (#25165)" (#29358)65432024-02-241-5/+0
| | | | | | | | | | This reverts #25165 (5bb8d1924d77c675467694de26697b876d709a17), as there was a chance some important reviews got missed. so after reverting this patch it will be resubmitted for reviewing again https://github.com/go-gitea/gitea/pull/25165#issuecomment-1960670242 temporary Open #5512 again
* Support SAML authentication (#25165)techknowlogick2024-02-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes https://github.com/go-gitea/gitea/issues/5512 This PR adds basic SAML support - Adds SAML 2.0 as an auth source - Adds SAML configuration documentation - Adds integration test: - Use bare-bones SAML IdP to test protocol flow and test account is linked successfully (only runs on Postgres by default) - Adds documentation for configuring and running SAML integration test locally Future PRs: - Support group mapping - Support auto-registration (account linking) Co-Authored-By: @jackHay22 --------- Co-authored-by: jackHay22 <jack@allspice.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: morphelinho <morphelinho@users.noreply.github.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io>
* Use new RPM constants (#28931)KN4CK3R2024-01-251-1/+1
| | | https://github.com/sassoftware/go-rpmutils/pull/24 got merged.
* Update go dependencies and fix go-git (#28893)wxiaoguang2024-01-231-49/+47
| | | | | More details are in the comment of repo_base_gogit.go And ref: https://github.com/go-git/go-git/issues/1006
* Upgrade xorm to v1.3.7 to fix a resource leak problem caused by Iterate (#28891)Lunny Xiao2024-01-221-1/+1
| | | Mainly fix an error https://gitea.com/xorm/xorm/issues/2393
* Set the `isPermaLink` attribute to `false` in the `guid` sub-element (#28860)Yarden Shoham2024-01-201-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Our `guid` is not a valid URL so according to the RSS spec the `isPermaLink` attribute needs to be set to `false`. Example: ```diff <item> <title>yardenshoham opened issue &lt;a href=&#34;https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2&#34;&gt;yardenshoham/test#2&lt;/a&gt;</title> <link>https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</link> <description>2#hey</description> <content:encoded><![CDATA[2#hey]]></content:encoded> <author>yardenshoham</author> - <guid>355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid> + <guid isPermaLink="false">355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid> <pubDate>Tue, 16 Jan 2024 18:54:36 +0000</pubDate> </item> ``` References: - https://www.rssboard.org/rss-specification#ltguidgtSubelementOfLtitemgt - Fixes https://github.com/go-gitea/gitea/issues/28734 - https://github.com/gorilla/feeds/issues/78 - https://github.com/go-gitea/gitea/pull/21550 - https://github.com/gorilla/feeds/pull/107 Signed-off-by: Yarden Shoham <git@yardenshoham.com>
* Update github.com/cloudflare/circl (#28789)Chongyi Zheng2024-01-151-1/+1
| | | | | | cloudflare/circl: https://github.com/advisories/GHSA-9763-4f94-gfch Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>