Commit graph

354 commits

Author SHA1 Message Date
sillyguodong 6cb9e8d869
Make runs-on support variable expression (#29468)
As title.
Close issue: https://gitea.com/gitea/act_runner/issues/445
Follow: https://gitea.com/gitea/act/pulls/91

Move `getSecretsOfTask` and `getVariablesOfTask` under `models` because
of circular dependency issues.

(cherry picked from commit a1f5dd767729e30d07ab42fda80c19f30a72679f)
2024-03-11 23:36:59 +07:00
wxiaoguang abb0294996
Partially enable MSSQL case-sensitive collation support (#29238)
Follow #28662

(cherry picked from commit 29a8c8de779924694fadad80b31cc855dd62c0f2)
2024-03-11 23:36:59 +07:00
Gusted 578f0b3335
[DEPS] Bump mysql driver
- Bump the SQL driver for MySQL to
[v1.8.0](https://github.com/go-sql-driver/mysql/releases/tag/v1.8.0),
which notably includes support for ed25519 authentication scheme (by
yours truly).
- Resolves #1868
2024-03-10 14:57:56 +01:00
techknowlogick 2c26b187ea
bump protobuf module (#29617)
(cherry picked from commit 06039bf0b7ec4dffe74ae323b8bbbbedec69d0c8)
2024-03-06 11:39:07 +08:00
Gusted 0c4872f839
[CHORE] Update connect-go to maintained fork
- Update github.com/bufbuild/connect-go to
https://github.com/connectrpc/connect-go.
- This is a fork that's actively maintained and is recommend by the
original library. Looking at the recent release notes, it looks like
going in the right direction what one would expect of a library, no
strange features being added, lots of improvements.
- There's still an indirect dependency by
`code.gitea.io/actions-proto-go` on a old version of `connect-go`.
2024-02-28 09:40:56 +01:00
Gusted 295cd6be94
[GITEA] Use existing error functionality
- There's no need to use `github.com/pkg/errors` when the standard
library already has the functionality to wrap and create errors.

(cherry picked from commit 40f603a538036ce7e150adf404374d794eb46993)
(cherry picked from commit aa68a2753f204dfe44a037ccc91dacc2a0a53803)
(cherry picked from commit 48e252d73961ae17b56544bae79bc812dac10c44)
(cherry picked from commit cc6f40ccd208a6fd1527ba08e3123e9b01b218ab)
(cherry picked from commit 03c4b9735824bfaed19df14550ef458d52667b40)
(cherry picked from commit f25eeb76958b78fbe00fc6556aec8a37aba0ecdf)
(cherry picked from commit 989d8fa1cb81e0ff017ac575fdd1cf12507eb42b)
(cherry picked from commit 10e890ed8e7205c140677ff74db393fc0052da14)
(cherry picked from commit 581519389d3a35e775f7d3fdc15c251a3e0828b6)
(cherry picked from commit 03d00b11ac4880fd897631180c40bc1dedf5d7e5)
(cherry picked from commit 04e6c853d48b0dab767046c968717f3982304c40)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 2c4c29f7bc20e31321c4932998692dd1ef73aa14)
2024-02-05 16:09:40 +01:00
Gusted 92413041bd
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d82001babd8d40c87d03169f21c14cd)
(cherry picked from commit 99ba56a8761dd08e08d9499cab2ded1a6b7b970f)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193daa2311e2ead6249a47dcec47b4e335)
(cherry picked from commit 9c12a37fde6fa84414bf332ff4a066facdb92d38)
(cherry picked from commit d13065345431a499f9e0b7a3c2043d7487b8aa5b)
(cherry picked from commit 45a16f8c3c6f7d5e4aab8fdde6a621cf36e4801c)
(cherry picked from commit a497acb31f76d580c8b0567f9461274bd78080f4)
(cherry picked from commit fe87fd828973945192b98310c5c3b2001c6e0f86)
(cherry picked from commit 6ac12e6693cf45cb12109028dabd868957c4b74c)
(cherry picked from commit 981ec37e1e72ab19c20067ff4d2a7e20a60d3305)
(cherry picked from commit 5d6892ec10086f0ba63f26693faa82d0fd4e3f4a)
(cherry picked from commit 9df7968f4fc72de9788d84ca3f349e4c98ee630e)
(cherry picked from commit 7d588d183329cd760053663ea2e1e82e62958409)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit defb101281f5a6ba410abc763674bafa7b63dffd)
(cherry picked from commit 5830f204a17767fda3e45d16dbf3af8c32e7f387)
(cherry picked from commit 029f4e98636a7776f430684e9d7142d69a444f96)
(cherry picked from commit 816fe558126d0ecce969fdf2a196fa6afdcca792)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 99866d804560b415b6158371eb0efd17d097cfe0)
2024-02-05 16:09:40 +01:00
Gusted 662c8ee341
[GITEA] Use existing jsonschema library
- Use the 'existing' jsonschema library for the nodeinfo integration test.

(cherry picked from commit 73864840f27274d4cdaef23d47a6a71fc60529c3)
(cherry picked from commit da36df306b7a75434c75ed5f63608e06266ca480)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8eacd2e6b2318f26e327ec59b804ea23)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344eb0d797838f8444a6d5c0e3d425716)
(cherry picked from commit 0ccefc633e5cd206bd51f642c9fe7be56dae51ec)
(cherry picked from commit 19e647b531c5cfaba5beabbd1de2fe65dfd44da0)
(cherry picked from commit 2bcc04889d4d765eba0ebdffe7ba788c91923d35)
(cherry picked from commit 2fd1932699572a666ef616b7fb191ab5f56d75c6)
(cherry picked from commit b9a3e1e5258e1896550cc3750b7f688fdab1bb22)
(cherry picked from commit 92d932d23f2fcab4b38b72bb6b39778026418ecd)
(cherry picked from commit c125217fea154d6eb87ae86735906c90575bbff3)
(cherry picked from commit f9801ba57b58fefe5a4cc8c9da91a3593129f656)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 2558a8a764ff6d35c70beb7510626cdeac38771d)
(cherry picked from commit f53b2d31127ddf17b6593d1bb3ec536ee04c8937)
(cherry picked from commit c098055f0a3266a94651bc2783330cf7b12efff2)
(cherry picked from commit 0e1591554a275d14da09114db8572bf731c5f112)
(cherry picked from commit 876d9d5c6f272120d31bdb18df39c3a9d25e2917)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 7110bb6a783cb37db3a75abd08534760812d05fd)
2024-02-05 16:09:40 +01:00
Gusted fa37a211fb
[GITEA] Drop sha256-simd in favor of stdlib
- In Go 1.21 the crypto/sha256 [got a massive
improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the
SHA instructions for AMD64 CPUs, which sha256-simd already was doing.
The performance is now on par and I think it's preferable to use the
standard library rather than a package when possible.

```
cpu: AMD Ryzen 5 3600X 6-Core Processor
                │  simd.txt   │               go.txt                │
                │   sec/op    │    sec/op     vs base               │
Hash/8Bytes-12    63.25n ± 1%    73.38n ± 1%  +16.02% (p=0.002 n=6)
Hash/64Bytes-12   98.73n ± 1%   105.30n ± 1%   +6.65% (p=0.002 n=6)
Hash/1K-12        567.2n ± 1%    572.8n ± 1%   +0.99% (p=0.002 n=6)
Hash/8K-12        4.062µ ± 1%    4.062µ ± 1%        ~ (p=0.396 n=6)
Hash/1M-12        512.1µ ± 0%    510.6µ ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        2.556m ± 1%    2.564m ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       5.112m ± 0%    5.127m ± 0%        ~ (p=0.093 n=6)
geomean           13.82µ         14.27µ        +3.28%

                │   simd.txt   │               go.txt                │
                │     B/s      │     B/s       vs base               │
Hash/8Bytes-12    120.6Mi ± 1%   104.0Mi ± 1%  -13.81% (p=0.002 n=6)
Hash/64Bytes-12   618.2Mi ± 1%   579.8Mi ± 1%   -6.22% (p=0.002 n=6)
Hash/1K-12        1.682Gi ± 1%   1.665Gi ± 1%   -0.98% (p=0.002 n=6)
Hash/8K-12        1.878Gi ± 1%   1.878Gi ± 1%        ~ (p=0.310 n=6)
Hash/1M-12        1.907Gi ± 0%   1.913Gi ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        1.911Gi ± 1%   1.904Gi ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       1.910Gi ± 0%   1.905Gi ± 0%        ~ (p=0.093 n=6)
geomean           1.066Gi        1.032Gi        -3.18%
```

(cherry picked from commit abd94ff5b59c86e793fd9bf12187ea6cfd1f3fa1)
(cherry picked from commit 15e81637abf70576a564cf9eecaa9640228afb5b)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 325d92917f655c999b81b08832ee623d6b669f0f)

Conflicts:
	modules/context/context_cookie.go
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 358819e8959886faa171ac16541097500d0a703e)
(cherry picked from commit 362fd7aae17832fa922fa017794bc564ca43060d)
(cherry picked from commit 4f64ee294ee05c93042b6ec68f0a179ec249dab9)
(cherry picked from commit 4bde77f7b13c5f961c141c01b6da1f9eda5ec387)
(cherry picked from commit 1311e30a811675eb623692349e4e808a85aabef6)
(cherry picked from commit 57b69e334c2973118488b9b5dbdc8a2c88135756)
(cherry picked from commit 52dc892fadecf39e89c3c351edc9efb42522257b)
(cherry picked from commit 77f54f4187869c6eabcc837742fd3f908093a76c)
(cherry picked from commit 0d0392f3a510ce3683bb649dee1e65b45dd91354)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 92798364e8fe3188a2100b54f3adea943f8309e9)
(cherry picked from commit 43d218127752aa9251c4c3ef71b9c060f109dffc)
(cherry picked from commit 45c88b86a35729fc0b2dc6b72bc33caf9f69265f)
(cherry picked from commit a1cd6f4e3a7956773cbc0aef8abb80d17b62eb49)
(cherry picked from commit 01191dc2adf8c57ae448be37e73158005a8ff74d)
(cherry picked from commit 151e07f37e2854ad633f1352fb0ce3cd06f4b2ae)
2024-02-05 16:09:40 +01:00
Gusted 8735fcdb7d
[GITEA] Vendor rupture dependency
- The [rupture](https://github.com/ethantkoenig/rupture) dependency was
essentially outdated in the sense it was using old version of
dependencies.
- The usage by Forgejo was rather a small portion, so that portion is
now vendored (with its tests).
- Removes old dependencies from go.sum (less dependencies is better for
reviewing what the heck we're importing). Just to note that they were
likely not being used by Go's build process (according to
https://go.dev/ref/mod#minimal-version-selection), so it's really a
matter of formal cleaning up dependencies we don't use and therefor
don't want to download and be in our go.sum.

(cherry picked from commit aa72a5f009b5027b2324106343f91b466ba46293)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2148
(cherry picked from commit fbe8d65f0b1836b2e771991b4d5d12f1bfa938ed)
(cherry picked from commit e18debcb6a9476f60d364e847265b4ac7fb76c8e)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2245
(cherry picked from commit 8c43c2ada82102a0df44fd874c4f5fe3a36ef758)
2024-02-05 15:08:04 +01:00
KN4CK3R ba24e0ba61
Use new RPM constants (#28931)
https://github.com/sassoftware/go-rpmutils/pull/24 got merged.
2024-01-25 21:40:24 +00:00
wxiaoguang 82acf22d9c
Update go dependencies and fix go-git (#28893)
More details are in the comment of repo_base_gogit.go

And ref: https://github.com/go-git/go-git/issues/1006
2024-01-23 05:40:00 +00:00
Lunny Xiao 4abd63d378
Upgrade xorm to v1.3.7 to fix a resource leak problem caused by Iterate (#28891)
Mainly fix an error https://gitea.com/xorm/xorm/issues/2393
2024-01-22 18:24:55 +08:00
Yarden Shoham 5574968ecb
Set the isPermaLink attribute to false in the guid sub-element (#28860)
Our `guid` is not a valid URL so according to the RSS spec the
`isPermaLink` attribute needs to be set to `false`.

Example:
```diff
<item>
  <title>yardenshoham opened issue &lt;a href=&#34;https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2&#34;&gt;yardenshoham/test#2&lt;/a&gt;</title>
  <link>https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</link>
  <description>2#hey</description>
  <content:encoded><![CDATA[2#hey]]></content:encoded>
  <author>yardenshoham</author>
- <guid>355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid>
+ <guid isPermaLink="false">355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid>
  <pubDate>Tue, 16 Jan 2024 18:54:36 +0000</pubDate>
</item>
```

References:
-
https://www.rssboard.org/rss-specification#ltguidgtSubelementOfLtitemgt
- Fixes https://github.com/go-gitea/gitea/issues/28734
- https://github.com/gorilla/feeds/issues/78
- https://github.com/go-gitea/gitea/pull/21550
- https://github.com/gorilla/feeds/pull/107

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-20 02:38:16 +00:00
Chongyi Zheng fee80a1847
Update github.com/cloudflare/circl (#28789)
cloudflare/circl: https://github.com/advisories/GHSA-9763-4f94-gfch

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 11:14:26 +08:00
wxiaoguang 2df7563f31
Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
Mainly for MySQL/MSSQL.

It is important for Gitea to use case-sensitive database charset
collation. If the database is using a case-insensitive collation, Gitea
will show startup error/warning messages, and show the errors/warnings
on the admin panel's Self-Check page.

Make `gitea doctor convert` work for MySQL to convert the collations of
database & tables & columns.

* Fix #28131

## ⚠️ BREAKING ⚠️

It is not quite breaking, but it's highly recommended to convert the
database&table&column to a consistent and case-sensitive collation.
2024-01-10 11:03:23 +00:00
Lunny Xiao da58bb85fa
Upgrade xorm to new version which supported update join for all supported databases (#28590)
Fix https://github.com/go-gitea/gitea/pull/28547#issuecomment-1867740842

Since https://gitea.com/xorm/xorm/pulls/2383 merged, xorm now supports
UPDATE JOIN.
To keep consistent from different databases, xorm use
`engine.Join().Update`, but the actural generated SQL are different
between different databases.

For MySQL, it's `UPDATE talbe1 JOIN table2 ON join_conditions SET xxx
Where xxx`.

For MSSQL, it's `UPDATE table1 SET xxx FROM TABLE1, TABLE2 WHERE
join_conditions`.

For SQLITE per https://www.sqlite.org/lang_update.html, sqlite support
`UPDATE table1 SET xxx FROM table2 WHERE join conditions` from
3.33.0(2020-8-14).

POSTGRES is the same as SQLITE.
2023-12-31 05:00:35 +00:00
wxiaoguang 11f0519ad8
Update go dependencies (#28518)
Update golang.org/x/crypto for CVE-2023-48795 and update other packages.
`go-git` is not updated because it needs time to figure out why some
tests fail.
2023-12-19 09:18:42 +08:00
Yevhen Pavlov cd2ff6e83d
Bump google/go-github to v57 (#28514) 2023-12-18 15:42:04 -06:00
wxiaoguang 047c69bd85
Improve CLI code and descriptions (#28482)
* Close #28444 
* Actually, it doesn't need to use that trick because it looks like it
is not necessary, no user really needs it
* Remove the hidden (legacy) "doctor" subcommand and update documents
* Fix "actions" usage


![image](https://github.com/go-gitea/gitea/assets/2114189/3c2b34a7-4f92-4a6c-96fd-9505e413d4ec)
2023-12-15 15:49:01 +00:00
Earl Warren da0c4b8d10
Remove SSH workaround (#27893)
Revert the workaround of #26409 and fix #26411, update github.com/gliderlabs/ssh to include 02f9d57300
2023-11-03 15:21:05 +00:00
Nanguan Lin e75b89ea6e
Upgrade xorm to 1.3.4 (#27807)
Noticeable change: 
Remove the `OrderBy("1") `
[patch](https://github.com/go-gitea/gitea/pull/27673#issuecomment-1768570142)
for mssql since xorm has [fixed
it](0f085408af).
2023-10-27 13:28:53 +02:00
bt90 8d6577dabd
Chroma v2.10.0 (#27803)
Bump the chroma version to v2.10.0:
https://github.com/alecthomas/chroma/releases/tag/v2.10.0

This release includes a better Java lexer
https://github.com/alecthomas/chroma/pull/873
2023-10-26 23:42:24 +02:00
Nanguan Lin e91d4f106b
Upgrade xorm (#27673)
Related to https://gitea.com/xorm/xorm/pulls/2341
2023-10-19 10:25:57 +00:00
Chongyi Zheng b5a4ec0fb1
Upgrade go dependencies (#27599)
Upgrade all dependencies in `go.mod`

`golang.org/x/net` v0.17.0 also fixes
[CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-10-13 16:11:15 +00:00
silverwind e51f96829f
Downgrade go-co-op/gocron to v1.31.1 (#27511) 2023-10-07 18:54:02 -04:00
techknowlogick e3229c8e9b
bump go-deps (#27489) 2023-10-07 05:55:08 +00:00
techknowlogick 9e446dbf04
bump bleve (#27300)
Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-09-27 07:10:58 +00:00
delvh da0467e3b6
Update go-enry to 2.8.5 (#27215)
Fixes #27214
2023-09-23 13:09:01 -04:00
silverwind 539ecc24a3
Update chroma to v2.9.1 (#26990) 2023-09-09 14:37:38 +00:00
wxiaoguang fc039167d2
Use Go 1.21 and update dependencies (#26878)
To make sure Gitea's next release's lifecycle could have active Golang
support.

And min/max are builtin now.
2023-09-03 10:34:57 +00:00
Lunny Xiao 0d55f64e6c
chore(actions): support cron schedule task (#26655)
Replace #22751 

1. only support the default branch in the repository setting.
2. autoload schedule data from the schedule table after starting the
service.
3. support specific syntax like `@yearly`, `@monthly`, `@weekly`,
`@daily`, `@hourly`

## How to use

See the [GitHub Actions
document](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule)
for getting more detailed information.

```yaml
on:
  schedule:
    - cron: '30 5 * * 1,3'
    - cron: '30 5 * * 2,4'

jobs:
  test_schedule:
    runs-on: ubuntu-latest
    steps:
      - name: Not on Monday or Wednesday
        if: github.event.schedule != '30 5 * * 1,3'
        run: echo "This step will be skipped on Monday and Wednesday"
      - name: Every time
        run: echo "This step will always run"
```

Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>

---------


Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-08-24 03:06:51 +00:00
wxiaoguang 1432d4eab9
Update go dependencies (#26534) 2023-08-16 12:02:40 +00:00
Lunny Xiao cad22512b8
Upgrade x/net to 0.13.0 (#26297) 2023-08-03 08:29:57 +00:00
Lunny Xiao c7f6e9fc2f
Update xorm version (#26128)
Test new xorm version compatible with Gitea

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-07-25 20:27:44 +00:00
Chongyi Zheng f2138d6968
Replace gogs/cron with go-co-op/gocron (#25977)
Replace `github.com/gogs/cron` with `github.com/go-co-op/gocron` as the
former package is not maintained for many years.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-24 04:13:41 +00:00
wxiaoguang d0dbe52e76
Refactor to use urfave/cli/v2 (#25959)
Replace #10912

And there are many new tests to cover the CLI behavior

There were some concerns about the "option order in hook scripts"
(https://github.com/go-gitea/gitea/pull/10912#issuecomment-1137543314),
it's not a problem now. Because the hook script uses `/gitea hook
--config=/app.ini pre-receive` format. The "config" is a global option,
it can appear anywhere.

----

## ⚠️ BREAKING ⚠️

This PR does it best to avoid breaking anything. The major changes are:

* `gitea` itself won't accept web's options: `--install-port` / `--pid`
/ `--port` / `--quiet` / `--verbose` .... They are `web` sub-command's
options.
    * Use `./gitea web --pid ....` instead
* `./gitea` can still run the `web` sub-command as shorthand, with
default options
* The sub-command's options must follow the sub-command
* Before: `./gitea --sub-opt subcmd` might equal to `./gitea subcmd
--sub-opt` (well, might not ...)
    * After: only `./gitea subcmd --sub-opt` could be used
    * The global options like `--config` are not affected
2023-07-21 17:28:19 +08:00
harryzcy ec227d6682
Remove nfnt/resize and oliamb/cutter (#25999)
The package `github.com/nfnt/resize` is deprecated and archived by the
author. `github.com/oliamb/cutter` is not maintained since 2018. We
could use `golang.org/x/image/draw` instead.
2023-07-20 19:52:42 +08:00
harryzcy 0f9f6567bb
Bump github.com/golang-jwt/jwt to v5 (#25975)
Bumping `github.com/golang-jwt/jwt` from v4 to v5.

`github.com/golang-jwt/jwt` v5 is bringing some breaking changes:

- standard `Valid()` method on claims is removed. It's replaced by
`ClaimsValidator` interface implementing `Validator()` method instead,
which is called after standard validation. Gitea doesn't seem to be
using this logic.
- `jwt.Token` has a field `Valid`, so it's checked in `ParseToken`
function in `services/auth/source/oauth2/token.go`

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-19 09:57:10 +00:00
KN4CK3R 8af96f585f
Disallow dangerous url schemes (#25960)
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 15:18:37 +00:00
harryzcy c5e187c389
Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
Lunny Xiao 71446eee99
Fix wrong warn messages in migration steps (#25475)
The recent change on xorm for `Sync` is it will not warn when database
have columns which is not listed on struct. So we just need this warn
logs when `Sync` the whole database but not in the migrations Sync.

This PR will remove almost unnecessary warning logs on migrations.

Now below logs in CI will disappear.
```log
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column creator_id but struct has not related field
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column is_closed but struct has not related field
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column board_type but struct has not related field
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column type but struct has not related field
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column closed_date_unix but struct has not related field
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column created_unix but struct has not related field
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column updated_unix but struct has not related field
2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column card_type but struct has not related field
```
2023-06-24 08:20:08 +00:00
sillyguodong 8228751c55
Support changing labels of Actions runner without re-registration (#24806)
close #24540

related:
- Protocol: https://gitea.com/gitea/actions-proto-def/pulls/9
- Runner side: https://gitea.com/gitea/act_runner/pulls/201

changes:
- Add column of `labels` to table `action_runner`, and combine the value
of `agent_labels` and `custom_labels` column to `labels` column.
- Store `labels` when registering `act_runner`.
- Update `labels` when `act_runner` starting and calling `Declare`.
- Users cannot modify the `custom labels` in edit page any more.

other changes:
- Store `version` when registering `act_runner`.
- If runner is latest version, parse version from `Declare`. But older
version runner still parse version from request header.
2023-06-13 22:28:31 +08:00
Yevhen Pavlov 5fa4415bbb
Update github.com/google/go-github to v53 (#25157)
The new `go-github` version
[53](https://github.com/google/go-github/releases/tag/v53.0.0) has been
released.
2023-06-09 19:42:51 +00:00
6543 4c81dae297
Update github.com/google/go-github to v52 (#24004)
based on https://github.com/google/go-github/pull/2743

because of
https://github.com/go-gitea/gitea/pull/23946#discussion_r1160317554

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-05-31 00:31:51 +00:00
wxiaoguang 81ce271f78
Use Go 1.20 for next release (#24859) 2023-05-22 16:29:53 +00:00
Yarden Shoham f5ce2ed292
Allow all URL schemes in Markdown links by default (#24805)
- Closes #21146
- Closes #16721

## ⚠️ BREAKING ⚠️
This changes the default behavior to now create links for any URL scheme
when the user uses the markdown form for links (`[label](URL)`), this
doesn't affect the rendering of inline links. To opt-out set the
`markdown.CUSTOM_URL_SCHEMES` setting to a list of allowed schemes, all
other schemes (except `http` and `https`) won't be allowed.

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/35fa18ce-7dda-4995-b5b3-3f360f38296d)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/0922216b-0b35-4b77-9919-21a5c21dd5d0)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-19 17:17:07 +02:00
KN4CK3R 05209f0d1d
Add RPM registry (#23380)
Fixes #20751

This PR adds a RPM package registry. You can follow [this
tutorial](https://opensource.com/article/18/9/how-build-rpm-packages) to
build a *.rpm package for testing.

This functionality is similar to the Debian registry (#22854) and
therefore shares some methods. I marked this PR as blocked because it
should be merged after #22854.


![grafik](https://user-images.githubusercontent.com/1666336/223806549-d8784fd9-9d79-46a2-9ae2-f038594f636a.png)
2023-05-05 20:33:37 +00:00
techknowlogick a1cd455c85
Bump golang deps (#24533) 2023-05-05 17:17:19 +08:00
Lunny Xiao 55a5717760
Remove unused zapx replace statement on go.mod (#24515)
Fix #23617

Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-04 12:37:39 +02:00