Time Estimate field is not included in the issue modification webhooks
or issue API endpoints.
This PR fixes the field for the API.
---------
Signed-off-by: Gnanakeethan Balasubramaniam <gnanakeethan@users.noreply.github.com>
Signed-off-by: Gnanakeethan Balasubramaniam <gnanakeethan@cloudparallax.com>
- Moved mail templates to new directories.
- Added new devtest ymls.
- Embedded styles as much as possible.
- Added new translation keys for actions email.
---------
Signed-off-by: NorthRealm <155140859+NorthRealm@users.noreply.github.com>
Co-authored-by: delvh <dev.lh@web.de>
- ~Upgrade golang to 1.25~ blocked by the issue
https://github.com/go-swagger/go-swagger/issues/3220
- Upgrade minor versions of most dependencies
- Upgrade github.com/google/go-github version to v74
- Fix meilisearch because of sdk interface change
- Use github.com/Necoro/html2text which is a fork instead of html2text
because of https://github.com/jaytaylor/html2text/issues/67 which
resulted in complie failure.
- Fix some deprecated methods of gitlab go client.
Partially fix#32018
`git config` and `git remote` write operations create a temporary file
named `config.lock`. Since these operations are not atomic, they must
not be run in parallel. If two requests attempt to modify the same
repository concurrently—such as during a compare operation—one may fail
due to the presence of an existing `config.lock` file.
In cases where `config.lock` is left behind due to an unexpected program
exit, a global lock mechanism could allow us to safely remove the stale
lock file when a related error is detected. While this behavior is not
yet implemented in this PR, it is planned for a future enhancement.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
For some reasons, branches between database and git are not synced. If a
branch exists in database but not in the git, it should be able to be
deleted.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Instance signing rule `pubkey` is described as "Only sign if the user
has a public key", however if the user only has SSH public keys, this
check will fail, as it only checks for GPG keys.
Changed the `pubkey` checks to call a helper `userHasPubkeys` which
sequentially checks for GPG, then SSH keys.
Related #34341
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Trying to prevent duplicate action emails by adding an extra check on job status.
---------
Signed-off-by: NorthRealm <155140859+NorthRealm@users.noreply.github.com>
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Entra ID users should use the OIDC oauth2 provider.
They will still be shown if the instance has a previous Azure AD source
configured.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
GitHub changed where the attachments on releases are stored, which means
repo migrations with releases now fail because the redirect URLs don't
match the base URL validation. We need to update the base URL check to
check for the `release-assets` subdomain as well.
OneDev migration: fix broken migration caused by various REST API
changes in OneDev 7.8.0 and later
- in REST urls use `~api` instead of `api`
- check minimum required OneDev version before starting migration
- required OneDev version is now 12.0.1
(older versions do not offer necessary API:
https://code.onedev.io/onedev/server/~issues/2491)
- support migrating OneDev subprojects (e.g.
http:/onedev.host/projectA/subProjectB)
- set milestone closed state if milestone is closed in OneDev
- moved memory allocation for milestone JSON decoding into for loop
(which gets 100 milestones per iteration) to fix wrong due dates when
having more than 100 milestones
Fix#31113
After #22385 introduced LFS GC, it never worked due to a bug in the INI
library: fields in structs embedded more than one level deep are not
populated from the INI file.
This PR fixes the issue by replacing the multi-level embedded struct
with a single-level struct for parsing the cron.gc_lfs configuration.
Added a new test for retrieving cron settings to demonstrate the bug in
the INI package.
Follow up #35096, fix#35095, fix#35115 and add more tests
The old code used some fragile behaviors which depend on the "nil"
receiver. This PR should be a complete fix for more edge cases.
Change the OpenAPI response of `ListWorkflowRuns` to `WorkflowRunsList`
like it is supposed to be.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Make "Issuer" strictly follow the spec (see comment)
2. Make "/.well-known/openid-configuration" respond 404 if the OAuth2
provider is not enabled.
Then by the way, remove the JSEscape template helper because it is not
needed any more.
Symlinks are followed when you click on a link next to an entry, either
until a file has been found or until we know that the link is dead.
When the link cannot be accessed, we fall back to the current behavior
of showing the document containing the target.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
enable nolintlint scope requirement
add comments to new directives so it's more obvious why they are in
place
---
I can also toggle the mandatory comments on if that's something of
interest.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Follow up the "editor" refactor, use the same approach to simplify code,
and fix some docs & comments
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
This PR fixes a state de-synchronization bug with the issue stopwatch,
it resolves the issue by replacing the ambiguous `/toggle` endpoint
with two explicit endpoints: `/start` and `/stop`.
- The "Start timer" button now exclusively calls the `/start` endpoint.
- The "Stop timer" button now exclusively calls the `/stop` endpoint.
This ensures the user's intent is clearly communicated to the server,
eliminating the state inconsistency and fixing the bug.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#34504
Since one required context can match more than one commit statuses, we
should not directly compare the lengths of `requiredCommitStatuses` and
`requiredContexts`
---------
Signed-off-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
When viewing a file that the user can't edit because they can't write to
the branch, the new, upload, patch, edit and delete functionality is no
longer disabled.
If no user fork of the repository exists, there is now a page to create one.
It will automatically create a fork with a single branch matching the one
being viewed, and a unique repository name will be automatically picked.
When a fork exists, but it's archived, a mirror or the user can't write
code to it, there will instead be a message explaining the situation.
If the usable fork exists, a message will appear at the top of the edit page
explaining that the changes will be applied to a branch in the fork. The
base repository branch will be pushed to a new branch to the fork, and
then the edits will be applied on top.
The suggestion to fork happens when accessing /_edit/, so that for
example online documentation can have an "edit this page" link to
the base repository that does the right thing.
Also includes changes to properly report errors when trying to commit
to a new branch that is protected, and when trying to commit to an
existing branch when choosing the new branch option.
Resolves#9017, #20882
---------
Co-authored-by: Brecht Van Lommel <brecht@blender.org>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
# Fix Feishu Webhook Signature Verification
This PR implements proper signature verification for Feishu (Lark)
webhooks according to the [official
documentation](https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot).
## Changes
- Implemented the `GenSign` function based on Feishu's official Go
sample code
- Modified the webhook request creation to include timestamp and
signature in the payload when a secret is configured
- Fixed the signature generation algorithm to properly use HMAC-SHA256
with the correct string format
## Implementation Details
The signature verification works as follows:
1. When a webhook secret is provided, a timestamp is generated
2. The signature string is created using `timestamp + "\n" + secret`
3. The HMAC-SHA256 algorithm is applied to an empty string using the
signature string as the key
4. The result is Base64 encoded to produce the final signature
5. Both timestamp and signature are added to the payload
According to Feishu's documentation, the timestamp must be within 1 hour
(3600 seconds) of the current time to be considered valid.
## Security Note
Feishu emphasizes the importance of keeping webhook URLs secure. Do not
disclose them on GitHub, blogs, or any public sites to prevent
unauthorized use.
## References
- [Feishu Custom Bot
Documentation](https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot)
---------
Co-authored-by: hiifong <i@hiif.ong>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The merge-upstream route was so far performing any kind of merge, even
those that would create merge commits and thus make your branch diverge
from upstream, requiring manual intervention via the git cli to undo the
damage.
With the new optional parameter ff_only, we can instruct gitea to error
out, if a non-fast-forward merge would be performed.
Upgrade to
[v0.19.0](https://github.com/golang/tools/releases/tag/gopls%2Fv0.19.0)
and fix issues. Runs with new `warning` serverity setting. This likely
does less checks than before. Additionally, add `make fix` which runs
modernize. This is also verified on CI.
For the record, here are the issues discoverd when running with `info`
severity, in case we want to fix these:
```
tests/integration/repo_test.go:95:5-14: could use tagged switch on i
tests/integration/api_packages_generic_test.go:149:4-64: could use tagged switch on setting.Packages.Storage.Type
services/webhook/msteams_test.go:33:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:59:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:85:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:111:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:138:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:161:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:187:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:213:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:239:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:266:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:407:4-33: could use tagged switch on fact.Name
tests/integration/api_packages_conan_test.go:350:6-33: could use tagged switch on pf.Name
models/issues/tracked_time_test.go:98:3-18: could use tagged switch on user.ID
tests/integration/api_token_test.go:505:5-43: could use tagged switch on minRequiredLevel
services/gitdiff/gitdiff.go:220:33-46: method "getLineLegacy" is unused
```
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
1. Use `OpenXxx` instead of `GetXxx` because the returned readers should
be correctly closed, and clarify the behaviors of the functions: they
increase the download counter
2. Use `packages-content` styles instead of `issue-content`
By default, the code extracts 200 package versions. If too many packages
are generated every day or if rule cleaning is enabled later, which
means there are more than 200 versions corresponding to the library
package, it may not be cleaned up completely, resulting in residue
Fix#31961
---------
Co-authored-by: yeyuanjie <yecao100@126.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Add some missing (optional) fields for nuget v2, and sort the fields
to make it easier to maintain
2. Add missing "platform" for rubygems: `VERSION-PLATFORM` and
`VERSION_PLATFORM`
Co-authored-by: Giteabot <teabot@gitea.io>
`UpdateAllCols` is dangerous, the columns should be updated when
necessary.
This PR replaces some `updateRepository` invokes to reduce possible
problems and wrongly updated time. Some parts have been fixed in #34388,
but some are hidden in the function `updateRepository`. Alternatively,
using `UpdateRepositoryColsNoAutoTime` to update the changed columns.
Some `UpdateRepoSize` invokes are duplicated, so they will be removed
when extracting from `updateRepository`.
Noticed the SQL will be executed 4 times when visit the file render view
page. For a repository which have many pull requests, it maybe slow.
```SQL
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 2.004167ms
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 1.03975ms
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 881.583µs
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 935.084µs
```
This PR did a refactor to query it once only.
* Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea
* SSH format can be added in gitea config
* SSH Signing worked before with DEFAULT_TRUST_MODEL=committer
`TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents
to trust for every user of this instance
Closes#34329
Related #31392
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Extract from #34531
## Move Commit status state to a standalone package
Move the state from `structs` to `commitstatus` package. It also
introduce `CommitStatusStates` so that the combine function could be
used from UI and API logic.
## Combined commit status Changed
This PR will follow Github's combined commit status. Before this PR,
every commit status could be a combined one.
According to
https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#get-the-combined-status-for-a-specific-reference
> Additionally, a combined state is returned. The state is one of:
> failure if any of the contexts report as error or failure
> pending if there are no statuses or a context is pending
> success if the latest status for all contexts is success
This PR will follow that rule and remove the `NoBetterThan` logic. This
also fixes the inconsistent between UI and API. In the API convert
package, it has implemented this which is different from the UI. It also
fixed the missing `URL` and `CommitURL` in the API.
## `CalcCommitStatus` return nil if there is no commit statuses
The behavior of `CalcCommitStatus` is changed. If the parameter commit
statuses is empty, it will return nil. The reference places should check
the returned value themselves.
