0
0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-25 07:39:38 +02:00

4869 Commits

Author SHA1 Message Date
Kemal Zebari
416ff1fd31
Support annotated tags when using create release API (#31840)
This adds a new field, "tag_message", that represents the message of the
annotated tag.

Resolves #31835.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-18 05:12:38 +00:00
silverwind
1f35435b81
Run gopls modernize on codebase (#34751)
Recent modernize fixes:
https://github.com/golang/tools/commits/master/gopls/internal/analysis/modernize
2025-06-18 01:48:09 +00:00
wxiaoguang
71e4740946
Refactor some file edit related code (#34744)
Follow up #34350

---------

Co-authored-by: delvh <dev.lh@web.de>
2025-06-18 01:18:07 +00:00
wxiaoguang
f214bb40a3
Improve nuget/rubygems package registries (#34741)
1. Add some missing (optional) fields for nuget v2, and sort the fields
to make it easier to maintain
2. Add missing "platform" for rubygems: `VERSION-PLATFORM` and
`VERSION_PLATFORM`

Co-authored-by: Giteabot <teabot@gitea.io>
2025-06-17 19:42:00 +02:00
Lunny Xiao
1e644e39f9
remove unnecessary duplicate code (#34733) 2025-06-17 12:23:56 -04:00
wxiaoguang
65986f423f
Refactor embedded assets and drop unnecessary dependencies (#34692)
Benefits:

1. smaller binary size (reduces more than 1MB)
2. better control of the assets details
3. fewer unmaintained dependencies
4. faster startup if the assets are not needed
5. won't hang up editors when open "bindata.go" by accident
2025-06-12 03:59:33 +00:00
ChristopherHX
c9505a26b9
Improve instance wide ssh commit signing (#34341)
* Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea
* SSH format can be added in gitea config
* SSH Signing worked before with DEFAULT_TRUST_MODEL=committer

`TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents
to trust for every user of this instance

Closes #34329
Related #31392

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-11 10:32:55 +00:00
wxiaoguang
1610a63bfd
Fix commit message rendering and some UI problems (#34680)
* Fix #34679
* Fix #34676
* Fix #34674
* Fix #34526
2025-06-10 23:20:32 +08:00
wxiaoguang
92e7e98c56
Update x/crypto package and make builtin SSH use default parameters (#34667) 2025-06-09 19:51:02 +00:00
wxiaoguang
7b39c82587
Fix "oras" OCI client compatibility (#34666)
Fix #25846

1. the ImageConfig can be empty, fall back to default
2. the blob size can be empty, it still needs "Content-Length" header
2025-06-09 18:51:05 +00:00
endo0911engineer
b408bf2f0b
Fix: skip paths check on tag push events in workflows (#34602)
## Summary
Fix skipping of `paths` condition in workflows triggered by tag push
events.

## Details
- Ensure workflows triggered by tag pushes bypass the `paths` filter
check.
- Prevent incorrect skipping of workflows due to `paths` conditions on
tag pushes.
- Added and updated unit tests to verify correct behavior.
2025-06-09 17:44:45 +00:00
charles
c6b2cbd75d
Fix footnote jump behavior on the issue page. (#34621)
Close #34511 
Close #34590 

Add comment ID to the footnote item's id attribute to ensure uniqueness.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-09 17:18:11 +00:00
Lunny Xiao
6d0b24064a
Keeping consistent between UI and API about combined commit status state and fix some bugs (#34562)
Extract from #34531 

## Move Commit status state to a standalone package

Move the state from `structs` to `commitstatus` package. It also
introduce `CommitStatusStates` so that the combine function could be
used from UI and API logic.

## Combined commit status Changed

This PR will follow Github's combined commit status. Before this PR,
every commit status could be a combined one.
According to
https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#get-the-combined-status-for-a-specific-reference
> Additionally, a combined state is returned. The state is one of:
> failure if any of the contexts report as error or failure
> pending if there are no statuses or a context is pending
> success if the latest status for all contexts is success

This PR will follow that rule and remove the `NoBetterThan` logic. This
also fixes the inconsistent between UI and API. In the API convert
package, it has implemented this which is different from the UI. It also
fixed the missing `URL` and `CommitURL` in the API.

## `CalcCommitStatus` return nil if there is no commit statuses

The behavior of `CalcCommitStatus` is changed. If the parameter commit
statuses is empty, it will return nil. The reference places should check
the returned value themselves.
2025-06-09 04:05:33 +00:00
Kemal Zebari
47d69b7749
Validate hex colors when creating/editing labels (#34623)
Resolves #34618.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-07 11:25:08 +03:00
TheFox0x7
b38f2d31fd
add codecommit to supported services in api docs (#34626) 2025-06-07 03:31:34 +00:00
wxiaoguang
2a1585b32e
Refactor some tests (#34580)
1. use `test.MockVariableValue` as much as possible
2. avoid `time.Sleep` as much as possible
2025-06-03 01:26:19 +00:00
Philip Peterson
c5e78fc7ad
Do not mutate incoming options to SearchRepositoryByName (#34553)
Similar to #34544, this PR changes the `opts` argument in
`SearchRepositoryByName()` to be passed by value instead of by pointer,
as its mutations do not escape the function scope and are not used
elsewhere. This simplifies reasoning about the function and avoids
unnecessary pointer usage.

This insight emerged during an initial attempt to refactor
`RenderUserSearch()`, which currently intermixes multiple concerns.

---------

Co-authored-by: Philip Peterson <philip-peterson@users.noreply.github.com>
2025-06-02 17:33:25 +00:00
wxiaoguang
e8d8984f7c
Fix some trivial problems (#34579) 2025-06-02 15:22:43 +00:00
badhezi
0cec4b84e2
Fix actions skipped commit status indicator (#34507)
Addresses https://github.com/go-gitea/gitea/issues/34500

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-05-28 11:36:21 -04:00
NorthRealm
4cb0c641ce
Add "View workflow file" to Actions list page (#34538)
This PR adds "View workflow file" to Actions list page, and replaces the
redundant link.

Related #34530

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-05-28 20:30:00 +08:00
wxiaoguang
9f10885b21
Refactor commit reader (#34542) 2025-05-27 16:49:05 +00:00
Lunny Xiao
ab9691291d
Don't display error log when .git-blame-ignore-revs doesn't exist (#34457)
Fix #34454
2025-05-26 17:09:14 +00:00
Lunny Xiao
b595f81b79
Performance optimization for tags synchronization (#34355)
The tags synchronization is very slow for a non-mirror repository with
many tags especially forking. This PR make all repositories' tags
synchronization use the same function and remove the low performance
synchronization function. The commit count of tag now will not be stored
into database when syncing. Since the commits count will always be read
from cache or git data, the `NumCommits` in the release table will be
updated for the first read from git data.
2025-05-22 13:54:42 -07:00
Lunny Xiao
06ccda06c4
Fix possible panic (#34508) 2025-05-22 12:59:42 +00:00
Bo-Yi Wu
d06eb8d801
feat(api): add date range filtering to commit retrieval endpoints (#34497)
- Add support for filtering commits by date range via new "since" and
"until" parameters
- Update API endpoints and command logic to handle the new parameters
for fetching commits within given dates
- Extend API documentation and Swagger specs to describe the new "since"
and "until" query parameters
- Refactor related function signatures and implementations to accept and
pass "since" and "until" values

---------

Signed-off-by: appleboy <appleboy.tw@gmail.com>
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2025-05-19 18:57:58 -07:00
Adam Majer
9cfcc079c7
Export repo's manual merge settings (#34502) 2025-05-19 13:08:00 -04:00
wxiaoguang
4a98ab0540
Remove legacy template helper functions (#34426)
These functions have been marked as `panicIfDevOrTesting` since 1.23
(#32422)
2025-05-11 01:42:21 -04:00
Lunny Xiao
ad271444e9
Fix a bug when uploading file via lfs ssh command (#34408)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-05-09 16:17:08 +00:00
wxiaoguang
179068fddb
Refactor commit message rendering and fix bugs (#34412)
Fix #34398, fix #33308

Remove all `repo.ComposeCommentMetas` from templates,
only use `repo` to render commit message.
2025-05-09 20:42:35 +08:00
bytedream
2fbc8f9e87
Fix LFS file not stored in LFS when uploaded/edited via API or web UI (#34367)
Files that should be stored in LFS and are uploaded/edited from the API
or web UI aren't stored in LFS. This may be a regression from #34154.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-05-08 13:07:53 +08:00
Tobias Balle-Petersen
020e774b91
feat: add label 'state' to metric 'gitea_users' (#34326)
This PR adds the label _state_ to the metric _gitea_users_. With the
change, _gitea_users_ would be reported like this:

```
...
# HELP gitea_users Number of Users
# TYPE gitea_users gauge
gitea_users{state="active"} 20
gitea_users{state="inactive"} 10
...
```

The metrics above would be from a Gitea instance with 30 user accounts.
20 of the accounts are active and 10 of the accounts are not active.

Resolve #34325
2025-05-07 18:00:53 +00:00
Tobias Balle-Petersen
3e49fba578
feat: return time of last usage for public keys and access tokens in the api (#34323)
In the Gitea GUI, the user can see the time that _AccessTokens_ and
_PublicKeys_ were last used. This information is not returned by the
_/users/{username}/tokens_ and _/user/keys_ endpoints in the API. This
PR adds the missing data.

The time of last usage for for _tokens_ & _keys_ seem to be stored in
the _Updated_ field of the structs internally. For consistency, I have
used the name _updated_at_ for the new field returned by the _API_.
However, for the _API_ user, I don't think that name reflects the data
returned, as I believe it is the time of last usage. I propose that we
use the name _last_used_at_ instead. Let's hear reviewers opinion on
that.

* PublicKey
  1. _last_used_at_: string($date-time)
* AccessToken
  1. _created_at_: string($date-time) (for parity with public keys)
  2. _last_used_at_: string($date-time)

Fix #34313
2025-05-01 21:42:17 +03:00
Tobias Balle-Petersen
e67f74efc8
fix: do not return archive download URLs in API if downloads are disabled (#34324)
If archive downloads are are disabled using
_DISABLE_DOWNLOAD_SOURCE_ARCHIVES_, archive links are still returned by
the API.

This PR changes the data returned, so the fields _zipball_url_ and
_tarball_url_ are omitted if archive downloads have been disabled.

Resolve #32159
2025-04-30 10:06:37 -07:00
Kerwin Bryant
2b76993415
support the open-icon of folder (#34168)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-28 19:51:32 -07:00
wxiaoguang
0148d03f21
Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187)
Fix #880

Design:

1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-04-28 15:31:59 -07:00
Lunny Xiao
0376c09fc2
Update token creation API swagger documentation (#34288)
Fix #34231
2025-04-27 05:32:15 +00:00
Brecht Van Lommel
a9343896f4
Option to delay conflict checking of old pull requests until page view (#27779)
`[repository.pull-request] DELAY_CHECK_FOR_INACTIVE_DAYS` is a new
setting to delay the mergeable check for pull requests that have been
inactive for the specified number of days.

This avoids potentially long delays for big repositories with many pull
requests. and reduces system load overall when there are many
repositories or pull requests.

When viewing the PR, checking will start immediately and the PR merge
box will automatically reload when complete. Accessing the PR through
the API will also start checking immediately.

The default value of `7` provides a balance between system load, and
keeping behavior similar to what it was before both for users and API
access. With `0` all conflict checking will be delayed, while `-1`
always checks immediately to restore the previous behavior.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-24 19:26:57 +00:00
wxiaoguang
e625250ffc
Fix various trivial frontend problems (#34263)
1. Fix #20606
2. Fix #34246
3. Fix missing spaces, fix misspells, no visual change.
4. Fix missing "not-mobile", fix #34265

---------

Co-authored-by: silverwind <me@silverwind.io>
2025-04-24 09:11:54 +08:00
wxiaoguang
58d2a87c6c
update go&js dependencies (#34262) 2025-04-23 21:22:40 +00:00
wxiaoguang
9705adb27f
Make public URL generation configurable (#34250)
Follow up #32564

Co-authored-by: Jannis Pohl <838818+jannispl@users.noreply.github.com>
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
2025-04-22 06:49:37 +08:00
Denys Konovalov
9a071a596f
Add API endpoint to request contents of multiple files simultaniously (#34139)
Adds an API POST endpoint under `/repos/{owner}/{repo}/file-contents`
which receives a list of paths and returns a list of the contents of
these files.

This API endpoint will be helpful for applications like headless CMS
(reference: https://github.com/sveltia/sveltia-cms/issues/198) which
need to retrieve a large number of files by reducing the amount of
needed API calls.

Close #33495

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-22 01:20:11 +08:00
YaFou
e947f309b1
Add API routes to lock and unlock issues (#34165)
This pull request adds a GitHub-compatible API endpoint to lock and
unlock an issue.

The following routes exist now:
- `PUT /api/v1/repos/{owner}/{repo}/issues/{id}/lock` to lock an issue
- `DELETE /api/v1/repos/{owner}/{repo}/issues/{id}/lock` to unlock an issue

Fixes #33677
Fixes #20012

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-21 00:43:43 +00:00
Jannis Pohl
d1a3bd6814
Make ROOT_URL support using request Host header (#32564)
Resolve #32554

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-20 11:43:48 +00:00
Dejan Kitic
af6be75adb
Valid email address should only start with alphanumeric (#28174)
This fixes issue #27847 where regular expression allowed email address
to start with special symbols. Valid email addresses should start with
alphanumeric character, and as such will be rendered as email.

Added test cases from the bug report to validate, such input will not be
rendered anymore as email address.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-20 19:18:14 +08:00
D
eda6d65818
markup: improve code block readability and isolate copy button (#34009)
Fix #33197

Improve the rendering of code blocks in markdown content 
for better readability and UI stability across screen sizes.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-19 05:53:39 +00:00
ChristopherHX
21b43fce08
Actions Runner rest api (#33873)
Implements runner apis based on
https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#list-self-hosted-runners-for-an-organization

- Add Post endpoints for registration-token, google/go-github revealed
this as problem
  - We should deprecate Get Endpoints, leaving them for compatibility
- Get endpoint of admin has api path /admin/runners/registration-token
that feels wrong, /admin/actions/runners/registration-token seems more
consistent with user/org/repo api
- Get Runner Api
- List Runner Api
- Delete Runner Api

- Tests admin / user / org / repo level endpoints

Related to #33750 (implements point 1 and 2)
Via needs discovered in #32461, this runner api is needed to allow
cleanup of runners that are deallocated without user interaction.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-18 15:22:41 +00:00
Rowan Bohde
c57304ac3f
Add middleware for request prioritization (#33951)
This adds a middleware for overload protection that is intended to help protect against malicious scrapers.
It does this via [`codel`](https://github.com/bohde/codel), which will perform the following:

1. Limit the number of in-flight requests to some user-defined max
2. When in-flight requests have reached their begin queuing requests.
    Logged-in requests having priority above logged-out requests
3. Once a request has been queued for too long,
    it has a probabilistic chance to be rejected based on how overloaded the entire system is.

When a server experiences more traffic than it can handle,
this keeps latency low for logged-in users and rejects just
enough requests from logged-out users to not overload the service.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2025-04-14 16:25:48 +02:00
wxiaoguang
58a3952458
Fix package upload temp path (#34196)
Fix #34195

The temp dir should be created when it is used.
2025-04-14 18:55:02 +08:00
KN4CK3R
bec9233c29
Add package version api endpoints (#34173)
Fixes #33544

Adds two new api endpoints to list a versions of a package and to get
the latest version of a package by API.

⚠️ BREAKING ⚠️ 
the `size` field for this endpoint changes from `Size` to `size`.
2025-04-13 20:00:44 +00:00
KN4CK3R
a2651c14ce
Add cache for common package queries (#22491)
This adds a cache for common package queries in `GetPackageDescriptor`.
Code which needs to process a list of packages benefits from this
change. This skips 350 queries in the package integration tests for
example.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-13 09:40:36 +00:00