mirror of
https://github.com/go-gitea/gitea.git
synced 2026-06-28 10:19:22 +02:00
232 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
silverwind
|
8337e1c5f3
|
ci: combine unit shards (3-way), drop rotation, use make generate-go
Replaces test-unit-nogogit + test-unit-gogit with a single test-unit-shards matrix (3-shard). Each shard runs both the bindata and bindata-gogit test subsets — round-robin partition of GO_TEST_PACKAGES (123 each) and find-gogit-test-pkgs.sh (22-23 each). Combined work split 3 ways gives each shard ~7:46 wall (vs 10:55/7:38 today). PRs no longer write rotated unit caches: build-cache-rotate is dropped, so the shared seeded gobuild key is restored but not re-saved per PR push. Trade-off: cold testcache on every push (vs warm-on-rerun before). Frees ~3 GB of rotated-cache pressure on the 10 GB cap. Unit shards swap `make backend` for `make generate-go` — only the bindata codegen is needed; the gitea executable's link step (~10-15s) is wasted on unit tests since they don't shell out to the binary (db integration tests do — those keep `make backend`). New shared tools/partition-by-shard.sh handles validation + round-robin partitioning; tools/test-integration-shard.sh now uses it. New Makefile targets: test-backend-shard, test-backend-gogit-shard. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
28e72633e0
|
ci: rename test-unit-bindata, simplify and address review comments
Rename: - test-unit-bindata -> test-unit-nogogit. Both jobs run with the bindata tag; the meaningful difference is the gogit codepath, and the codebase already uses the nogogit/gogit suffix on its build-tagged source files. test-unit-gogit cleanup: - The gogit-affected package set (modules/git/gitrepo/lfs and direct importers) doesn't touch elasticsearch/meilisearch/redis/minio/ azurite, so drop those services and the matching /etc/hosts step. Shard runner robustness (Copilot review feedback): - Validate TEST_SHARD/TEST_TOTAL_SHARDS are positive ints with shard in [1, total]; exit 2 on bad input. - Tighten the test-name grep to require `*testing.T` or `*testing.TB` arg, dropping the TestMain false-positive. - Force LC_ALL=C sort so the partition is deterministic regardless of the runner's locale. - Empty assignment now exits 1 instead of silently passing. find-gogit-test-pkgs.sh: - Mirror the Makefile's GO_TEST_PACKAGES exclusions (drop models/migrations/..., tests/integration, tests/integration/migration-test). - Tighten the comment header — the script returns packages WITH TESTS, not all callers. - Drop dead alternatives from the import-match regex. Makefile test-backend-gogit: - Fail when the script fails or returns no packages instead of silently running `go test` with no args. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
9b6cd19493
|
ci: 3-shard db tests, split test-unit into bindata/gogit jobs
- pgsql/sqlite/mysql/mssql: increase shards from 2 to 3, dropping per-job wall time from ~13 min to ~9-10 min on the slowest (pgsql). - test-unit: split into test-unit-bindata and test-unit-gogit running in parallel, with a test-unit aggregator preserving the existing check name. Each gets its own rotated cache (cache-name unit and unit-gogit) so testcache accumulates per variant. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
8d6615f939
|
ci: shard integration tests across 2 runners per database
Splits each database integration job (pgsql/sqlite/mysql/mssql) into two parallel matrix shards. Test names are enumerated from the integration source and partitioned round-robin (~301/302 of 603 tests per shard); names that don't match the shard are filtered out via -test.run. Migration tests (~50-90 s, fast, sequential) only run on shard 1. The original job names (test-pgsql, test-sqlite, test-mysql, test-mssql) are kept as one-step aggregator jobs that depend on the shards job and report success only when all shards passed. This keeps any branch-protection rule referencing those names valid. Source-based enumeration is used because the test binary's -test.list calls TestMain, which boots the full Gitea environment and panics without a configured database. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
ad9b633757
|
ci: restore make backend in db-test jobs
The previous commit replaced `make backend` with `make generate-go` on the assumption that the gitea executable was unused by the integration tests. It is used: integration tests install git pre-receive hooks that shell out to the binary, so `git push` operations during tests fail with "No such file or directory". Reverts that part of the previous change; the other cache-reuse tweaks remain. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
ff77a928ae
|
ci: improve cache reuse and drop redundant build work
- e2e and checks-backend: enable build-cache restore so they hit the seeded gobuild cache. - pgsql/sqlite/mysql/mssql: replace `make backend` with `make generate-go`. Integration tests build their own test binary and never invoke the gitea executable; only bindata generation is needed. - unit-tests-gogit: narrow to packages with gogit/nogogit-tagged files via a new `test-backend-gogit` Makefile target. Other packages produce identical compiled output regardless of the gogit tag, so retesting them was busywork. - cache-seeder: stop the lint job from competing with the gobuild job on the shared non-rotated gobuild key. Co-Authored-By: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
a5d81d9ce2
|
perf: replace goheader linter with custom check (#37599)
Replace the [slow `goheader` linter](https://github.com/denis-tingaikin/go-header/issues/70) with a custom check. Local go lint time is down from 247s to 32s. 6 new files that were previously undetected because of `//go:build ignore` are fixed. The exit code of the make target preserves the golangci-lint exit code, if present. Also refactors and consolidates the linting targets. Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
Giteabot
|
c81eca9904
|
chore(deps): update action dependencies (#37603)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/labeler](https://redirect.github.com/actions/labeler) | action | minor | `v6.0.1` → `v6.1.0` | | [aws-actions/configure-aws-credentials](https://redirect.github.com/aws-actions/configure-aws-credentials) | action | patch | `v6.1.0` → `v6.1.1` | | [docker.elastic.co/elasticsearch/elasticsearch](https://www.elastic.co/products/elasticsearch) ([source](https://redirect.github.com/elastic/elasticsearch)) | service | patch | `8.19.14` → `8.19.15` | | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.12` → `v46.1.13` | --- ### Release Notes <details> <summary>actions/labeler (actions/labeler)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/labeler/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/labeler/compare/v6.0.1...v6.1.0) #### Enhancements - Add changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by [@​bluca](https://redirect.github.com/bluca) in [#​923](https://redirect.github.com/actions/labeler/pull/923) #### Bug Fixes - Improve Labeler Action documentation and permission error handling by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​897](https://redirect.github.com/actions/labeler/pull/897) - Preserve manually added labels during workflow runs and refine label synchronization logic by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​917](https://redirect.github.com/actions/labeler/pull/917) #### Dependency Updates - Upgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by [@​dependabot](https://redirect.github.com/dependabot) in [#​877](https://redirect.github.com/actions/labeler/pull/877) - Upgrade minimatch from 10.0.1 to 10.2.3 by [@​dependabot](https://redirect.github.com/dependabot) in [#​926](https://redirect.github.com/actions/labeler/pull/926) - Upgrade dependencies ([@​actions/core](https://redirect.github.com/actions/core), [@​actions/github](https://redirect.github.com/actions/github), js-yaml, minimatch, [@​typescript-eslint](https://redirect.github.com/typescript-eslint)) by [@​Copilot](https://redirect.github.com/Copilot) in [#​934](https://redirect.github.com/actions/labeler/pull/934) #### New Contributors - [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) made their first contribution in [#​897](https://redirect.github.com/actions/labeler/pull/897) - [@​bluca](https://redirect.github.com/bluca) made their first contribution in [#​923](https://redirect.github.com/actions/labeler/pull/923) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [#​934](https://redirect.github.com/actions/labeler/pull/934) **Full Changelog**: <https://github.com/actions/labeler/compare/v6...v6.1.0> </details> <details> <summary>aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)</summary> ### [`v6.1.1`](https://redirect.github.com/aws-actions/configure-aws-credentials/releases/tag/v6.1.1) [Compare Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1) ##### What's Changed - chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1722](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1722) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.0 to 25.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1723](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1723) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.12 to 4.2.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1724](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1724) - chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1726](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1726) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.5.1 to 4.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1725](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1725) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1020.0 to 3.1025.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1727](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1727) - chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1728](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1728) - chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1729](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1729) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.2 to 25.6.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1730](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1730) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.24 to 3.972.25 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1733](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1733) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1025.0 to 3.1030.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1732](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1732) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.10 to 2.4.11 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1734](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1734) - chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1736](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1736) - chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1737](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1737) - chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1740](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1740) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.13 to 4.2.14 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1741](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1741) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.25 to 3.972.28 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1742](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1742) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1030.0 to 3.1033.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1743](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1743) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.11 to 2.4.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1739](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1739) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.12 to 2.4.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1747](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1747) - chore(deps): bump postcss from 8.5.6 to 8.5.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1752](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1752) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.6.0 to 4.6.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1750](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1750) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.28 to 3.972.32 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1751](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1751) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1033.0 to 3.1038.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1749](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1749) - chore: release 6.1.1 by [@​lehmanmj](https://redirect.github.com/lehmanmj) in [#​1757](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1757) **Full Changelog**: <https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1> </details> <details> <summary>elastic/elasticsearch (docker.elastic.co/elasticsearch/elasticsearch)</summary> ### [`v8.19.15`](https://redirect.github.com/elastic/elasticsearch/releases/tag/v8.19.15): Elasticsearch 8.19.15 [Compare Source](https://redirect.github.com/elastic/elasticsearch/compare/v8.19.14...v8.19.15) Downloads: <https://elastic.co/downloads/elasticsearch> Release notes: <https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.15.html> </details> <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.13`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.13) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.12...v46.1.13) ##### Documentation - update references to renovatebot/github-action to v46.1.12 ([a871d4d]( |
||
|
silverwind
|
b4085c7e3c
|
build: update pnpm to v11 (#37591)
Update to https://github.com/pnpm/pnpm/releases/tag/v11.0.0 - move all pnpm settings to `pnpm-workspace.yaml`, pnpm v11 only reads that file - drop redundant or no-op settings - disable `strictDepBuilds` to avoid having to manually specify deps with build scripts, this is equivalent to v10 where it will not execute and warn. - add workarounds for https://github.com/SukkaW/nolyfill/issues/119 - remove dead eslintrc entry --- This PR was written with the help of Claude Opus 4.7 --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
wxiaoguang
|
a39af1a829
|
refactor: use modernc sqlite driver as default (#37562)
The mattn driver is still kept, can be enabled by TAGS="sqlite_mattn sqlite_unlock_notify" --------- Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> |
||
|
silverwind
|
ebc058f682
|
ci: increase renovate frequency and fix RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS (#37565)
1. Sync `RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS` with the recent `renovate.json5` change (#37537) — the npm group now runs `make svg nolyfill`, but the workflow allowlist still only matched `^make (tidy|svg)$`, so the post-upgrade task was being rejected. 2. Bump the cron from daily at 01:00 UTC to hourly at :23, matching the cadence of Mend's hosted Renovate App. Hourly gives sub-hour responsiveness to dependency-dashboard checkbox interactions and PR-close reactions; the `:23` offset avoids the GHA scheduler congestion at multiples of 15. Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
Nicolas
|
45ffe5aa6a
|
ci: lint PR titles with commitlint (#37498)
## Summary - Enforce **Conventional Commits** on PR titles (PRs are squash-merged, so the PR title becomes the final commit message). - Add a local `make lint-pr-title` target so contributors can validate titles before pushing. ## Why We squash-merge PRs, which means the final repository history is largely shaped by **PR titles**. Enforcing a consistent Conventional Commits format makes: - **Release notes & changelogs easier to generate** (types like `feat` / `fix` can be grouped automatically). - **History easier to scan** (uniform structure, optional scopes, explicit breaking changes via `!`). - **Automation more reliable** (future tooling can infer category and scope from the title). ## PR title format ```text type(scope)!: subject type: one of build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test scope: optional (e.g. web, api, actions, repo, …) !: optional, indicates a breaking change subject: short, imperative, no trailing period ``` ## Examples ```text feat(web): add dark mode toggle fix(api): avoid panic when repo is missing chore(ci): lint PR titles with commitlint refactor(templates): reduce duplication in repo list rendering feat!: remove legacy OAuth endpoint ``` ## Local testing ```text make deps-frontend make lint-pr-title PR_TITLE="feat(web): add dark mode toggle" ``` --------- Signed-off-by: Nicolas <bircni@icloud.com> Co-authored-by: nb <nb@users.noreply.local> Co-authored-by: GPT-5.2 <gpt-5.2@openai.com> |
||
|
Giteabot
|
62300eab3b
|
chore(deps): update action dependencies (#37540)
This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | minor | `2021.3.17` → `2021.12.29` | | | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | minor | `2023.8.31` → `2023.12.23` | | | [bitnamilegacy/mysql](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/mysql)) | service | minor | `8.0` → `8.4` | | | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.10` → `v46.1.12` | `v46.1.13` | --- ### Release Notes <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.12`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.12) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.11...v46.1.12) ##### Bug Fixes - **deps:** update dependency [@​actions/core](https://redirect.github.com/actions/core) to v3.0.1 ([e8a6055]( |
||
|
silverwind
|
abcfa53040
|
Replace olivere/elastic with REST API client, add OpenSearch support (#37411)
Drops `github.com/olivere/elastic/v7` (unmaintained) and replaces it
with a small in-house wrapper that speaks the Elasticsearch REST API
directly via `net/http`. The subset used by Gitea (`_cluster/health`,
`_bulk`, `_doc`, `_delete_by_query`, `_refresh`, `_search`, `HEAD`/`PUT`
index) is stable across the targeted servers, so no client library is
needed.
**Targets tested**
- Elasticsearch 7, 8, 9
- OpenSearch 1, 2, 3
**Why not `go-elasticsearch`?**
The official client enforces an `X-Elastic-Product` server-identity
check that OpenSearch deliberately fails, which would force shipping a
transport shim to defeat it. Going direct over `net/http` removes that
fight along with several MB of transitive deps (`elastic-transport-go`,
`go.opentelemetry.io/otel{,/metric,/trace}`, `auto/sdk`, `easyjson`,
`intern`, `logr`, `stdr`).
Replaces: #30755
Fixes: https://github.com/go-gitea/gitea/issues/30752
---
This PR was written with the help of Claude Opus 4.7
---------
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
||
|
wxiaoguang
|
1721c235a7
|
Refactor CI workflows (#37487)
1. only trigger docker-dryrun arm64&riscv64 when dockerfile changes 2. de-duplicate "contents: read" permission for most workflows 3. merge various "lint-*" jobs into one job 4. add missing lint targets to the "lint" (all) target |
||
|
silverwind
|
d57d06335d
|
Refactor integration tests infrastructure (#37462)
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
silverwind
|
99cd4f6b22
|
Integrate renovate bot for all dependency updates (#37050)
Replaces Dependabot with Renovate. The new setup: - One PR per ecosystem (GitHub Actions, Go modules + Makefile go-tool pins, npm, Python via uv, Nix flake), opened weekly on Mondays with a 5-day release-age cooldown. Vulnerability PRs ship next-day via daily cron + Renovate's `vulnerabilityAlerts` schedule bypass. - All `uses:` action refs SHA-pinned with patch-level version comments (same format as #36971, which this supersedes); `helpers:pinGitHubActionDigests` keeps future bumps in that format. - `renovatebot/github-action` runtime image pinned via the upstream-recommended `RENOVATE_VERSION` env + magic comment + `customManagers:githubActionsVersions` preset, so Renovate keeps the pin updated. - Custom regex manager tracks the `*_PACKAGE ?= <import-path>@<version>` lines in `Makefile` (golangci-lint, swagger, actionlint, etc.) and groups them into the same Go PR via `matchDatasources: ["go"]`. - Post-upgrade tasks regenerate `assets/go-licenses.json` (`make tidy`) and the SVG sprite (`make svg`), gated by an env-level command allowlist. - Replaces the standalone `cron-flake-updater` workflow — Renovate's nix manager tracks `flake.nix` inputs and produces the same `flake.lock` bump PRs on the regular weekly schedule. - npm and gomod-replace pins live in `renovate.json5` only; `updates@17.16.3` reads them from there too, so the standalone `updates.config.ts` is gone and one source of truth covers both tools. Fixes: https://github.com/go-gitea/gitea/issues/33386 Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: TheFox0x7 <thefox0x7@gmail.com> Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
silverwind
|
ebf30ac4db
|
Optimize CI caches (#37387)
Cache includes go, lint and unittests. Integration tests with their standalone binaries are uncacheable with their current architecture. Every Go job uses a new composite action (`.github/actions/go-cache`) that restores and saves the Go module cache, a shared build cache, and the golangci-lint cache. A `cache-seeder` workflow runs on `push: main` to pre-populate those slots; PRs read them via GitHub's default-branch fallback, so the common case is warm from the first commit. Also dropped `-coverprofile` from `test-unit` (it silently disabled Go's test result cache), and `-race` from `test-pgsql` and `test-mysql` (kept on `test-unit` and `test-sqlite`). Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
Sebastian Ertz
|
8068d608d1
|
Update GitHub Actions to latest major versions (#37313)
| | from | to | | --- | --- | --- | | actions/setup-node | `v5` | `v6` | | astral-sh/setup-uv | `v8.0.0` | `v8.1.0` | |
||
Lunny Xiao
|
a17d5ebe16
|
Don't add useless labels which will bother changelog generation (#37267)
When generating release notes for v1.26, many pull requests haven't been given correct labels so that I have to do many manual work. I think this could be avoid to remove these useless modify labels. |
||
|
silverwind
|
b31eef2828
|
Stabilize issue-project e2e test, increase timeout factor (#37297)
1. stabilize flaky e2e test from
|
||
|
silverwind
|
a9108ab6aa
|
Replace custom Go formatter with golangci-lint fmt (#37194)
Use `golangci-lint fmt` to format code, replacing the previous custom formatter tool. https://github.com/daixiang0/gci is used to order the imports. `make fmt` performs ~13% faster while consuming ~57% less cpu while formatting for me. `GOFUMPT_PACKAGE` is gone because it's using the builtin package from golangci-lint. Co-authored-by: Claude (claude-opus-4-6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
silverwind
|
3c17daf615
|
Update setup-uv to v8.0.0 (#37101)
Update to https://github.com/astral-sh/setup-uv/releases/tag/v8.0.0. Note that version here must be the immutable `v8.0.0`, a mutable `v8` tag does not exist. |
||
|
silverwind
|
0ec66b5380
|
Migrate from webpack to vite (#37002)
Replace webpack with Vite 8 as the frontend bundler. Frontend build is around 3-4 times faster than before. Will work on all platforms including riscv64 (via wasm). `iife.js` is a classic render-blocking script in `<head>` (handles web components/early DOM setup). `index.js` is loaded as a `type="module"` script in the footer. All other JS chunks are also module scripts (supported in all browsers since 2018). Entry filenames are content-hashed (e.g. `index.C6Z2MRVQ.js`) and resolved at runtime via the Vite manifest, eliminating the `?v=` cache busting (which was unreliable in some scenarios like vscode dev build). Replaces: https://github.com/go-gitea/gitea/pull/36896 Fixes: https://github.com/go-gitea/gitea/issues/17793 Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
silverwind
|
cf1e4d7c42
|
Update GitHub Actions to latest major versions (#36964)
Update all Actions to their latest major versions: - `actions/checkout`: v5 → v6 - `dorny/paths-filter`: v3 → v4 - `pnpm/action-setup`: v4 → v5 - `docker/setup-qemu-action`: v3 → v4 - `docker/setup-buildx-action`: v3 → v4 - `docker/build-push-action`: v6 → v7 - `docker/metadata-action`: v5 → v6 - `docker/login-action`: v3 → v4 - `crazy-max/ghaction-import-gpg`: v6 → v7 - `aws-actions/configure-aws-credentials`: v5 → v6 All updates are Node 24 runtime bumps with no workflow-breaking changes for our usage. Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> |
||
|
silverwind
|
08254cf126
|
Enable docker layer caching for dry-run and nightly container builds (#36738)
Enable Docker BuildKit layer caching for the dry-run and nightly container build workflows using GHCR registry cache. - **Dry-run** (`pull-docker-dryrun.yml`): adds `cache-from`, read-only, PRs can't write cache - **Nightly** (`release-nightly.yml`): adds `cache-from` and `cache-to` to both read and write cach --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
silverwind
|
18e0746b7b
|
Rework e2e tests (#36634)
- Replace the e2e tests initialization with a simple bash script, removing the previous Go harness. - `make test-e2e` is the single entry point. It always starts a fully isolated ephemeral Gitea instance with its own temp directory, SQLite database, and config — no interference with the developer's running instance. - A separate `gitea-e2e` binary is built via `EXECUTABLE_E2E` using `TEST_TAGS` (auto-includes sqlite with `CGO_ENABLED=1`), keeping the developer's regular `gitea` binary untouched. - No more split into database-specific e2e tests. Test timeouts are strict, can be relaxed later if needed. - Simplified and streamlined the playwright config and test files. - Remove all output generation of playwright and all references to visual testing. - Tests run on Chrome locally, Chrome + Firefox on CI. - Simplified CI workflow — visible separate steps for frontend, backend, and test execution. - All exported env vars use `GITEA_TEST_E2E_*` prefix. - Use `GITEA_TEST_E2E_FLAGS` to pass flags to playwright, e.g. `GITEA_TEST_E2E_FLAGS="--ui" make test-e2e` for UI mode or `GITEA_TEST_E2E_FLAGS="--headed" make test-e2e` for headed mode. - Use `GITEA_TEST_E2E_DEBUG=1 make test-e2e` to show Gitea server output. --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
silverwind
|
5e9b9b33d1
|
Clean up Makefile, tests and legacy code (#36638)
This simplifies the Makefile by removing the whole-file wrapping that creates a tempdir introduced by https://github.com/go-gitea/gitea/pull/11126. REPO_TEST_DIR is removed as well. Also clean up a lot of legacy code: unnecessary XSS test, incorrect test env init, unused "_old_uid" hack, etc Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
techknowlogick
|
2cdf86e184
|
automate updating nix flakes (#35641) | ||
|
silverwind
|
9d96039027
|
Bump alpine to 3.23, add platforms to docker-dryrun (#36379)
- Bump alpine to 3.23 following https://github.com/go-gitea/gitea/pull/36185 and https://github.com/go-gitea/gitea/pull/36202. - Enable all architectures in `docker-dryrun`. - Tweak actions conditions to be more precise. --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
silverwind
|
7292ae1ed5
|
Update JS deps, remove knip, misc tweaks (#36499)
- Update all JS deps - Enable a few more stylelint stylistic rules and fix issues - Remove knip, it raised another false-positive, this tool is not worth it when you have to babysit it like that - Exclude @eslint/json from updating as it requires unreleased eslint 10 ([ref](https://github.com/eslint/json/issues/207)) - Update labeler config for new eslint filenames - Adjust `make help` output - Add type checking in `stylelint.config.ts` |
||
|
silverwind
|
49edbbbc2e
|
Update JS and PY deps (#36383)
- Update JS and PY dependencies - Workaround https://github.com/stylelint/stylelint/issues/8893 by moving the stylint config file to JS - Regenerate SVGs - Bump to python 3.14 in devcontainer and actions - Verified `@github/text-expander-element` - Removed obsolete type stub |
||
dependabot[bot]
|
b1b5897795
|
Bump appleboy/git-push-action from 1.0.0 to 1.2.0 (#36306)
Bumps [appleboy/git-push-action](https://github.com/appleboy/git-push-action) from 1.0.0 to 1.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/appleboy/git-push-action/releases">appleboy/git-push-action's releases</a>.</em></p> <blockquote> <h2>v1.2.0</h2> <h2>Changelog</h2> <h3>Features</h3> <ul> <li>2722561d2c158e67f0e4b908bda83937e53bbdd4: feat: add options for insecure SSL and SSH version selection (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Others</h3> <ul> <li>2c87d5bacd46972f72523394e67af39825081037: style: standardize YAML quoting and update input descriptions (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>66a962f89a56024b2a36de61fe65ba6b9994be15: fix: rename drone-git-push env vars and update default version (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>e37f17de403a8b0b59184d852be6b7a7e017d376: chore: mark all directories as safe in global git configuration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Refactor</h3> <ul> <li>7bdda76242d8f6b40576a039a2d2233c43b7661e: refactor: refactor GitHub Action to use Bash instead of Docker (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>4873de66e7bed19267cc8cd66959005c42d41cc7: refactor: simplify stdout capturing by removing legacy logic (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>d1c361f2d2e128593b5dfeb3c2d9a5c6a1af7128: ci: run Docker actions as nobody and inject GITHUB_WORKSPACE (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>fdf995de1284df95f38a3d99275eb38537eb05a4: ci: simplify Docker action environment variable configuration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>8e938ac7df8937d595e4c4fcf345139339a34819: ci: update GITHUB_WORKSPACE to use /github/home path (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Documentation updates</h3> <ul> <li>3b2c8661652360dbf1afe1b319a49dbb739c39f1: docs: migrate to composite GitHub Action and standardize env vars (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h2>v1.1.0</h2> <h2>Changelog</h2> <h3>Features</h3> <ul> <li>28a54bbef16233cbea6f9fe39f318a4f055cd749: feat: add mirror input support to GitHub Action configuration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>a63ac675f748ad297929b6d9688f94939fbe3dea: fix: fix spelling of 'force' option in git push actions (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>ee39884535468c8b6f101c0980aec38a61bc6c8b: chore(readme): refactor codebase and update dependencies (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>94fb0c0d87ba52affdcb2daf8505a0e7f086f205: chore: bump drone-git-push base image to version 1.2.0 (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>a939634b19fa88f0d4c853f4b604a4df5549911d: chore: pin Drone Git Push image to a specific version (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>0a16d15bfdca306c84a299db735f248e9d408bb3: ci: improve CI workflow for semantic version releases (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>1807bf9a1b801f99799e4e2a64ca1c6b11301fc3: ci: automate maintenance and enhance repository security (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>f39abba130277d16a141588c1b4c194a8f0b4636: build: run container as non-root user for enhanced security (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>ed86ac596a332db5353062d7cbdf24d61554f5f1: ci: update CI workflows to trigger on main branch (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>cd8de7f6c86b1390f0108011580b6c9845b9f5df: build: eliminate "nobody" user references from Dockerfile (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>7465fee0c6ac1466048408a99c52598be9abf00f: ci: update CI workflow to use newer actions/checkout version (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>b9d4e07212dd711b7e57352e5b6172038ab20f6e: build: simplify Docker build by removing entrypoint.sh chmod step (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>14d3003b72ea485bf8707bfbef4926eca78cc341: build: upgrade CI pipeline to latest drone-git-push base image (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Documentation updates</h3> <ul> <li>378ab1be62cfbae4111d3bbbec417d5b2e97134d: docs: clarify and standardize input and action descriptions (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>4c679526c0d1910c6e058a82fdde978d5cd8c0c2: docs: revamp documentation with expanded features and usage examples (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>61f29e5108e85fa252a0556c08ec87f0c425f1b2: docs: document GitHub Action integration and Claude Code guidelines (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>a7ef8abff3f71345b67dc056ac3d7b2d006efa42: docs: add Trivy security scan badge to documentation (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Lunny Xiao
|
ffea9a27c3
|
Convert locale files from ini to json format (#35489)
Migrate from the current INI format to JSON for translations. JSON is widely supported, including by platforms such as Crowdin and Weblate. |
||
|
dependabot[bot]
|
9764ae87d2
|
Bump crowdin/github-action from 1 to 2 (#36204)
Bumps [crowdin/github-action](https://github.com/crowdin/github-action) from 1 to 2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crowdin/github-action/releases">crowdin/github-action's releases</a>.</em></p> <blockquote> <h2>v2.0.0</h2> <h2>What's Changed</h2> <h3>Features</h3> <ul> <li>Now the Action uses the new <a href="https://crowdin.github.io/crowdin-cli/blog/2024/05/28/cli-v4">CLI v4</a></li> </ul> <h3>Deprecations</h3> <p>Removed deprecated options:</p> <ul> <li><code>add_crowdin_branch</code></li> <li><code>new_branch_title</code></li> <li><code>new_branch_export_pattern</code></li> <li><code>new_branch_priority</code></li> <li><code>delete_crowdin_branch</code></li> </ul> <p>Instead, use the <code>command: branch add <name></code> to create a new branch.</p> <ul> <li><code>identity</code> - this option doesn't make much sense in the context of the GitHub action, where environment variables are a de facto standard for credentials loading.</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.4...v2.0.0">https://github.com/crowdin/github-action/compare/v1.20.4...v2.0.0</a></p> <h2>v1.20.4</h2> <h2>What's Changed</h2> <ul> <li>CLI <a href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.4">3.19.4</a> by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a></li> <li>ci: upgrade actions by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a> in <a href="https://redirect.github.com/crowdin/github-action/pull/226">crowdin/github-action#226</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.3...v1.20.4">https://github.com/crowdin/github-action/compare/v1.20.3...v1.20.4</a></p> <h2>v1.20.3</h2> <h2>What's Changed</h2> <ul> <li>CLI <a href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.3">3.19.3</a> by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a></li> <li>chore: deprecate the 'identity' option by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a> in <a href="https://redirect.github.com/crowdin/github-action/pull/224">crowdin/github-action#224</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.2...v1.20.3">https://github.com/crowdin/github-action/compare/v1.20.2...v1.20.3</a></p> <h2>v1.20.2</h2> <h2>What's Changed</h2> <ul> <li>CLI <a href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.2">3.19.2</a> by <a href="https://github.com/andrii-bodnar"><code>@andrii-bodnar</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crowdin/github-action/compare/v1.20.1...v1.20.2">https://github.com/crowdin/github-action/compare/v1.20.1...v1.20.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
684a541799
|
Bump appleboy/git-push-action from 0.0.3 to 1.0.0 (#36194)
Bumps [appleboy/git-push-action](https://github.com/appleboy/git-push-action) from 0.0.3 to 1.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/appleboy/git-push-action/releases">appleboy/git-push-action's releases</a>.</em></p> <blockquote> <h2>v1.0.0</h2> <h2>Changelog</h2> <h3>Enhancements</h3> <ul> <li>50ae8aaf06c6fc08b3d13da3aa03deb50d970125: chore(docker): improve overall system performance and API integration (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>feea2e25baaa5ea24a9689a8af03f229ec1dd1a2: ci: improve testing workflow and API usage (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>5d65d1094eb0415898554ba83c4f3196778f9a85: ci: improve testing workflow and API usage (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>b31dd8d6e7ba1e80a96a4772d8c4290fe7bac0ce: build: update base image in Dockerfile (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>fc585cfea49d10c08f8009f674c05961a0934647: ci(goreleaser): implement automated release process with GoReleaser (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> <li>b1e5e3d76ccb4afd43bc0859672a6f9113fa0458: ci(test): optimize CI workflow and test configurations (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> <h3>Documentation updates</h3> <ul> <li>8f1f45876617e5d74085a38164c421be39f099b3: docs(readme): refactor codebase and improve test coverage (<a href="https://github.com/appleboy"><code>@appleboy</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
silverwind
|
8f672cea4a
|
Fix labeler config for stylelint (#36199)
Followup to rename in
|
||
|
silverwind
|
e06040efd8
|
Add modifies/dependencies label to dependabot (#36206)
`actions/labeler` can not detect dependency updates in actions because it works on file level, so we need to let dependabot set this label. |
||
|
silverwind
|
b915e6908c
|
Add JSON linting (#36192)
Uses https://github.com/eslint/json to lint all JSON and JSONC files in the repo. |
||
|
silverwind
|
36aa39fffe
|
Bump setup-node to v6, re-enable cache (#36207) | ||
|
silverwind
|
51e1ab5d7d
|
Disable dependabot automatic labels (#36203)
Disable dependabot's [automatic labels](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#labels--), we have `actions/labeler` to do this job. After this is merged, I will delete the labels `dependencies` and `github_actions` that dependabot had created. |
||
|
dependabot[bot]
|
5fa40bacea
|
Bump astral-sh/setup-uv from 6 to 7 (#36198)
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6 to 7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v7.0.0 🌈 node24 and a lot of bugfixes</h2> <h2>Changes</h2> <p>This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.</p> <p>This release also removes the deprecated input <code>server-url</code> which was used to download uv releases from a different server. The <a href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#manifest-file">manifest-file</a> input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.</p> <h3>Fixes</h3> <ul> <li>The action now respects when the environment variable <code>UV_CACHE_DIR</code> is already set and does not overwrite it. It now also finds <a href="https://docs.astral.sh/uv/reference/settings/#cache-dir">cache-dir</a> settings in config files if you set them.</li> <li>Some users encountered problems that <a href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#disable-cache-pruning">cache pruning</a> took forever because they had some <code>uv</code> processes running in the background. Starting with uv version <code>0.8.24</code> this action uses <code>uv cache prune --ci --force</code> to ignore the running processes</li> <li>If you just want to install uv but not have it available in path, this action now respects <code>UV_NO_MODIFY_PATH</code></li> <li>Some other actions also set the env var <code>UV_CACHE_DIR</code>. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.</li> </ul> <h3>Improvements</h3> <p>If you are using minimum version specifiers for the version of uv to install for example</p> <pre lang="toml"><code>[tool.uv] required-version = ">=0.8.17" </code></pre> <p>This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.</p> <p>If you are using other specifiers like <code>0.8.x</code> this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.</p> <h2>🚨 Breaking changes</h2> <ul> <li>Use node24 instead of node20 <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/608">#608</a>)</li> <li>Remove deprecated input server-url <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/607">#607</a>)</li> </ul> <h2>🐛 Bug fixes</h2> <ul> <li>Respect UV_CACHE_DIR and cache-dir <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/612">#612</a>)</li> <li>Use --force when pruning cache <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/611">#611</a>)</li> <li>Respect UV_NO_MODIFY_PATH <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/603">#603</a>)</li> <li>Warn when <code>UV_CACHE_DIR</code> has changed <a href="https://github.com/jamesbraza"><code>@jamesbraza</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/601">#601</a>)</li> </ul> <h2>🚀 Enhancements</h2> <ul> <li>Shortcut to latest version for minimum version specifier <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/598">#598</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>Bump dependencies <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/613">#613</a>)</li> <li>Fix test-uv-no-modify-path <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/604">#604</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
dcad5d8879
|
Bump dev-hanz-ops/install-gh-cli-action from 0.1.0 to 0.2.1 (#36195)
Bumps [dev-hanz-ops/install-gh-cli-action](https://github.com/dev-hanz-ops/install-gh-cli-action) from 0.1.0 to 0.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dev-hanz-ops/install-gh-cli-action/releases">dev-hanz-ops/install-gh-cli-action's releases</a>.</em></p> <blockquote> <h2>v0.2.1 - arm64 support</h2> <ul> <li>support arm64 architecture - <a href="https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/pull/10">dev-hanz-ops/install-gh-cli-action#10</a> (by <a href="https://github.com/whatthefinemanual"><code>@whatthefinemanual</code></a>)</li> </ul> <h2>v0.2.0 - update to node20</h2> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5f5a87f015
|
Bump aws-actions/configure-aws-credentials from 4 to 5 (#36196)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0">5.0.0</a> (2025-09-03)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>Cleanup input handling. Changes invalid boolean input behavior (see <a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445">#1445</a>)</li> </ul> <h3>Features</h3> <ul> <li>add skip OIDC option (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1458">#1458</a>) (<a href=" |
||
|
dependabot[bot]
|
aca6726607
|
Bump docker/build-push-action from 5 to 6 (#36197)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <ul> <li>Export build record and generate <a href="https://docs.docker.com/build/ci/github-actions/build-summary/">build summary</a> by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1120">docker/build-push-action#1120</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.24.0 to 0.26.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1132">docker/build-push-action#1132</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1136">docker/build-push-action#1136</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1138">docker/build-push-action#1138</a></li> <li>Bump braces from 3.0.2 to 3.0.3 in <a href="https://redirect.github.com/docker/build-push-action/pull/1137">docker/build-push-action#1137</a></li> </ul> <blockquote> <p>[!NOTE] This major release adds support for generating <a href="https://docs.docker.com/build/ci/github-actions/build-summary/">Build summary</a> and exporting build record for your build. You can disable this feature by setting <a href="https://docs.docker.com/build/ci/github-actions/build-summary/#disable-job-summary"> <code>DOCKER_BUILD_SUMMARY: false</code> environment variable in your workflow</a>.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0">https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0</a></p> <h2>v5.4.0</h2> <ul> <li>Show builder information before building by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1128">docker/build-push-action#1128</a></li> <li>Handle attestations correctly with provenance and sbom inputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1086">docker/build-push-action#1086</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.19.0 to 0.24.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1088">docker/build-push-action#1088</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1105">docker/build-push-action#1105</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1121">docker/build-push-action#1121</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1127">docker/build-push-action#1127</a></li> <li>Bump undici from 5.28.3 to 5.28.4 in <a href="https://redirect.github.com/docker/build-push-action/pull/1090">docker/build-push-action#1090</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0">https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0</a></p> <h2>v5.3.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.18.0 to 0.19.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1080">docker/build-push-action#1080</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0">https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0</a></p> <h2>v5.2.0</h2> <ul> <li>Disable quotes detection for <code>outputs</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1074">docker/build-push-action#1074</a></li> <li>Warn about ignored inputs by <a href="https://github.com/favonia"><code>@favonia</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1019">docker/build-push-action#1019</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.14.0 to 0.18.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1070">docker/build-push-action#1070</a></li> <li>Bump undici from 5.26.3 to 5.28.3 in <a href="https://redirect.github.com/docker/build-push-action/pull/1057">docker/build-push-action#1057</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0">https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0</a></p> <h2>v5.1.0</h2> <ul> <li>Add <code>annotations</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/992">docker/build-push-action#992</a></li> <li>Add <code>secret-envs</code> input by <a href="https://github.com/elias-lundgren"><code>@elias-lundgren</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/980">docker/build-push-action#980</a></li> <li>Bump <code>@babel/traverse</code> from 7.17.3 to 7.23.2 in <a href="https://redirect.github.com/docker/build-push-action/pull/991">docker/build-push-action#991</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.13.0-rc.1 to 0.14.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/990">docker/build-push-action#990</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1006">docker/build-push-action#1006</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0">https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
silverwind
|
e0214ab841
|
Enable dependabot for actions (#36191)
Enable dependabot for actions only. These should always be safe to update as long as CI passes and some of them are lagging behind. |
||
|
silverwind
|
3e57ba5b36
|
Add permissions tofiles-changed jobs (#36142)
Followup to https://github.com/go-gitea/gitea/pull/36140. `files-changed` is a job that imports another workflow via `uses` statement but CodeQL still complains about lack of permissions on these jobs, so add it. This will fix the remaining [3 CodeQL issues](https://github.com/go-gitea/gitea/security/code-scanning?query=is%3Aopen+branch%3Amain+permissions). |
||
|
silverwind
|
4c06c98dda
|
Add explicit permissions to all actions workflows (#36140)
Explicitely specify all workflow [`permissions`](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions). This will fix [26 CodeQL alerts](https://github.com/go-gitea/gitea/security/code-scanning?query=permissions+is%3Aopen+branch%3Amain+). |
||
|
silverwind
|
87b855bd15
|
Bump actions/checkout to v6 (#36136)
https://github.com/actions/checkout#checkout-v6 Result of `perl -p -i -e 's#actions\/checkout\@v5#actions/checkout\@v6#g' .github/workflows/*` |
||
|
silverwind
|
66707bc3ea
|
Fix actions lint (#36029)
actionlint since https://github.com/rhysd/actionlint/releases/tag/v1.7.9
detects constant conditions and this workflow was being disabled in
|