Workflows triggered by pull_request_review events (approved, rejected,
comment) complete successfully but never create a commit status on the
PR. This makes them invisible in the merge checks UI, breaking any CI
gate that re-evaluates on review submission.
The commit status handler's switch statement was missing the three
review event types, so they fell through to the default case which
returned empty strings. Additionally, review events use
PullRequestPayload but IsPullRequest() returns false for them (Event()
returns "pull_request_approved" etc. instead of "pull_request"), so
GetPullRequestEventPayload() refuses to parse their payload.
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
Co-authored-by: silverwind <me@silverwind.io>
[`colord`](https://github.com/omgovich/colord) is significantly smaller
than [`tinycolor2`](https://github.com/bgrins/TinyColor) (~4KB vs ~29KB
minified) and ships its own TypeScript types, removing the need for
`@types/tinycolor2`.
Behaviour is exactly the same for our use cases. By using `.alpha(1)` we
force the function to always output 6-digit hex format (it would output
8-digit for non-opaque colors).
---------
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Change `security-check` not break the build which is a major
inconvenience as it breaks CI on all PRs.
https://github.com/go-gitea/gitea/security/dependabot already provides a
clean overview of outstanding security issues in dependencies and I'm
using it all the time to find and update vulnerable dependencies.
Move playwright install after backend build so all dependency/build
steps run first, then browser install, then test execution.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add EXECUTABLE_E2E variable alongside EXECUTABLE for the e2e binary
- Make the e2e binary target non-phony, tracking $(GO_SOURCES) to
avoid unnecessary rebuilds
- Add separate make gitea-e2e step in CI for visibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
FORCE_COLOR=1 on CI caused console.log to wrap the port number in
ANSI color codes, breaking ROOT_URL parsing. Use process.stdout.write
which bypasses color formatting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The test-e2e target uses TEST_TAGS (not TAGS) so the Makefile's
automatic CGO_ENABLED=1 detection for sqlite didn't trigger. Set
CGO_ENABLED=1 explicitly in the build command.
Also enable GITEA_TEST_E2E_DEBUG on CI to see server output on failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Locally only Chromium runs for fast feedback. On CI, tests also run
on Firefox for broader coverage.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Always start an isolated ephemeral Gitea instance with its own temp
directory, SQLite database, and config file. This addresses review
feedback that using the developer's existing instance is unreliable.
- Rewrite test-e2e.sh to create a temp workdir, find a free port,
write a minimal app.ini, start the server, and clean up on exit
- Build a separate gitea-e2e binary using TEST_TAGS (includes sqlite)
- Simplify CI workflow: remove manual app.ini, server start, and
redundant build steps
- Rename all env vars to use GITEA_TEST_E2E_* prefix
- Rename test user from "e2e" to "e2e-user"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This simplifies the Makefile by removing the whole-file wrapping that
creates a tempdir introduced by
https://github.com/go-gitea/gitea/pull/11126. REPO_TEST_DIR is removed
as well.
Also clean up a lot of legacy code: unnecessary XSS test, incorrect test
env init, unused "_old_uid" hack, etc
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fixes: https://github.com/go-gitea/gitea/issues/36612
This new setting controls which workflow directories are searched. The
default value matches the previous hardcoded behaviour.
This allows users for example to exclude `.github/workflows` from being
picked up by Actions in mirrored repositories by setting `WORKFLOW_DIRS
= .gitea/workflows`.
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite `build/generate-go-licenses.go` to use `go list -m -json all`
and read license files directly from the Go module cache instead of
relying on the buggy `google/go-licenses` tool.
This removes the need for CGO, GOOS=linux, and the intermediate temp
directory, while being like 100 times faster than before:
```
$ rm assets/go-licenses.json && time make assets/go-licenses.json
go run build/generate-go-licenses.go assets/go-licenses.json
make assets/go-licenses.json 0.21s user 0.22s system 173% cpu 0.247 total
---------
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Clean up linter configs, removing redundant rules or dead disables. One
new rule enabled, no violations. Many revive rules had same or better
rules in staticcheck or govet.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Revert createRepo/deleteRepo to API-based functions for test
reliability. The UI-based versions were flaky due to navigation
timing. Also double all playwright timeouts (local and CI), rename
API functions to apiX convention, and disable playwright/expect-expect
lint rule.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The UI-based deleteOrg and deleteUser functions fail due to
form-fetch-action issues. Revert these to API calls while keeping
the working UI-based createRepo/deleteRepo functions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Declare E2E_USER, E2E_PASSWORD and E2E_URL as string in ProcessEnv so
non-null assertions are no longer needed throughout the e2e tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use locator('input[name="repo_name"]') instead of getByLabel which
can fail when Fomantic UI interferes with label-input association.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Accept optional username/password in the login utility so the register
test can use it for the newly-created account instead of duplicating
the sign-in steps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use browser-based user actions for test setup and cleanup instead of
direct API/fetch calls, making tests exercise the same code paths as
real users.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The `make test-e2e` target depends on $(EXECUTABLE), and the Makefile
detects tag changes via TAGS_PREREQ. Without passing TAGS, the binary
gets rebuilt without SQLite support, causing the e2e user creation to
fail.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add ENABLE_CAPTCHA=false to CI app.ini so the server starts with
CAPTCHA disabled instead of relying on env var in test script
- Retry on 502/503 in addition to 500 in apiRetry helper
- Fix typo: workarkound → workaround
- Add comment about section-unaware INI parsing in test-e2e.sh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The fomantic dropdown JS does not reliably initialize on CI headless
Chromium, making dropdown-based Sign Out impossible. Use clearCookies
to destroy the session and verify logout state instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The link-action handler does an async fetch POST then a form-based
redirect chain which can be slow on CI. Wait for the /user/logout
response to confirm session destruction, then navigate to verify.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace JS-dependent getByLabel (aria-label set by Fomantic init) with
getByTitle targeting the avatar's server-rendered title attribute, scoped
to the navigation bar. Extract reusable clickDropdownItem helper.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The dropdown already gets aria-label from data-tooltip-content via
the ARIA dropdown patch, so we can open it with getByLabel and then
click Sign Out normally.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
