gapodo/forgejo
gapodo/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'upstream/main'

Browse source 
Signed-off-by: Steffen Schröter <steffen@vexar.de>
This commit is contained in:
Steffen Schröter 2022-02-13 08:54:28 +01:00
commit 2793799536
8422 changed files with 128868 additions and 2567293 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.air.conf
View file

@ -1,9 +0,0 @@
root = "."
tmp_dir = ".air"
[build]
cmd = "make backend"
bin = "gitea"
include_ext = ["go", "tmpl"]
exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]

10
.air.toml Normal file
View file

@ -0,0 +1,10 @@
root = "."
tmp_dir = ".air"
[build]
cmd = "make backend"
bin = "gitea"
include_ext = ["go", "tmpl"]
exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
exclude_regex = ["_test.go$"]

16
.changelog.yml
View file

@ -14,28 +14,28 @@ groups:
name: BREAKING
labels:
- kind/breaking
-
name: FEATURES
labels:
- kind/feature
-
name: SECURITY
labels:
- kind/security
-
name: FEATURES
labels:
- kind/feature
-
name: API
labels:
- kind/api
-
name: BUGFIXES
labels:
- kind/bug
-
name: ENHANCEMENTS
labels:
- kind/enhancement
- kind/refactor
- kind/ui
-
name: BUGFIXES
labels:
- kind/bug
-
name: TESTING
labels:

699
.drone.yml
View file

File diff suppressed because it is too large Load diff

41
.eslintrc
View file

@ -2,13 +2,11 @@ root: true
reportUnusedDisableDirectives: true
ignorePatterns:
- /templates/base/head.tmpl
- /templates/repo/activity.tmpl
- /templates/repo/view_file.tmpl
- /web_src/js/vendor
parserOptions:
sourceType: module
ecmaVersion: 2021
ecmaVersion: latest
plugins:
- eslint-plugin-unicorn
@ -25,10 +23,6 @@ env:
globals:
__webpack_public_path__: true
CodeMirror: false
Dropzone: false
SimpleMDE: false
u2fApi: false
settings:
html/html-extensions: [".tmpl"]
@ -37,7 +31,6 @@ overrides:
- files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
env:
browser: true
jquery: true
node: false
- files: ["templates/**/*.tmpl"]
rules:
@ -119,11 +112,12 @@ rules:
import/no-amd: [0]
import/no-anonymous-default-export: [0]
import/no-commonjs: [0]
import/no-cycle: [2, {ignoreExternal: true}]
import/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
import/no-default-export: [0]
import/no-deprecated: [0]
import/no-dynamic-require: [0]
import/no-extraneous-dependencies: [2]
import/no-import-module-exports: [0]
import/no-internal-modules: [0]
import/no-mutable-exports: [2]
import/no-named-as-default-member: [0]
@ -132,6 +126,7 @@ rules:
import/no-named-export: [0]
import/no-namespace: [0]
import/no-nodejs-modules: [0]
import/no-relative-packages: [0]
import/no-relative-parent-imports: [0]
import/no-restricted-paths: [0]
import/no-self-import: [2]
@ -284,6 +279,7 @@ rules:
no-unsafe-negation: [2]
no-unused-expressions: [2]
no-unused-labels: [2]
no-unused-private-class-members: [2]
no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, ignoreRestSiblings: false}]
no-use-before-define: [2, nofunc]
no-useless-backreference: [0]
@ -316,6 +312,7 @@ rules:
prefer-exponentiation-operator: [2]
prefer-named-capture-group: [0]
prefer-numeric-literals: [2]
prefer-object-has-own: [0]
prefer-object-spread: [0]
prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
prefer-regex-literals: [2]
@ -362,14 +359,18 @@ rules:
unicorn/import-style: [0]
unicorn/new-for-builtins: [2]
unicorn/no-abusive-eslint-disable: [0]
unicorn/no-array-for-each: [0]
unicorn/no-array-for-each: [2]
unicorn/no-array-instanceof: [0]
unicorn/no-array-method-this-argument: [2]
unicorn/no-array-push-push: [2]
unicorn/no-await-expression-member: [0]
unicorn/no-console-spaces: [0]
unicorn/no-document-cookie: [2]
unicorn/no-empty-file: [2]
unicorn/no-fn-reference-in-iterator: [0]
unicorn/no-for-loop: [0]
unicorn/no-hex-escape: [0]
unicorn/no-invalid-remove-event-listener: [2]
unicorn/no-keyword-prefix: [0]
unicorn/no-lonely-if: [2]
unicorn/no-nested-ternary: [0]
@ -380,10 +381,15 @@ rules:
unicorn/no-process-exit: [0]
unicorn/no-reduce: [2]
unicorn/no-static-only-class: [2]
unicorn/no-thenable: [2]
unicorn/no-this-assignment: [2]
unicorn/no-unreadable-array-destructuring: [0]
unicorn/no-unsafe-regex: [0]
unicorn/no-unused-properties: [2]
unicorn/no-useless-fallback-in-spread: [2]
unicorn/no-useless-length-check: [2]
unicorn/no-useless-promise-resolve-reject: [2]
unicorn/no-useless-spread: [2]
unicorn/no-useless-undefined: [0]
unicorn/no-zero-fractions: [2]
unicorn/number-literal-case: [0]
@ -394,11 +400,15 @@ rules:
unicorn/prefer-array-flat: [2]
unicorn/prefer-array-index-of: [2]
unicorn/prefer-array-some: [2]
unicorn/prefer-at: [0]
unicorn/prefer-code-point: [2]
unicorn/prefer-dataset: [2]
unicorn/prefer-date-now: [2]
unicorn/prefer-default-parameters: [0]
unicorn/prefer-event-key: [2]
unicorn/prefer-export-from: [2]
unicorn/prefer-includes: [2]
unicorn/prefer-json-parse-buffer: [0]
unicorn/prefer-math-trunc: [2]
unicorn/prefer-modern-dom-apis: [0]
unicorn/prefer-module: [2]
@ -407,7 +417,10 @@ rules:
unicorn/prefer-node-protocol: [0]
unicorn/prefer-node-remove: [0]
unicorn/prefer-number-properties: [0]
unicorn/prefer-object-from-entries: [2]
unicorn/prefer-object-has-own: [0]
unicorn/prefer-optional-catch-binding: [2]
unicorn/prefer-prototype-methods: [0]
unicorn/prefer-query-selector: [0]
unicorn/prefer-reflect-apply: [0]
unicorn/prefer-regexp-test: [2]
@ -419,10 +432,16 @@ rules:
unicorn/prefer-switch: [0]
unicorn/prefer-ternary: [0]
unicorn/prefer-text-content: [2]
unicorn/prefer-top-level-await: [0]
unicorn/prefer-trim-start-end: [2]
unicorn/prefer-type-error: [0]
unicorn/prevent-abbreviations: [0]
unicorn/relative-url-style: [2]
unicorn/require-array-join-separator: [2]
unicorn/require-number-to-fixed-digits-argument: [2]
unicorn/require-post-message-target-origin: [0]
unicorn/string-content: [0]
unicorn/template-indent: [2]
unicorn/throw-new-error: [2]
use-isnan: [2]
valid-typeof: [2, {requireStringLiterals: true}]

9
.gitattributes vendored
View file

@ -1,6 +1,9 @@
* text=auto eol=lf
/vendor/** -text -eol linguist-vendored
/public/vendor/** -text -eol linguist-vendored
/templates/**/*.tmpl linguist-language=Handlebars
*.tmpl linguist-language=Handlebars
/.eslintrc linguist-language=YAML
/.stylelintrc linguist-language=YAML
/public/vendor/** -text -eol linguist-vendored
/vendor/** -text -eol linguist-vendored
/web_src/fomantic/build/** linguist-generated
/web_src/js/vendor/** -text -eol linguist-vendored
Dockerfile.* linguist-language=Dockerfile

0
.github/issue_template.md → .gitea/issue_template.md
View file

93
.github/ISSUE_TEMPLATE/bug-report.yaml vendored Normal file
View file

@ -0,0 +1,93 @@
name: Bug Report
description: Found something you weren't expecting? Report it here!
body:
- type: markdown
attributes:
value: |
NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
attributes:
value: |
1. Please speak English, this is the language all maintainers can speak and write.
2. Please ask questions or configuration/deploy problems on our Discord
server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
3. Make sure you are using the latest release and
take a moment to check that your issue hasn't been reported before.
4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
5. Please give all relevant information below for bug reports, because
incomplete details will be handled as an invalid report.
6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: input
id: gitea-ver
attributes:
label: Gitea Version
description: Gitea version (or commit reference) of your instance
validations:
required: true
- type: input
id: git-ver
attributes:
label: Git Version
description: The version of git running on the server
- type: input
id: os-ver
attributes:
label: Operating System
description: The operating system you are using to run Gitea
- type: textarea
id: run-info
attributes:
label: How are you running Gitea?
description: |
Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
If you are using a package or systemd tell us what distribution you are using
validations:
required: true
- type: dropdown
id: database
attributes:
label: Database
description: What database system are you running?
options:
- PostgreSQL
- MySQL
- MSSQL
- SQLite
- type: dropdown
id: can-reproduce
attributes:
label: Can you reproduce the bug on the Gitea demo site?
description: |
If so, please provide a URL in the Description field
URL of Gitea demo: https://try.gitea.io
options:
- "Yes"
- "No"
validations:
required: true
- type: markdown
attributes:
value: |
It's really important to provide pertinent logs
Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: input
id: logs
attributes:
label: Log Gist
description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
- type: textarea
id: description
attributes:
label: Description
description: |
Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
- type: textarea
id: screenshots
attributes:
label: Screenshots
description: If this issue involves the Web Interface, please provide one or more screenshots

17
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View file

@ -0,0 +1,17 @@
blank_issues_enabled: true
contact_links:
- name: Security Concern
url: https://tinyurl.com/security-gitea
about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
- name: Discord Server
url: https://discord.gg/gitea
about: Please ask questions and discuss configuration or deployment problems here.
- name: Discourse Forum
url: https://discourse.gitea.io
about: Questions and configuration or deployment problems can also be discussed on our forum.
- name: Frequently Asked Questions
url: https://docs.gitea.io/en-us/faq
about: Please check if your question isn't mentioned here.
- name: Crowdin Translations
url: https://crowdin.com/project/gitea
about: Translations are managed here.

23
.github/ISSUE_TEMPLATE/feature-request.yaml vendored Normal file
View file

@ -0,0 +1,23 @@
name: Feature Request
description: Got an idea for a feature that Gitea doesn't have currently? Submit your idea here!
body:
- type: markdown
attributes:
value: |
1. Please speak English, this is the language all maintainers can speak and write.
2. Please ask questions or configuration/deploy problems on our Discord
server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
3. Please take a moment to check that your feature hasn't already been suggested.
- type: textarea
id: description
attributes:
label: Feature Description
placeholder: |
I think it would be great if Gitea had...
validations:
required: true
- type: textarea
id: screenshots
attributes:
label: Screenshots
description: If you can, provide screenshots of an implementation on another site e.g. GitHub

65
.github/ISSUE_TEMPLATE/ui.bug-report.yaml vendored Normal file
View file

@ -0,0 +1,65 @@
name: Web Interface Bug Report
description: Something doesn't look quite as it should? Report it here!
body:
- type: markdown
attributes:
value: |
NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
attributes:
value: |
1. Please speak English, this is the language all maintainers can speak and write.
2. Please ask questions or configuration/deploy problems on our Discord
server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
3. Please take a moment to check that your issue doesn't already exist.
4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
5. Please give all relevant information below for bug reports, because
incomplete details will be handled as an invalid report.
6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
- type: input
id: gitea-ver
attributes:
label: Gitea Version
description: Gitea version (or commit reference) your instance is running
validations:
required: true
- type: input
id: os-ver
attributes:
label: Operating System
description: The operating system you are using to access Gitea
- type: input
id: browser-ver
attributes:
label: Browser Version
description: The browser and version that you are using to access Gitea
validations:
required: true
- type: dropdown
id: can-reproduce
attributes:
label: Can you reproduce the bug on the Gitea demo site?
description: |
If so, please provide a URL in the Description field
URL of Gitea demo: https://try.gitea.io
options:
- "Yes"
- "No"
validations:
required: true
- type: textarea
id: description
attributes:
label: Description
description: |
Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
- type: textarea
id: screenshots
attributes:
label: Screenshots
description: Please provide at least 1 screenshot showing the issue.
validations:
required: true

6
.github/pull_request_template.md vendored
View file

@ -1,7 +1,9 @@
<!--
Please check the following:
1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md
2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting (if any)
**You MUST delete the content above including this line before posting, otherwise your pull request will be invalid.**
-->

5
.gitignore vendored
View file

@ -9,6 +9,8 @@ _test
# IntelliJ
.idea
# Goland's output filename can not be set manually
/go_build_*
# MS VSCode
.vscode
@ -34,6 +36,8 @@ _testmain.go
coverage.all
cpu.out
/modules/migration/bindata.go
/modules/migration/bindata.go.hash
/modules/options/bindata.go
/modules/options/bindata.go.hash
/modules/public/bindata.go
@ -83,6 +87,7 @@ cpu.out
/public/css
/public/fonts
/public/img/webpack
/vendor
/web_src/fomantic/node_modules
/web_src/fomantic/build/*
!/web_src/fomantic/build/semantic.js

44
.golangci.yml
View file

@ -9,24 +9,62 @@ linters:
- unused
- structcheck
- varcheck
- golint
- dupl
#- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
- gofmt
- misspell
- gocritic
- bidichk
- ineffassign
- revive
- gofumpt
enable-all: false
disable-all: true
fast: false
run:
timeout: 3m
skip-dirs:
- node_modules
- public
- web_src
linters-settings:
gocritic:
disabled-checks:
- ifElseChain
- singleCaseSwitch # Every time this occurred in the code, there was no other way.
revive:
ignore-generated-header: false
severity: warning
confidence: 0.8
errorCode: 1
warningCode: 1
rules:
- name: blank-imports
- name: context-as-argument
- name: context-keys-type
- name: dot-imports
- name: error-return
- name: error-strings
- name: error-naming
- name: exported
- name: if-return
- name: increment-decrement
- name: var-naming
- name: var-declaration
- name: package-comments
- name: range
- name: receiver-naming
- name: time-naming
- name: unexported-return
- name: indent-error-flow
- name: errorf
- name: duplicated-imports
- name: modifies-value-receiver
gofumpt:
extra-rules: true
lang-version: 1.16
issues:
exclude-rules:
@ -111,4 +149,6 @@ issues:
linters:
- staticcheck
text: "svc.IsAnInteractiveSession is deprecated: Use IsWindowsService instead."
- path: models/user/openid.go
linters:
- golint

7
.ignore
View file

@ -1,5 +1,8 @@
/vendor
/public/vendor/plugins
*.min.css
*.min.js
/modules/options/bindata.go
/modules/public/bindata.go
/modules/templates/bindata.go
/public/vendor/plugins
/vendor
node_modules

25
.revive.toml
View file

@ -1,25 +0,0 @@
ignoreGeneratedHeader = false
severity = "warning"
confidence = 0.8
errorCode = 1
warningCode = 1
[rule.blank-imports]
[rule.context-as-argument]
[rule.context-keys-type]
[rule.dot-imports]
[rule.error-return]
[rule.error-strings]
[rule.error-naming]
[rule.exported]
[rule.if-return]
[rule.increment-decrement]
[rule.var-naming]
[rule.var-declaration]
[rule.package-comments]
[rule.range]
[rule.receiver-naming]
[rule.time-naming]
[rule.unexported-return]
[rule.indent-error-flow]
[rule.errorf]

16
.stylelintrc
View file

@ -1,15 +1,31 @@
extends: stylelint-config-standard
overrides:
- files: ["**/*.less"]
customSyntax: postcss-less
rules:
alpha-value-notation: null
at-rule-empty-line-before: null
block-closing-brace-empty-line-before: null
color-function-notation: null
color-hex-length: null
comment-empty-line-before: null
declaration-block-no-redundant-longhand-properties: null
declaration-block-single-line-max-declarations: null
declaration-empty-line-before: null
hue-degree-notation: null
indentation: 2
max-line-length: null
no-descending-specificity: null
no-invalid-position-at-import-rule: null
number-leading-zero: never
number-max-precision: null
property-no-vendor-prefix: null
rule-empty-line-before: null
selector-class-pattern: null
selector-id-pattern: null
selector-pseudo-element-colon-notation: double
shorthand-property-no-redundant-values: true
string-quotes: null
value-no-vendor-prefix: null

834
CHANGELOG.md
View file

@ -4,6 +4,840 @@ This changelog goes through all the changes that have been made in each release
without substantial changes to our git log; to see the highlights of what has
been added to each release, please refer to the [blog](https://blog.gitea.io).
## [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1) - 2022-02-06
* SECURITY
* Update JS dependencies, fix lint (#18389) (#18540)
* ENHANCEMENTS
* Add dropdown icon to label set template dropdown (#18564) (#18571)
* BUGFIXES
* comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
* Stop logging an error when notes are not found (#18626) (#18635)
* Ensure that blob-excerpt links work for wiki (#18587) (#18624)
* Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)
* Ensure commit-statuses box is sized correctly in headers (#18538) (#18606)
* Prevent merge messages from being sorted to the top of email chains (#18566) (#18588)
* Prevent panic on prohibited user login with oauth2 (#18562) (#18563)
* Collaborator trust model should trust collaborators (#18539) (#18557)
* Detect conflicts with 3way merge (#18536) (#18537)
* In docker rootless use $GITEA_APP_INI if provided (#18524) (#18535)
* Add `GetUserTeams` (#18499) (#18531)
* Fix review excerpt (#18502) (#18530)
* Fix for AvatarURL database type (#18487) (#18529)
* Use `ImagedProvider` for gplus oauth2 provider (#18504) (#18505)
* Fix OAuth Source Edit Page (#18495) (#18503)
* Use "read" value for General Access (#18496) (#18500)
* Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472) (#18473)
* BUILD
* Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch (#18551) (#18569)
* DOCS
* Update 1.16.0 changelog to set #17846 as breaking (#18533) (#18534)
## [1.16.0](https://github.com/go-gitea/gitea/releases/tag/v1.16.0) - 2022-01-30
* BREAKING
* Remove golang vendored directory (#18277)
* Paginate releases page & set default page size to 10 (#16857)
* Use shadowing script for docker (#17846)
* Only allow webhook to send requests to allowed hosts (#17482)
* SECURITY
* Disable content sniffing on `PlainTextBytes` (#18359) (#18365)
* Only view milestones from current repo (#18414) (#18417)
* Sanitize user-input on file name (#17666)
* Use `hostmatcher` to replace `matchlist` to improve blocking of bad hosts in Webhooks (#17605)
* FEATURES
* Add/update SMTP auth providers via cli (#18197)
* Support webauthn (#17957)
* Team permission allow different unit has different permission (#17811)
* Implement Well-Known URL for password change (#17777)
* Add support for ssh commit signing (#17743)
* Allow Loading of Diffs that are too large (#17739)
* Add copy button to markdown code blocks (#17638)
* Add .gitattribute assisted language detection to blame, diff and render (#17590)
* Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task (#17568)
* Add Reindex buttons to repository settings page (#17494)
* Make SSL cipher suite configurable (#17440)
* Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
* Add simple update checker to Gitea (#17212)
* Migrated Repository will show modifications when possible (#17191)
* Create pub/priv keypair for federation (#17071)
* Make LDAP be able to skip local 2FA (#16954)
* Add nodeinfo endpoint for federation purposes (#16953)
* Save and view issue/comment content history (#16909)
* Use git attributes to determine generated and vendored status for language stats and diffs (#16773)
* Add migrate from Codebase (#16768)
* Add migration from GitBucket (#16767)
* Add OAuth2 introspection endpoint (#16752)
* Add proxy settings and support for migration and webhook (#16704)
* Add microsoft oauth2 providers (#16544)
* Send registration email on user autoregistration (#16523)
* Defer Last Commit Info (#16467)
* Support unprotected file patterns (#16395)
* Add migrate from OneDev (#16356)
* Add option to update pull request by `rebase` (#16125)
* Add RSS/Atom feed support for user actions (#16002)
* Add support for corporate WeChat webhooks (#15910)
* Add a simple way to rename branch like gh (#15870)
* Add bundle download for repository (#14538)
* Add agit flow support in gitea (#14295)
* API
* Add MirrorUpdated field to Repository API type (#18267)
* Adjust Fork API to allow setting a custom repository name (#18066)
* Add API to manage repo tranfers (#17963)
* Add API to get file commit history (#17652)
* Add API to get issue/pull comments and events (timeline) (#17403)
* Add API to get/edit wiki (#17278)
* Add API for get user org permissions (#17232)
* Add HTML urls to notification API (#17178)
* Add API to get commit diff/patch (#17095)
* Respond with updated notifications in API (#17064)
* Add API to fetch git notes (#16649)
* Generalize list header for API (#16551)
* Add API Token Cache (#16547)
* Allow Token API calls be authorized using the reverse-proxy header (#15119)
* ENHANCEMENTS
* Make the height of the editor in Review Box smaller (4 lines as GitHub) (#18319)
* Return nicer error if trying to pull from non-existent user (#18288)
* Show pull link for agit pull request also (#18235)
* Enable partial clone by default (#18195)
* Added replay of webhooks (#18191)
* Show OAuth callback error message (#18185)
* Increase Salt randomness (#18179)
* Add MP4 as default allowed attachment type (#18170)
* Include folders into size cost (#18158)
* Remove `/email2user` endpoint (#18127)
* Handle invalid issues (#18111)
* Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)
* Support open compare page directly (#17975)
* Prefer "Hiragino Kaku Gothic ProN" in system-ui-ja (#17954)
* Clean legacy SimpleMDE code (#17926)
* Refactor install page (db type) (#17919)
* Improve interface when comparing a branch which has created a pull request (#17911)
* Allow default branch to be inferred on compare page (#17908)
* Display issue/comment role even if repo archived (#17907)
* Always set a message-id on mails (#17900)
* Change `<a>` elements to underline on hover (#17898)
* Render issue references in file table (#17897)
* Handle relative unix socket paths (#17836)
* Move accessmode into models/perm (#17828)
* Fix some org style problems (#17807)
* Add List-Unsubscribe header (#17804)
* Create menus for organization pages (#17802)
* Switch archive URL code back to href attributes (#17796)
* Refactor "refs/*" string usage by using constants (#17784)
* Allow forks to org if you can create repos (#17783)
* Improve install code to avoid low-level mistakes. (#17779)
* Improve ellipsis buttons (#17773)
* Add restrict and no-user-rc to authorized_keys (#17772)
* Add copy Commit ID button in commits list (#17759)
* Make `bind` error more readable (#17750)
* Fix navbar on project view (#17749)
* More pleasantly handle broken or missing git repositories (#17747)
* Use `*PushUpdateOptions` as receiver (#17724)
* Remove unused `user` paramater (#17723)
* Better builtin avatar generator (#17707)
* Cleanup and use global style on popups (#17674)
* Move user/org deletion to services (#17673)
* Added comment for changing issue ref (#17672)
* Allow admins to change user avatars (#17661)
* Only set `data-path` once for each file in diff pages (#17657)
* Add icon to vscode clone link (#17641)
* Add download button for file viewer (#17640)
* Add pagination to fork list (#17639)
* Use a standalone struct name for Organization (#17632)
* Minor readability patch. (#17627)
* Add context support for GetUserByID (#17602)
* Move merge-section to `> .content` (#17582)
* Remove NewSession method from db.Engine interface (#17577)
* Move unit into models/unit/ (#17576)
* Restrict GetDeletedBranchByID to the repositories deleted branches (#17570)
* Refactor commentTags functionality (#17558)
* Make Repo Code Indexer an Unique Queue (#17515)
* Simplify Gothic to use our session store instead of creating a different store (#17507)
* Add settings to allow different SMTP envelope from address (#17479)
* Properly determine CSV delimiter (#17459)
* Hide label comments if labels were added and removed immediately (#17455)
* Tune UI alignment for nav bar notification icon, avatar image, issue label (#17438)
* Add appearance section in settings (#17433)
* Move key forms before list and add cancel button (#17432)
* When copying executables to the docker chmod them (#17423)
* Remove deprecated `extendDefaultPlugins` method of svgo (#17399)
* Fix the click behavior for <tr> and <td> with [data-href] (#17388)
* Refactor update checker to use AppState (#17387)
* Improve async/await usage, and sort init calls in `index.js` (#17386)
* Use a variable but a function for IsProd because of a slight performance increment (#17368)
* Frontend refactor, PascalCase to camelCase, remove unused code (#17365)
* Hide command line merge instructions when user can't push (#17339)
* Move session to models/login (#17338)
* Sync gitea app path for git hooks and authorized keys when starting (#17335)
* Make the Mirror Queue a queue (#17326)
* Add "Copy branch name" button to pull request page (#17323)
* Fix repository summary on mobile (#17322)
* Split `index.js` to separate files (#17315)
* Show direct match on top for user search (#17303)
* Frontend refactor: move Vue related code from `index.js` to `components` dir, and remove unused codes. (#17301)
* Upgrade chi to v5 (#17298)
* Disable form autofill (#17291)
* Improve behavior of "Fork" button (#17288)
* Open markdown image links in new window (#17287)
* Add hints for special Wiki pages (#17283)
* Move add deploy key form before the list and add a cancel button (#17228)
* Allow adding multiple issues to a project (#17226)
* Add metrics to get issues by repository (#17225)
* Add specific event type to header (#17222)
* Redirect on project after issue created (#17211)
* Reference in new issue modal: dont pre-populate issue title (#17208)
* Always set a unique Message-ID header (#17206)
* Add projects and project boards in exposed metrics (#17202)
* Add metrics to get issues by label (#17201)
* Add protection to disable Gitea when run as root (#17168)
* Don't return binary file changes in raw PR diffs by default (#17158)
* Support sorting for project board issuses (#17152)
* Force color-adjust for markdown checkboxes (#17146)
* Add option to copy line permalink (#17145)
* Move twofactor to models/login (#17143)
* Multiple tokens support for migrating from github (#17134)
* Unify issue and PR subtitles (#17133)
* Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125)
* Fix problem when database id is not increment as expected (#17124)
* Avatar refactor, move avatar code from `models` to `models.avatars`, remove duplicated code (#17123)
* Re-allow clipboard copy on non-https sites (#17118)
* DBContext is just a Context (#17100)
* Move login related structs and functions to models/login (#17093)
* Add SkipLocal2FA option to pam and smtp sources (#17078)
* Move db related basic functions to models/db (#17075)
* Fixes username tagging in "Reference in new issue" (#17074)
* Use light/dark theme based on system preference (#17051)
* Always emit the configuration path (#17036)
* Add `AbsoluteListOptions` (#17028)
* Use common sessioner for API and Web (#17027)
* Fix overflow label in small view (#17020)
* Report the associated filter if there is an error in LDAP (#17014)
* Add "new issue" btn on project (#17001)
* Add doctor dbconsistency check for release and attachment (#16978)
* Disable Fomantic's CSS tooltips (#16974)
* Add Cache-Control to avatar redirects (#16973)
* Make mirror feature more configurable (#16957)
* Add skip and limit to git.GetTags (#16897)
* Remove ParseQueueConnStr as it is unused (#16878)
* Remove unused Fomantic sidebar module (#16853)
* Allow LDAP Sources to provide Avatars (#16851)
* Remove Dashboard/Home button from the navbar (#16844)
* Use conditions but not repo ids as query condition (#16839)
* Add user settings key/value DB table (#16834)
* Add buttons to allow loading of incomplete diffs (#16829)
* Add information for migrate failure (#16803)
* Add EdDSA JWT signing algorithm (#16786)
* Add user status filter to admin user management page (#16770)
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
* Do not use thin scrollbars on Firefox (#16738)
* Download LFS in git and web workflow from minio/s3 directly (SERVE_DIRECT) (#16731)
* Compute proper foreground color for labels (#16729)
* Add edit button to wiki sidebar and footer (#16719)
* Fix migration svg color (#16715)
* Add link to vscode to repo header (#16664)
* Add filter by owner and team to issue/pulls search endpoint (#16662)
* Kanban colored boards (#16647)
* Allow setting X-FRAME-OPTIONS (#16643)
* Separate open and closed issue in metrics (#16637)
* Support direct comparison (git diff a..b) as well merge comparison (a…b) (#16635)
* Add setting to OAuth handlers to skip local 2FA authentication (#16594)
* Make PR merge options more intuitive (#16582)
* Show correct text when comparing commits on empty pull request (#16569)
* Pre-fill suggested New File 'name' and 'content' with Query Params (#16556)
* Add an abstract json layout to make it's easier to change json library (#16528)
* Make Mermaid.js limit configurable (#16519)
* Improve 2FA autofill (#16473)
* Add modals to Organization and Team remove/leave (#16471)
* Show tag name on dashboard items list (#16466)
* Change default cron schedules from @every 24h to @midnight (#16431)
* Prevent double sanitize (#16386)
* Replace `list.List` with slices (#16311)
* Add configuration option to restrict users by default (#16256)
* Move login out of models (#16199)
* Support pagination of organizations on user settings pages (#16083)
* Switch migration icon to svg (#15954)
* Add left padding for chunk header of split diff view (#13397)
* Allow U2F 2FA without TOTP (#11573)
* BUGFIXES
* GitLab reviews may not have the updated_at field set (#18450) (#18461)
* Fix detection of no commits when the default branch is not master (#18422) (#18423)
* Fix broken oauth2 authentication source edit page (#18412) (#18419)
* Place inline diff comment dialogs on split diff in 4th and 8th columns (#18403) (#18404)
* Fix restore without topic failure (#18387) (#18400)
* Fix commit's time (#18375) (#18392)
* Fix partial cloning a repo (#18373) (#18377)
* Stop trimming preceding and suffixing spaces from editor filenames (#18334)
* Prevent showing webauthn error for every time visiting `/user/settings/security` (#18386)
* Fix mime-type detection for HTTP server (#18370) (#18371)
* Stop trimming preceding and suffixing spaces from editor filenames (#18334)
* Restore propagation of ErrDependenciesLeft (#18325)
* Fix PR comments UI (#18323)
* Use indirect comparison when showing pull requests (#18313)
* Replace satori/go.uuid with gofrs/uuid (#18311)
* Fix commit links on compare page (#18310)
* Don't show double error response in git hook (#18292)
* Handle missing default branch better in owner/repo/branches page (#18290)
* Fix CheckRepoStats and reuse it during migration (#18264)
* Prevent underline hover on cards (#18259)
* Don't delete branch if other PRs with this branch are open (#18164)
* Require codereview to have content (#18156)
* Allow admin to associate missing LFS objects for repositories (#18143)
* When attempting to subscribe other user to issue report why access denied (#18091)
* Add option to convert CRLF to LF line endings for sendmail (#18075)
* Only create pprof files for gitea serv if explicitly asked for (#18068)
* Abort merge if head has been updated before pressing merge (#18032)
* Improve TestPatch to use git read-tree -m and implement git-merge-one-file functionality (#18004)
* Use JSON module instead of stdlib json (#18003)
* Fixed issue merged/closed wording (#17973)
* Return nicer error for ForcePrivate (#17971)
* Fix overflow in commit graph (#17947)
* Prevent services/mailer/mailer_test.go tests from deleteing data directory (#17941)
* Use disable_form_autofill on Codebase and Gitbucket (#17936)
* Fix a panic in NotifyCreateIssueComment (caused by string truncation) (#17928)
* Fix markdown URL parsing (#17924)
* Apply CSS Variables to all message elements (#17920)
* Improve checkBranchName (#17901)
* Update chi/middleware to chi/v5/middleware (#17888)
* Fix position of label color picker colors (#17866)
* Fix ListUnadoptedRepositories incorrect total count (#17865)
* Remove whitespace inside rendered code `<td>` (#17859)
* Make Co-committed-by and co-authored-by trailers optional (#17848)
* Fix value of User.IsRestricted when oauth2 user registration (#17839)
* Use new OneDev /milestones endpoint (#17782)
* Prevent deadlock in TestPersistableChannelQueue (#17717)
* Simplify code for writing SHA to name-rev (#17696)
* Fix database deadlock when update issue labels (#17649)
* Add warning for BIDI characters in page renders and in diffs (#17562)
* Fix ipv6 parsing for builtin ssh server (#17561)
* Multiple Escaping Improvements (#17551)
* Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)
* Show client-side error if wiki page is empty (#17415)
* Fix context popup error (#17398)
* Stop sanitizing full name in API (#17396)
* Fix issue close/comment buttons on mobile (#17317)
* Fix navbar UI (#17235)
* Fix problem when database id is not increment as expected (#17229)
* Open the DingTalk link in browser (#17084)
* Remove heads pointing to missing old refs (#17076)
* Fix commit status index problem (#17061)
* Handle broken references in mirror sync (#17013)
* Fix for create repo page layout (#17012)
* Improve LDAP synchronization efficiency (#16994)
* Add repo_id for attachment (#16958)
* Clean-up HookPreReceive and restore functionality for pushing non-standard refs (#16705)
* Remove duplicate csv import in modules/csv/csv.go (#16631)
* Improve SMTP authentication and Fix user creation bugs (#16612)
* Fixed emoji alias not parsed in links (#16221)
* Calculate label URL on API (#16186)
* TRANSLATION
* Fix mispelling of starred as stared (#17465)
* Re-separate the color translation strings (#17390)
* Enable Malayalam, Greek, Persian, Hungarian & Indonesian by default (#16998)
* BUILD
* Add lockfile-check (#18285)
* Don't store assets modified time into generated files (#18193)
* MISC
* Update JS dependencies (#17611)
## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29
* SECURITY
* Only view milestones from current repo (#18414) (#18418)
* BUGFIXES
* Fix broken when no commits and default branch is not master (#18422) (#18424)
* Fix commit's time (#18375) (#18409)
* Fix restore without topic failure (#18387) (#18401)
* Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
* Update to go/text 0.3.7 (#18336)
* MISC
* Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
## [1.15.10](https://github.com/go-gitea/gitea/releases/tag/v1.15.10) - 2022-01-14
* BUGFIXES
* Fix inconsistent PR comment counts (#18260) (#18261)
* Fix release link broken (#18252) (#18253)
* Fix update user from site administration page bug (#18250) (#18251)
* Set HeadCommit when creating tags (#18116) (#18173)
* Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
* Fix purple color in suggested label colors (#18241) (#18242)
* SECURITY
* Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
## [1.15.9](https://github.com/go-gitea/gitea/releases/tag/v1.15.9) - 2021-12-30
* BUGFIXES
* Fix wrong redirect on org labels (#18128) (#18134)
* Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
* Revert "Fix delete u2f keys bug (#18042)" (#18107)
* Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
* Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
* Reset locale on login (#17734) (#18100)
* Correctly handle failed migrations (#17575) (#18099)
* Instead of using routerCtx just escape the url before routing (#18086) (#18098)
* Quote references to the user table in consistency checks (#18072) (#18073)
* Add NotFound handler (#18062) (#18067)
* Ensure that git repository is closed before transfer (#18049) (#18057)
* Use common sessioner for API and web routes (#18114)
* TRANSLATION
* Fix code search result hint on zh-CN (#18053)
## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-20
* BUGFIXES
* Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
* Fix delete u2f keys bug (#18040) (#18042)
* Reset Session ID on login (#18018) (#18041)
* Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
* Stop printing 03d after escaped characters in logs (#18030) (#18034)
* Reset locale on login (#18023) (#18025)
* Fix reset password email template (#17025) (#18022)
* Fix outType on gitea dump (#18000) (#18016)
* Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015)
* Fix rename notification bug (#18011)
* Prevent double decoding of % in url params (#17997) (#18001)
* Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
* Prevent deadlock in create issue (#17970) (#17982)
* TESTING
* Use non-expiring key. (#17984) (#17985)
## [1.15.7](https://github.com/go-gitea/gitea/releases/tag/v1.15.7) - 2021-12-01
* ENHANCEMENTS
* Only allow webhook to send requests to allowed hosts (#17482) (#17510)
* Fix login redirection links (#17451) (#17473)
* BUGFIXES
* Fix database inconsistent when admin change user email (#17549) (#17840)
* Use correct user on releases (#17806) (#17818)
* Fix commit count in tag view (#17698) (#17790)
* Fix close issue but time watcher still running (#17643) (#17761)
* Fix Migrate Description (#17692) (#17727)
* Fix bug when project board get open issue number (#17703) (#17726)
* Return 400 but not 500 when request archive with wrong format (#17691) (#17700)
* Fix bug when read mysql database max lifetime (#17682) (#17690)
* Fix database deadlock when update issue labels (#17649) (#17665)
* Fix bug on detect issue/comment writer (#17592)
* Remove appSubUrl from pasted images (#17572) (#17588)
* Make `ParsePatch` more robust (#17573) (#17580)
* Fix stats upon searching issues (#17566) (#17578)
* Escape issue titles in comments list (#17555) (#17556)
* Fix zero created time bug on commit api (#17546) (#17547)
* Fix database keyword quote problem on migration v161 (#17522) (#17523)
* Fix email with + when active (#17518) (#17520)
* Stop double encoding blame commit messages (#17498) (#17500)
* Quote the table name in CountOrphanedObjects (#17487) (#17488)
* Run Migrate in Install rather than just SyncTables (#17475) (#17486)
* BUILD
* Fix golangci-lint warnings (#17598 et al) (#17668)
* MISC
* Preserve color when inverting emojis (#17797) (#17799)
## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-28
* BUGFIXES
* Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
* Fix CSV render error (#17406) (#17431)
* Read expected buffer size (#17409) (#17430)
* Ensure that restricted users can access repos for which they are members (#17460) (#17464)
* Make commit-statuses popup show correctly (#17447) (#17466)
* TESTING
* Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)
## [1.15.5](https://github.com/go-gitea/gitea/releases/tag/v1.15.5) - 2021-10-21
* SECURITY
* Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
* Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
* BUGFIXES
* Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
* Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
* Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
* Ensure popup text is aligned left (backport for 1.15) (#17343)
* Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
* Disable core.protectNTFS (#17300) (#17302)
* Use pointer for wrappedConn methods (#17295) (#17296)
* AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
* Handle duplicate keys on GPG key ring (#17242) (#17284)
* Fix SVG side by side comparison link (#17375) (#17391)
## [1.15.4](https://github.com/go-gitea/gitea/releases/tag/v1.15.4) - 2021-10-08
* BUGFIXES
* Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
* Don't allow merged PRs to be reopened (#17192) (#17271)
* Fix incorrect repository count on organization tab of dashboard (#17256) (#17266)
* Fix unwanted team review request deletion (#17257) (#17264)
* Fix broken Activities link in team dashboard (#17255) (#17258)
* API pull's head/base have correct permission(#17214) (#17245)
* Fix strange behavior of DownloadPullDiffOrPatch in incorrect index (#17223) (#17227)
* Upgrade xorm to v1.2.5 (#17177) (#17188)
* Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
* Fix bug of get context user (#17169) (#17172)
* Nicely handle missing user in collaborations (#17049) (#17166)
* Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
* Fix wrong i18n keys (#17150) (#17153)
* Fix Archive Creation: correct transaction ending (#17151)
* Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
* Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)
* ENHANCEMENT
* Check user instead of organization when creating a repo from a template via API (#16346) (#17195)
* TRANSLATION
* v1.15 fix Sprintf format 'verbs' in locale files (#17187)
## [1.15.3](https://github.com/go-gitea/gitea/releases/tag/v1.15.3) - 2021-09-19
* ENHANCEMENTS
* Add fluid to ui container class to remove margin (#16396) (#16976)
* Add caller to cat-file batch calls (#17082) (#17089)
* BUGFIXES
* Render full plain readme. (#17083) (#17090)
* Upgrade xorm to v1.2.4 (#17059)
* Fix bug of migrate comments which only fetch one page (#17055) (#17058)
* Do not show issue context popup on external issues (#17050) (#17054)
* Decrement Fork Num when converting from Fork (#17035) (#17046)
* Correctly rollback in ForkRepository (#17034) (#17045)
* Fix missing close in WalkGitLog (#17008) (#17009)
* Add prefix to SVG id/class attributes (#16997) (#17000)
* Fix bug of migrated repository not index (#16991) (#16996)
* Skip AllowedUserVisibilityModes validation on update user if it is an organisation (#16988) (#16990)
* Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977)
* Fix issue with issue default mail template (#16956) (#16975)
* Ensure that rebase conflicts are handled in updates (#16952) (#16960)
* Prevent panic on diff generation (#16950) (#16951)
## [1.15.2](https://github.com/go-gitea/gitea/releases/tag/v1.15.2) - 2021-09-03
* BUGFIXES
* Add unique constraint back into issue_index (#16938)
* Close storage objects before cleaning (#16934) (#16942)
## [1.15.1](https://github.com/go-gitea/gitea/releases/tag/v1.15.1) - 2021-09-02
* BUGFIXES
* Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
* Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
* Ignore review comment when ref commit is missed (#16905) (#16919)
* Fix wrong attachment removal (#16915) (#16917)
* Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
* Correctly return the number of Repositories for Organizations (#16807) (#16911)
* Test if LFS object is accessible (#16865) (#16904)
* Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* Fix dump and restore respository (#16698) (#16898)
* Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
* Fix wiki raw commit diff/patch view (#16891) (#16892)
* Ensure wiki repos are all closed (#16886) (#16888)
* List limited and private orgs if authenticated on API (#16866) (#16879)
* Simplify split diff view generation and remove JS dependency (#16775) (#16863)
* Ensure that the default visibility is set on the user create page (#16845) (#16862)
* In Render tolerate not being passed a context (#16842) (#16858)
* Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
* Report the correct number of pushes on the feeds (#16811) (#16822)
* Add primary_key to issue_index (#16813) (#16820)
* Prevent NPE on empty commit (#16812) (#16819)
* Fix branch pagination error (#16805) (#16816)
* Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
* Remove spurious / from issues.opened_by (#16793)
* Ensure that template compilation panics are sent to the logs (#16788) (#16792)
* Update caddyserver/certmagic (#16789) (#16790)
## [1.15.0](https://github.com/go-gitea/gitea/releases/tag/v1.15.0) - 2021-08-21
* BREAKING
* Make app.ini permissions more restrictive (#16266)
* Refactor Webhook + Add X-Hub-Signature (#16176)
* Add asymmetric JWT signing (#16010)
* Clean-up the settings hierarchy for issue_indexer queue (#16001)
* Change default queue settings to be low go-routines (#15964)
* Improve assets handler middleware (#15961)
* Rename StaticUrlPrefix to AssetUrlPrefix (#15779)
* Use a generic markup class to display externally rendered files and diffs (#15735)
* Add frontend testing, require node 12 (#15315)
* Move (custom) assets into subpath `/assets` (#15219)
* Use level config in log section when sub log section not set level (#15176)
* Links in markdown should be absolute to the repository not the server (#15088)
* Upgrade to the latest version of golang-jwt (#16590) (#16606)
* Set minimum supported version of go to 1.16 (#16710)
* SECURITY
* Encrypt LDAP bind password in db with SECRET_KEY (#15547)
* Remove random password in Dockerfiles (#15362)
* Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* Correctly create of git-daemon-export-ok files (#16508) (#16514)
* Don't show private user's repo in explore view (#16550) (#16554)
* Update node tar dependency to 6.1.6 (#16622) (#16623)
* FEATURES
* Update Go-Git to take advantage of LargeObjectThreshold (#16316)
* Support custom mime type mapping for text files (#16304)
* Link to previous blames in file blame page (#16259)
* Add LRU mem cache implementation (#16226)
* Localize Email Templates (#16200)
* Make command in authorized keys a template (#16003)
* Add possibility to make branch in branch page (#15960)
* Add email headers (#15939)
* Make tasklist checkboxes clickable (#15791)
* Add selecting tags on the compare page (#15723)
* Add cron job to delete old actions from database (#15688)
* On open repository open common cat file batch and batch-check (#15667)
* Add tag protection (#15629)
* Add push to remote mirror repository (#15157)
* Add Image Diff for SVG files (#14867)
* Add dashboard milestone search and repo milestone search by name. (#14866)
* Add LFS Migration and Mirror (#14726)
* Improve notifications for WIP draft PR's (#14663)
* Disable Stars config option (#14653)
* GPG Key Ownership verification with Signed Token (#14054)
* OAuth2 auto-register (#5123)
* API
* Return updated repository when changing repository using API (#16420)
* Let branch/tag name be a valid ref to get CI status (#16400)
* Add endpoint to get commits of PR (#16300)
* Allow COMMENT reviews to not specify a body (#16229)
* Add subject-type filter to list notification API endpoints (#16177)
* ListReleases add filter for draft and pre-releases (#16175)
* ListIssues add more filters (#16174)
* Issue Search Add filter for MilestoneNames (#16173)
* GET / SET User Settings (#16169)
* Expose repo.GetReviewers() & repo.GetAssignees() (#16168)
* User expose counters (#16167)
* Add repoGetTag (#16166)
* Add repoCreateTag (#16165)
* Creating a repo from a template repo via API (#15958)
* Add Active and ProhibitLogin to API (#15689)
* Add Location, Website and Description to API (#15675)
* Expose resolver via API (#15167)
* Swagger AccessToken fixes (#16574) (#16597)
* Set AllowedHeaders on API CORS handler (#16524) (#16618)
* ENHANCEMENTS
* Support HTTP/2 in Let's Encrypt (#16371)
* Introduce NotifySubjectType (#16320)
* Add forge emojies (#16296)
* Implemented head_commit for webhooks (#16282)
* Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (#16278)
* Add previous/next buttons to review comments (#16273)
* Review comments: break-word for long file names (#16272)
* Add configuration to restrict allowed user visibility modes (#16271)
* Add scroll-margin-top to account for sticky header (#16269)
* Add --quiet and --verbose to gitea web to control initial logging (#16260)
* Use gitea logging module for git module (#16243)
* Add tests for all webhooks (#16214)
* Add button to delete undeleted repositories from failed migrations (#16197)
* Speed up git diff highlight generation (#16180)
* Add OpenID claims "profile" and "email". (#16141)
* Reintroduce squash merge default comment as a config setting (#16134)
* Add sanitizer rules per renderer (#16110)
* Improve performance of dashboard list orgs (#16099)
* Refactor assert statements in tests (#16089)
* Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (#16086)
* Remove unnecessary goroutine (#16080)
* Add attachments for PR reviews (#16075)
* Make the github migration less rate limit waiting to get comment per page from repository but not per issue (#16070)
* Add Visible modes function from Organisation to Users too (#16069)
* Add checkbox to delete pull branch after successful merge (#16049)
* Make commit info cancelable (#16032)
* Make modules/context.Context a context.Context (#16031)
* Unified custom config creation (#16012)
* Make sshd_config more flexible regarding connections (#16009)
* Append to existing trailers in generated squash commit message (#15980)
* Always store primary email address into email_address table and also the state (#15956)
* Load issue/PR context popup data only when needed (#15955)
* Remove remaining fontawesome usage in templates (#15952)
* Remove fomantic accordion module (#15951)
* Small refactoring of modules/private (#15947)
* Double the avatar size factor (#15941)
* Add curl to rootless docker image (#15908)
* Replace clipboard.js with async clipboard api (#15899)
* Allow custom highlight mapping beyond file extensions (#15808)
* Add trace logging to SSO methods (#15803)
* Refactor routers directory (#15800)
* Allow only internal registration (#15795)
* Add a new internal hook to save ssh log (#15787)
* Respect default merge message syntax when parsing item references (#15772)
* OAuth2 login: Set account link to "login" as default behavior (#15768)
* Use single shared random string generation function (#15741)
* Hold the event source when there are no listeners (#15725)
* Code comments improvements (#15722)
* Provide OIDC compliant user info endpoint (#15721)
* Fix webkit calendar icon color on arc-green (#15713)
* Improve Light Chroma style (#15699)
* Only use boost workers for leveldb shadow queues (#15696)
* Add compare tag dropdown to releases page (#15695)
* Add caret styling CSS (#15651)
* Remove x-ua-compatible meta tag (#15640)
* Refactor of link creation (#15619)
* Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599)
* Rewrite of the LFS server (#15523)
* Display more repository type on admin repository management (#15440)
* Remove usage of some JS globals (#15378)
* SHA in merged commit comment should be rendered ui sha (#15376)
* Add well-known config for OIDC (#15355)
* Use route rather than use thus reducing the number of stack frames (#15301)
* Code Formats, Nits & Unused Func/Var deletions (#15286)
* Let package git depend on setting but not opposite (#15241)
* Fixed sanitize errors (#15240)
* response simple text message for not html request when 404 (#15229)
* Remove file-loader dependency (#15196)
* Refactor renders (#15175)
* Add mimetype mapping settings (#15133)
* Add Status Updates whilst Gitea migrations are occurring (#15076)
* Reload locales in initialisation if needed by utilizing i18n.Reset (#15073)
* Counterwork seemingly unclickable repo button labels (#15064)
* Add DefaultMergeStyle option to repository (#14789)
* Added support for gopher URLs. (#14749)
* Rework repository archive (#14723)
* Add links to toggle WIP status (#14677)
* Add Tabular Diff for CSV files (#14661)
* Use milestone deadline when sorting issues (#14551)
* BUGFIXES
* Fix invalid params and typo of email templates (#16394)
* Fix activation of primary email addresses (#16385)
* Fix calculation for finalPage in repo-search component (#16382)
* Specify user in rootless container numerically (#16361)
* Detect encoding changes while parsing diff (#16330)
* Fix U2F error reasons always hidden (#16327)
* Prevent zombie processes (#16314)
* Escape reference to `user` table in models.SearchEmails (#16313)
* Fix default push instructions on empty repos (#16302)
* Fix modified files list in webhooks when there is a space (#16288)
* Fix webhook commits wrong hash on HEAD reset (#16283)
* Fuzzer finds an NPE due to incorrect URLPrefix (#16249)
* Don't WARN log UserNotExist errors on ExternalUserLogin failure (#16238)
* Do not show No match found for tribute (#16231)
* Fix "Copy Link" for pull requests (#16230)
* Fix diff expansion is missing final line in a file (#16222)
* Fix private repo permission problem (#16142)
* Fix not able to update local created non-urlencoded wiki pages (#16139)
* More efficiently parse shas for shaPostProcessor (#16101)
* Fix `doctor --run check-db-consistency --fix` with label fix (#16094)
* Prevent webhook action buttons from shifting (#16087)
* Change default TMPDIR path in rootless containers (#16077)
* Fix typo and add TODO notice (#16064)
* Use git log name-status in get last commit (#16059)
* Fix 500 Error with branch and tag sharing the same name (#16040)
* Fix get tag when migration (#16014)
* Add custom emoji support (#16004)
* Use filepath.ToSlash and Join in indexer defaults and queues (#15971)
* Add permission check for ``GenerateRepository`` (#15946)
* Ensure settings for Service and Mailer are read on the install page (#15943)
* Fix layout of milestone view (#15927)
* Unregister non-matching serviceworkers (#15834)
* Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693)
* Attachment support repository route (#15580)
* Fix missing icons and colorpicker when mounted on suburl (#15501)
* Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (#15304)
* Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Resolve Object { type: "error", data: undefined } in stopwatch.js (#15278)
* Fix heatmap activity (#15252)
* Remove vendored copy of fomantic-dropdown (#15193)
* Update repository size on cron gc task (#15177)
* Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser (#15153)
* Add code block highlight to orgmode back (#14222)
* Remove User.GetOrganizations() (#14032)
* Restore Accessibility for Dropdown (#16576) (#16617)
* Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
* Fix table alignment in markdown (#16596) (#16602)
* Fix 500 on first wiki page (#16586) (#16598)
* Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
* Upgrade levelqueue to v0.4.0 (#16560) (#16561)
* Handle too long PR titles correctly (#16517) (#16549)
* Fix data race in bleve indexer (#16474) (#16509)
* Restore CORS on git smart http protocol (#16496) (#16506)
* Fix race in log (#16490) (#16505)
* Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Update notification table with only latest data (#16445) (#16469)
* Fix crash following ldap authentication update (#16447) (#16448)
* Fix direct creation of external users on admin page (partial #16612) (#16613)
* Prevent 500 on draft releases without tag (#16634) (#16636)
* Restore creation of git-daemon-export-ok files (#16508) (#16514)
* Fix data race in bleve indexer (#16474) (#16509)
* Restore CORS on git smart http protocol (#16496) (#16506)
* Fix race in log (#16490) (#16505)
* Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Update notification table with only latest data (#16445) (#16469)
* Fix crash following ldap authentication update (#16447) (#16448)
* Restore compatibility with SQLServer 2008 R2 in migrations (#16638)
* Fix direct creation of external users on admin page (#16613)
* Fix go-git implementation of GetNote when passed a non-existent commit (#16658) (#16659)
* Fix NPE in fuzzer (#16680) (#16682)
* Set issue_index when finishing migration (#16685) (#16687)
* Skip patch download when no patch file exists (#16356) (#16681)
* Ensure empty lines are copiable and final new line too (#16678) (#16692)
* Fix wrong user in OpenID response (#16736) (#16741)
* Do not use thin scrollbars on Firefox (#16738) (#16745)
* Recreate Tables should Recreate indexes on MySQL (#16718) (#16739)
* Keep attachments on tasklist update (#16750) (#16757)
* TESTING
* Bump `postgres` and `mysql` versions (#15710)
* Add tests for clone from wiki (#15513)
* Fix Benchmark tests, remove a broken one & add two new (#15250)
* Create Proper Migration tests (#15116)
* TRANSLATION
* Use a special name for update default branch on repository setting (#15893)
* Fix mirror_lfs source string in en-US locale (#15369)
* BUILD
* Upgrade xorm to v1.1.1 (#16339)
* Disable legal comments in esbuild (#15929)
* Switch to Node 16 to build fronted (#15804)
* Use esbuild to minify CSS (#15756)
* Use binary version of revive linter (#15739)
* Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -… (#15465)
* Stop packaging node_modules in release tarballs (#15273)
* Introduce esbuild on webpack (#14578)
* DOCS
* Update queue workers documentation (#15999)
* Comment out app.example.ini (#15807)
* Improve logo customization docs (#15754)
* Add some response status on api docs (#15399)
* Rework Token API comments (#15162)
* Add better errors for disabled account recovery (#15117)
* MISC
* Remove utf8 option from installation page (#16126)
* Use Wants= over Requires= in systemd file (#15897)
## [1.14.7](https://github.com/go-gitea/gitea/releases/tag/v1.14.7) - 2021-09-02
* BUGFIXES
* Add missing gitRepo close at GetDiffRangeWithWhitespaceBehavior (Partial #16894) (#16896)
* Fix wiki raw commit diff/patch view (#16891) (#16893)
* Ensure wiki repos are all closed (#16886) (#16889)
* Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16849)
* Recreate Tables should Recreate indexes on MySQL (#16718) (#16740)
## [1.14.6](https://github.com/go-gitea/gitea/releases/tag/v1.14.6) - 2021-08-04
* SECURITY
* Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
* Switch to maintained JWT lib (#16532) (#16535)
* Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)
* BUGFIXES
* Add basic edit ldap auth test & actually fix #16252 (#16465) (#16495)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16481)
## [1.14.5](https://github.com/go-gitea/gitea/releases/tag/v1.14.5) - 2021-07-16
* SECURITY
* Hide mirror passwords on repo settings page (#16022) (#16355)
* Update bluemonday to v1.0.15 (#16379) (#16380)
* BUGFIXES
* Retry rename on lock induced failures (#16435) (#16439)
* Validate issue index before querying DB (#16406) (#16410)
* Fix crash following ldap authentication update (#16447) (#16449)
* ENHANCEMENTS
* Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)
## [1.14.4](https://github.com/go-gitea/gitea/releases/tag/v1.14.4) - 2021-07-06
* BUGFIXES
* Fix relative links in postprocessed images (#16334) (#16340)
* Fix list_options GetStartEnd (#16303) (#16305)
* Fix API to use author for commits instead of committer (#16276) (#16277)
* Handle misencoding of login_source cfg in mssql (#16268) (#16275)
* Fixed issues not updated by commits (#16254) (#16261)
* Improve efficiency in FindRenderizableReferenceNumeric and getReference (#16251) (#16255)
* Use html.Parse rather than html.ParseFragment (#16223) (#16225)
* Fix milestone counters on new issue (#16183) (#16224)
* reqOrgMembership calls need to be preceded by reqToken (#16198) (#16219)
## [1.14.3](https://github.com/go-gitea/gitea/releases/tag/v1.14.3) - 2021-06-18
* SECURITY

134
CONTRIBUTING.md
View file

@ -3,12 +3,14 @@
## Table of Contents
- [Contribution Guidelines](#contribution-guidelines)
- [Table of Contents](#table-of-contents)
- [Introduction](#introduction)
- [Bug reports](#bug-reports)
- [Discuss your design](#discuss-your-design)
- [Testing redux](#testing-redux)
- [Vendoring](#vendoring)
- [Translation](#translation)
- [Building Gitea](#building-gitea)
- [Code review](#code-review)
- [Styleguide](#styleguide)
- [Design guideline](#design-guideline)
@ -79,23 +81,22 @@ Here's how to run the test suite:
|``make lint-frontend`` | lint frontend files |
|``make lint-backend`` | lint backend files |
- run test code (Suggest run in linux)
- run test code (Suggest run in Linux)
| | |
| :------------------------------------- | :----------------------------------------------- |
|``make test[\#TestSpecificName]`` | run unit test |
|``make test-sqlite[\#TestSpecificName]``| run [integration](integrations) test for sqlite |
|[More detail message about integrations](integrations/README.md) |
|``make test-sqlite[\#TestSpecificName]``| run [integration](integrations) test for SQLite |
|[More details about integrations](integrations/README.md) |
## Vendoring
We keep a cached copy of dependencies within the `vendor/` directory,
managing updates via [Modules](https://golang.org/cmd/go/#hdr-Module_maintenance).
We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
Pull requests should only include `vendor/` updates if they are part of
Pull requests should only include `go.mod`, `go.sum` updates if they are part of
the same change, be it a bugfix or a feature addition.
The `vendor/` update needs to be justified as part of the PR description,
The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
and must be verified by the reviewers and/or merger to always reference
an existing upstream commit.
@ -104,7 +105,7 @@ You can find more information on how to get started with it on the [Modules Wiki
## Translation
We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
The only translation that is maintained in this git repository is
The only translation that is maintained in this Git repository is
[`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
and is synced regularly to Crowdin. Once a translation has reached
A SATISFACTORY PERCENTAGE it will be synced back into this repo and
@ -133,6 +134,15 @@ Some of the key points:
if that is not related to your PR, please make *another* PR for that.
* Split big pull requests into multiple small ones. An incremental change
will be faster to review than a huge PR.
* Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
```
## :warning: BREAKING :warning:
```
To explain how this could affect users and how to mitigate these changes.
## Styleguide
@ -140,8 +150,8 @@ For imports you should use the following format (_without_ the comments)
```go
import (
// stdlib
"encoding/json"
"fmt"
"math"
// local packages
"code.gitea.io/gitea/models"
@ -155,7 +165,7 @@ import (
## Design guideline
To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The gitea code is divided into the following parts:
To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
- **integration:** Integrations tests
- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
@ -202,9 +212,74 @@ In general, HTTP methods are chosen as follows:
* **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
* **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
### Endpoints returning lists should
* support pagination (`page` & `limit` options in query)
* set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
## Large Character Comments
Throughout the codebase there are large-text comments for sections of code, e.g.:
```go
// __________ .__
// \______ \ _______ _|__| ______ _ __
// | _// __ \ \/ / |/ __ \ \/ \/ /
// | | \ ___/\ /| \ ___/\ /
// |____|_ /\___ >\_/ |__|\___ >\/\_/
// \/ \/ \/
```
These were created using the `figlet` tool with the `graffiti` font.
A simple way of creating these is to use the following:
```bash
figlet -f graffiti Review | sed -e's+^+// +' - | xclip -sel clip -in
```
## Backports and Frontports
Occasionally backports of PRs are required.
The backported PR title should be:
```
Title of backported PR (#ORIGINAL_PR_NUMBER)
```
The first two lines of the summary of the backporting PR should be:
```
Backport #ORIGINAL_PR_NUMBER
```
with the rest of the summary matching the original PR. Similarly for frontports
---
The below is a script that may be helpful in creating backports. YMMV.
```bash
#!/bin/sh
PR="$1"
SHA="$2"
VERSION="$3"
if [ -z "$SHA" ]; then
SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
fi
if [ -z "$VERSION" ]; then
VERSION="v1.16"
fi
echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
```
## Developer Certificate of Origin (DCO)
@ -217,7 +292,7 @@ Additionally you could add a line at the end of your commit message.
Signed-off-by: Joe Smith <joe.smith@email.com>
```
If you set your `user.name` and `user.email` git configs, you can add the
If you set your `user.name` and `user.email` Git configs, you can add the
line to the end of your commit automatically with `git commit -s`.
We assume in good faith that the information you provide is legally binding.
@ -226,18 +301,18 @@ We assume in good faith that the information you provide is legally binding.
We adopted a release schedule to streamline the process of working
on, finishing, and issuing releases. The overall goal is to make a
minor release every two months, which breaks down into one month of
minor release every three or four months, which breaks down into two or three months of
general development followed by one month of testing and polishing
known as the release freeze. All the feature pull requests should be
merged in the first month of one release period. And, during the frozen
period, a corresponding release branch is open for fixes backported from
master. Release candidates are made during this period for user testing to
merged before feature freeze. And, during the frozen period, a corresponding
release branch is open for fixes backported from main branch. Release candidates
are made during this period for user testing to
obtain a final version that is maintained in this branch. A release is
maintained by issuing patch releases to only correct critical problems
such as crashes or security issues.
Major release cycles are bimonthly. They always begin on the 25th and end on
the 24th (i.e., the 25th of December to February 24th).
Major release cycles are seasonal. They always begin on the 25th and end on
the 24th (i.e., the 25th of December to March 24th).
During a development cycle, we may also publish any necessary minor releases
for the previous version. For example, if the latest, published release is
@ -262,7 +337,7 @@ to the maintainers team. If a maintainer is inactive for more than 3
months and forgets to leave the maintainers team, the owners may move
him or her from the maintainers team to the advisors team.
For security reasons, Maintainers should use 2FA for their accounts and
if possible provide gpg signed commits.
if possible provide GPG signed commits.
https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
https://help.github.com/articles/signing-commits-with-gpg/
@ -293,6 +368,11 @@ and lead the development of Gitea.
To honor the past owners, here's the history of the owners and the time
they served:
* 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
* [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
* [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
* [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
* 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
* [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
* [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
@ -320,13 +400,13 @@ they served:
## Versions
Gitea has the `master` branch as a tip branch and has version branches
Gitea has the `main` branch as a tip branch and has version branches
such as `release/v0.9`. `release/v0.9` is a release branch and we will
tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
after bringing the bug fix also to the master branch.
after bringing the bug fix also to the main branch.
Since the `master` branch is a tip version, if you wish to use Gitea
Since the `main` branch is a tip version, if you wish to use Gitea
in production, please download the latest release tag version. All the
branches will be protected via GitHub, all the PRs to every branch must
be reviewed by two maintainers and must pass the automatic tests.
@ -334,14 +414,14 @@ be reviewed by two maintainers and must pass the automatic tests.
## Releasing Gitea
* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
* If this is a big version first you have to create PR for changelog on branch `master` with PRs with label `changelog` and after it has been merged do following steps:
* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
* Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
* When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
* If needed send PR for changelog on branch `master`.
* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
* If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
## Copyright
@ -349,7 +429,7 @@ be reviewed by two maintainers and must pass the automatic tests.
Code that you contribute should use the standard copyright header:
```
// Copyright 2020 The Gitea Authors. All rights reserved.
// Copyright 2022 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
```

9
Dockerfile
View file

@ -1,7 +1,5 @@
###################################
#Build stage
FROM golang:1.16-alpine3.13 AS build-env
FROM golang:1.17-alpine3.15 AS build-env
ARG GOPROXY
ENV GOPROXY ${GOPROXY:-direct}
@ -25,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
# Begin env-to-ini build
RUN go build contrib/environment-to-ini/environment-to-ini.go
FROM alpine:3.13
FROM alpine:3.15
LABEL maintainer="maintainers@gitea.io"
EXPOSE 22 3000
@ -66,4 +64,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
COPY docker/root /
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*

12
Dockerfile.rootless
View file

@ -1,7 +1,5 @@
###################################
#Build stage
FROM golang:1.16-alpine3.13 AS build-env
FROM golang:1.17-alpine3.15 AS build-env
ARG GOPROXY
ENV GOPROXY ${GOPROXY:-direct}
@ -25,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
# Begin env-to-ini build
RUN go build contrib/environment-to-ini/environment-to-ini.go
FROM alpine:3.13
FROM alpine:3.15
LABEL maintainer="maintainers@gitea.io"
EXPOSE 2222 3000
@ -53,10 +51,12 @@ RUN mkdir -p /var/lib/gitea /etc/gitea
RUN chown git:git /var/lib/gitea /etc/gitea
COPY docker/rootless /
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
USER git:git
#git:git
USER 1000:1000
ENV GITEA_WORK_DIR /var/lib/gitea
ENV GITEA_CUSTOM /var/lib/gitea/custom
ENV GITEA_TEMP /tmp/gitea

5
MAINTAINERS
View file

@ -1,5 +1,4 @@
Alexey Makhov <amakhov@avito.ru> (@makhov)
Andrey Nering <andrey.nering@gmail.com> (@andreynering)
Bo-Yi Wu <appleboy.tw@gmail.com> (@appleboy)
Ethan Koenig <ethantkoenig@gmail.com> (@ethantkoenig)
Kees de Vries <bouwko@gmail.com> (@Bwko)
@ -43,3 +42,7 @@ Kyle Dumont <kdumontnu@gmail.com> (@kdumontnu)
Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
Leon Hofmeister <dev.lh@web.de> (@delvh)
Gusted <williamzijl7@hotmail.com) (@Gusted)
singuliere <singuliere@autistici.org> (@singuliere)

164
Makefile
View file

@ -24,9 +24,10 @@ SHASUM ?= shasum -a 256
HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
COMMA := ,
XGO_VERSION := go-1.16.x
MIN_GO_VERSION := 001014000
XGO_VERSION := go-1.17.x
MIN_GO_VERSION := 001016000
MIN_NODE_VERSION := 012017000
MIN_GOLANGCI_LINT_VERSION := 001044000
DOCKER_IMAGE ?= gitea/gitea
DOCKER_TAG ?= latest
@ -57,11 +58,9 @@ else
SED_INPLACE := sed -i ''
endif
GOFMT ?= gofmt -s
EXTRA_GOFLAGS ?=
MAKE_VERSION := $(shell $(MAKE) -v | head -n 1)
MAKE_VERSION := $(shell "$(MAKE)" -v | head -n 1)
MAKE_EVIDENCE_DIR := .make_evidence
ifeq ($(RACE_ENABLED),true)
@ -93,7 +92,7 @@ LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(G
LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list -mod=vendor ./... | grep -v /vendor/))
GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
FOMANTIC_WORK_DIR := web_src/fomantic
@ -117,7 +116,7 @@ TEST_TAGS ?= sqlite sqlite_unlock_notify
TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR)
GO_DIRS := cmd integrations models modules routers build services vendor tools
GO_DIRS := cmd integrations models modules routers build services tools
GO_SOURCES := $(wildcard *.go)
GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
@ -126,10 +125,8 @@ ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
GO_SOURCES += $(BINDATA_DEST)
endif
GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES))
#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
SWAGGER := $(GO) run github.com/go-swagger/go-swagger/cmd/swagger
SWAGGER_SPEC := templates/swagger/v1_json.tmpl
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
@ -169,6 +166,9 @@ help:
@echo " - watch-backend watch backend files and continuously rebuild"
@echo " - clean delete backend and integration files"
@echo " - clean-all delete backend, frontend and integration files"
@echo " - deps install dependencies"
@echo " - deps-frontend install frontend dependencies"
@echo " - deps-backend install backend dependencies"
@echo " - lint lint everything"
@echo " - lint-frontend lint frontend files"
@echo " - lint-backend lint backend files"
@ -189,8 +189,6 @@ help:
@echo " - generate-swagger generate the swagger spec from code comments"
@echo " - swagger-validate check if the swagger spec is valid"
@echo " - golangci-lint run golangci-lint linter"
@echo " - revive run revive linter"
@echo " - misspell check for misspellings"
@echo " - vet examines Go source code and reports suspicious constructs"
@echo " - test[\#TestSpecificName] run unit test"
@echo " - test-sqlite[\#TestSpecificName] run integration test for sqlite"
@ -200,7 +198,7 @@ help:
go-check:
$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
echo "Gitea requires Go 1.14 or greater to build. You can get it at https://golang.org/dl/"; \
echo "Gitea requires Go 1.16 or greater to build. You can get it at https://golang.org/dl/"; \
exit 1; \
fi
@ -236,14 +234,16 @@ clean:
.PHONY: fmt
fmt:
@echo "Running go fmt..."
@$(GOFMT) -w $(GO_SOURCES_OWN)
@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
$(GO) install mvdan.cc/gofumpt@latest; \
fi
@echo "Running gitea-fmt (with gofumpt)..."
@$(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
.PHONY: vet
vet:
@echo "Running go vet..."
@$(GO) vet $(GO_PACKAGES)
@GOOS= GOARCH= $(GO) build -mod=vendor code.gitea.io/gitea-vet
@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
.PHONY: $(TAGS_EVIDENCE)
@ -279,38 +279,18 @@ swagger-validate:
.PHONY: errcheck
errcheck:
@hash errcheck > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
GO111MODULE=off $(GO) get -u github.com/kisielk/errcheck; \
$(GO) install github.com/kisielk/errcheck@8ddee489636a8311a376fc92e27a6a13c6658344; \
fi
@echo "Running errcheck..."
@errcheck $(GO_PACKAGES)
.PHONY: revive
revive:
@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
GO111MODULE=off $(GO) get -u github.com/mgechev/revive; \
fi
@revive -config .revive.toml -exclude=./vendor/... ./...
.PHONY: misspell-check
misspell-check:
@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
GO111MODULE=off $(GO) get -u github.com/client9/misspell/cmd/misspell; \
fi
@echo "Running misspell-check..."
@misspell -error -i unknwon,destory $(GO_SOURCES_OWN)
.PHONY: misspell
misspell:
@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
GO111MODULE=off $(GO) get -u github.com/client9/misspell/cmd/misspell; \
fi
@echo "Running go misspell..."
@misspell -w -i unknwon $(GO_SOURCES_OWN)
.PHONY: fmt-check
fmt-check:
# get all go files and run go fmt on them
@diff=$$($(GOFMT) -d $(GO_SOURCES_OWN)); \
@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
$(GO) install mvdan.cc/gofumpt@latest; \
fi
# get all go files and run gitea-fmt (with gofmt) on them
@diff=$$($(GO) run build/code-batch-process.go gitea-fmt -l '{file-list}'); \
if [ -n "$$diff" ]; then \
echo "Please run 'make fmt' and commit the result:"; \
echo "$${diff}"; \
@ -321,22 +301,22 @@ fmt-check:
checks: checks-frontend checks-backend
.PHONY: checks-frontend
checks-frontend: svg-check
checks-frontend: lockfile-check svg-check
.PHONY: checks-backend
checks-backend: misspell-check test-vendor swagger-check swagger-validate
checks-backend: gomod-check swagger-check swagger-validate
.PHONY: lint
lint: lint-frontend lint-backend
.PHONY: lint-frontend
lint-frontend: node_modules
npx eslint --color --max-warnings=0 web_src/js build templates *.config.js
npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
npx stylelint --color --max-warnings=0 web_src/less
npx editorconfig-checker templates
.PHONY: lint-backend
lint-backend: golangci-lint revive vet
lint-backend: golangci-lint vet
.PHONY: watch
watch:
@ -350,17 +330,17 @@ watch-frontend: node-check node_modules
.PHONY: watch-backend
watch-backend: go-check
@hash air > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
GO111MODULE=off $(GO) get -u github.com/cosmtrek/air; \
$(GO) install github.com/cosmtrek/air@bedc18201271882c2be66d216d0e1a275b526ec4; \
fi
air -c .air.conf
air -c .air.toml
.PHONY: test
test: test-frontend test-backend
.PHONY: test-backend
test-backend:
@echo "Running go test with -tags '$(TEST_TAGS)'..."
@$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='$(TEST_TAGS)' $(GO_PACKAGES)
@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)
.PHONY: test-frontend
test-frontend: node_modules
@ -381,26 +361,29 @@ test-check:
.PHONY: test\#%
test\#%:
@echo "Running go test with -tags '$(TEST_TAGS)'..."
@$(GO) test -mod=vendor $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)
@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)
.PHONY: coverage
coverage:
GO111MODULE=on $(GO) run -mod=vendor build/gocovmerge.go integration.coverage.out $(shell find . -type f -name "coverage.out") > coverage.all
grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
GO111MODULE=on $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all || (echo "gocovmerge failed"; echo "integration.coverage.out"; cat integration.coverage.out; echo "coverage.out"; cat coverage.out; exit 1)
.PHONY: unit-test-coverage
unit-test-coverage:
@echo "Running unit-test-coverage -tags '$(TEST_TAGS)'..."
@$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
.PHONY: vendor
vendor:
$(GO) mod tidy && $(GO) mod vendor
.PHONY: test-vendor
test-vendor: vendor
@diff=$$(git diff vendor/); \
.PHONY: gomod-check
gomod-check:
@$(GO) mod tidy
@diff=$$(git diff go.sum); \
if [ -n "$$diff" ]; then \
echo "Please run 'make vendor' and commit the result:"; \
echo "Please run '$(GO) mod tidy' and commit the result:"; \
echo "$${diff}"; \
exit 1; \
fi
@ -528,22 +511,22 @@ integration-test-coverage: integrations.cover.test generate-ini-mysql
GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
integrations.mysql.test: git-check $(GO_SOURCES)
$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql.test
$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test
integrations.mysql8.test: git-check $(GO_SOURCES)
$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
integrations.pgsql.test: git-check $(GO_SOURCES)
$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
integrations.mssql.test: git-check $(GO_SOURCES)
$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mssql.test
$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mssql.test
integrations.sqlite.test: git-check $(GO_SOURCES)
$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
integrations.cover.test: git-check $(GO_SOURCES)
$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
.PHONY: migrations.mysql.test
migrations.mysql.test: $(GO_SOURCES)
@ -604,13 +587,13 @@ backend: go-check generate $(EXECUTABLE)
.PHONY: generate
generate: $(TAGS_PREREQ)
@echo "Running go generate..."
@CC= GOOS= GOARCH= $(GO) generate -mod=vendor -tags '$(TAGS)' $(GO_PACKAGES)
@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
.PHONY: release
release: frontend generate release-windows release-linux release-darwin release-copy release-compress release-sources release-docs release-check
release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check
$(DIST_DIRS):
mkdir -p $(DIST_DIRS)
@ -659,7 +642,7 @@ release-check: | $(DIST_DIRS)
.PHONY: release-compress
release-compress: | $(DIST_DIRS)
@hash gxz > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
GO111MODULE=off $(GO) get -u github.com/ulikunitz/xz/cmd/gxz; \
$(GO) install github.com/ulikunitz/xz/cmd/gxz@v0.5.10; \
fi
cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;
@ -682,6 +665,16 @@ docs:
fi
cd docs; make trans-copy clean build-offline;
.PHONY: deps
deps: deps-frontend deps-backend
.PHONY: deps-frontend
deps-frontend: node_modules
.PHONY: deps-backend
deps-backend:
$(GO) mod download
node_modules: package-lock.json
npm install --no-save
@touch node_modules
@ -699,7 +692,9 @@ fomantic:
cd $(FOMANTIC_WORK_DIR) && npm install --no-save
cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
cp -f web_src/js/vendor/dropdown.js $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/definitions/modules
cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*
.PHONY: webpack
webpack: $(WEBPACK_DEST)
@ -725,6 +720,17 @@ svg-check: svg
exit 1; \
fi
.PHONY: lockfile-check
lockfile-check:
npm install --package-lock-only
@diff=$$(git diff package-lock.json); \
if [ -n "$$diff" ]; then \
echo "package-lock.json is inconsistent with package.json"; \
echo "Please run 'npm install --package-lock-only' and commit the result:"; \
echo "$${diff}"; \
exit 1; \
fi
.PHONY: update-translations
update-translations:
mkdir -p ./translations
@ -761,13 +767,23 @@ pr\#%: clean-all
$(GO) run contrib/pr/checkout.go $*
.PHONY: golangci-lint
golangci-lint:
@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
export BINARY="golangci-lint"; \
curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.37.0; \
fi
golangci-lint: golangci-lint-check
golangci-lint run --timeout 10m
.PHONY: golangci-lint-check
golangci-lint-check:
$(eval GOLANGCI_LINT_VERSION := $(shell printf "%03d%03d%03d" $(shell golangci-lint --version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
$(eval MIN_GOLANGCI_LINT_VER_FMT := $(shell printf "%g.%g.%g" $(shell echo $(MIN_GOLANGCI_LINT_VERSION) | grep -o ...)))
@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
echo "Downloading golangci-lint v${MIN_GOLANGCI_LINT_VER_FMT}"; \
export BINARY="golangci-lint"; \
curl -sfL "https://raw.githubusercontent.com/golangci/golangci-lint/v${MIN_GOLANGCI_LINT_VER_FMT}/install.sh" | sh -s -- -b $(GOPATH)/bin v$(MIN_GOLANGCI_LINT_VER_FMT); \
elif [ "$(GOLANGCI_LINT_VERSION)" -lt "$(MIN_GOLANGCI_LINT_VERSION)" ]; then \
echo "Downloading newer version of golangci-lint v${MIN_GOLANGCI_LINT_VER_FMT}"; \
export BINARY="golangci-lint"; \
curl -sfL "https://raw.githubusercontent.com/golangci/golangci-lint/v${MIN_GOLANGCI_LINT_VER_FMT}/install.sh" | sh -s -- -b $(GOPATH)/bin v$(MIN_GOLANGCI_LINT_VER_FMT); \
fi
.PHONY: docker
docker:
docker build --disable-content-trust=false -t $(DOCKER_REF) .

15
README.md
View file

@ -12,13 +12,10 @@
<a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
<img src="https://img.shields.io/discord/322538954119184384.svg">
</a>
<a href="https://microbadger.com/images/gitea/gitea" title="Get your own image badge on microbadger.com">
<img src="https://images.microbadger.com/badges/image/gitea/gitea.svg">
</a>
<a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
<img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
</a>
<a href="https://godoc.org/code.gitea.io/gitea" title="Go Report Card">
<a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
<img src="https://goreportcard.com/badge/code.gitea.io/gitea">
</a>
<a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
@ -39,8 +36,8 @@
<a href="https://crowdin.com/project/gitea" title="Crowdin">
<img src="https://badges.crowdin.net/gitea/localized.svg">
</a>
<a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea" title="TODOs">
<img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea">
<a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
<img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
</a>
<a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
<img src="https://img.shields.io/bountysource/team/gitea/activity">
@ -70,14 +67,14 @@ From the root of the source tree, run:
TAGS="bindata" make build
or if sqlite support is required:
or if SQLite support is required:
TAGS="bindata sqlite sqlite_unlock_notify" make build
The `build` target is split into two sub-targets:
- `make backend` which requires [Go 1.13](https://golang.org/dl/) or greater.
- `make frontend` which requires [Node.js 12.17](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
- `make backend` which requires [Go 1.16](https://golang.org/dl/) or greater.
- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.

9
README_ZH.md
View file

@ -12,13 +12,10 @@
<a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
<img src="https://img.shields.io/discord/322538954119184384.svg">
</a>
<a href="https://microbadger.com/images/gitea/gitea" title="Get your own image badge on microbadger.com">
<img src="https://images.microbadger.com/badges/image/gitea/gitea.svg">
</a>
<a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
<img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
</a>
<a href="https://godoc.org/code.gitea.io/gitea" title="Go Report Card">
<a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
<img src="https://goreportcard.com/badge/code.gitea.io/gitea">
</a>
<a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
@ -39,8 +36,8 @@
<a href="https://crowdin.com/project/gitea" title="Crowdin">
<img src="https://badges.crowdin.net/gitea/localized.svg">
</a>
<a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea" title="TODOs">
<img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea">
<a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
<img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
</a>
<a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
<img src="https://img.shields.io/bountysource/team/gitea/activity">

1
build.go
View file

@ -2,6 +2,7 @@
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
//go:build vendor
// +build vendor
package main

285
build/code-batch-process.go Normal file
View file

@ -0,0 +1,285 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
//go:build ignore
// +build ignore
package main
import (
"fmt"
"log"
"os"
"os/exec"
"path/filepath"
"regexp"
"strconv"
"strings"
"code.gitea.io/gitea/build/codeformat"
)
// Windows has a limitation for command line arguments, the size can not exceed 32KB.
// So we have to feed the files to some tools (like gofmt/misspell) batch by batch
// We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.
var optionLogVerbose bool
func logVerbose(msg string, args ...interface{}) {
if optionLogVerbose {
log.Printf(msg, args...)
}
}
func passThroughCmd(cmd string, args []string) error {
foundCmd, err := exec.LookPath(cmd)
if err != nil {
log.Fatalf("can not find cmd: %s", cmd)
}
c := exec.Cmd{
Path: foundCmd,
Args: args,
Stdin: os.Stdin,
Stdout: os.Stdout,
Stderr: os.Stderr,
}
return c.Run()
}
type fileCollector struct {
dirs []string
includePatterns []*regexp.Regexp
excludePatterns []*regexp.Regexp
batchSize int
}
func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error) {
co := &fileCollector{batchSize: batchSize}
if fileFilter == "go-own" {
co.dirs = []string{
"build",
"cmd",
"contrib",
"integrations",
"models",
"modules",
"routers",
"services",
"tools",
}
co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`services/gitdiff/testdata`))
}
if co.dirs == nil {
return nil, fmt.Errorf("unknown file-filter: %s", fileFilter)
}
return co, nil
}
func (fc *fileCollector) matchPatterns(path string, regexps []*regexp.Regexp) bool {
path = strings.ReplaceAll(path, "\\", "/")
for _, re := range regexps {
if re.MatchString(path) {
return true
}
}
return false
}
func (fc *fileCollector) collectFiles() (res [][]string, err error) {
var batch []string
for _, dir := range fc.dirs {
err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
include := len(fc.includePatterns) == 0 || fc.matchPatterns(path, fc.includePatterns)
exclude := fc.matchPatterns(path, fc.excludePatterns)
process := include && !exclude
if !process {
if d.IsDir() {
if exclude {
logVerbose("exclude dir %s", path)
return filepath.SkipDir
}
// for a directory, if it is not excluded explicitly, we should walk into
return nil
}
// for a file, we skip it if it shouldn't be processed
logVerbose("skip process %s", path)
return nil
}
if d.IsDir() {
// skip dir, we don't add dirs to the file list now
return nil
}
if len(batch) >= fc.batchSize {
res = append(res, batch)
batch = nil
}
batch = append(batch, path)
return nil
})
if err != nil {
return nil, err
}
}
res = append(res, batch)
return res, nil
}
// substArgFiles expands the {file-list} to a real file list for commands
func substArgFiles(args, files []string) []string {
for i, s := range args {
if s == "{file-list}" {
newArgs := append(args[:i], files...)
newArgs = append(newArgs, args[i+1:]...)
return newArgs
}
}
return args
}
func exitWithCmdErrors(subCmd string, subArgs []string, cmdErrors []error) {
for _, err := range cmdErrors {
if err != nil {
if exitError, ok := err.(*exec.ExitError); ok {
exitCode := exitError.ExitCode()
log.Printf("run command failed (code=%d): %s %v", exitCode, subCmd, subArgs)
os.Exit(exitCode)
} else {
log.Fatalf("run command failed (err=%s) %s %v", err, subCmd, subArgs)
}
}
}
}
func parseArgs() (mainOptions map[string]string, subCmd string, subArgs []string) {
mainOptions = map[string]string{}
for i := 1; i < len(os.Args); i++ {
arg := os.Args[i]
if arg == "" {
break
}
if arg[0] == '-' {
arg = strings.TrimPrefix(arg, "-")
arg = strings.TrimPrefix(arg, "-")
fields := strings.SplitN(arg, "=", 2)
if len(fields) == 1 {
mainOptions[fields[0]] = "1"
} else {
mainOptions[fields[0]] = fields[1]
}
} else {
subCmd = arg
subArgs = os.Args[i+1:]
break
}
}
return
}
func showUsage() {
fmt.Printf(`Usage: %[1]s [options] {command} [arguments]
Options:
--verbose
--file-filter=go-own
--batch-size=100
Commands:
%[1]s gofmt ...
%[1]s misspell ...
Arguments:
{file-list} the file list
Example:
%[1]s gofmt -s -d {file-list}
`, "file-batch-exec")
}
func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
fileFilter := mainOptions["file-filter"]
if fileFilter == "" {
fileFilter = "go-own"
}
batchSize, _ := strconv.Atoi(mainOptions["batch-size"])
if batchSize == 0 {
batchSize = 100
}
return newFileCollector(fileFilter, batchSize)
}
func containsString(a []string, s string) bool {
for _, v := range a {
if v == s {
return true
}
}
return false
}
func giteaFormatGoImports(files []string, hasChangedFiles, doWriteFile bool) error {
for _, file := range files {
if err := codeformat.FormatGoImports(file, hasChangedFiles, doWriteFile); err != nil {
log.Printf("failed to format go imports: %s, err=%v", file, err)
return err
}
}
return nil
}
func main() {
mainOptions, subCmd, subArgs := parseArgs()
if subCmd == "" {
showUsage()
os.Exit(1)
}
optionLogVerbose = mainOptions["verbose"] != ""
fc, err := newFileCollectorFromMainOptions(mainOptions)
if err != nil {
log.Fatalf("can not create file collector: %s", err.Error())
}
fileBatches, err := fc.collectFiles()
if err != nil {
log.Fatalf("can not collect files: %s", err.Error())
}
processed := 0
var cmdErrors []error
for _, files := range fileBatches {
if len(files) == 0 {
break
}
substArgs := substArgFiles(subArgs, files)
logVerbose("batch cmd: %s %v", subCmd, substArgs)
switch subCmd {
case "gitea-fmt":
if containsString(subArgs, "-d") {
log.Print("the -d option is not supported by gitea-fmt")
}
cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
cmdErrors = append(cmdErrors, passThroughCmd("gofumpt", append([]string{"-extra", "-lang", "1.16"}, substArgs...)))
case "misspell":
cmdErrors = append(cmdErrors, passThroughCmd("misspell", substArgs))
default:
log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
}
processed += len(files)
}
logVerbose("processed %d files", processed)
exitWithCmdErrors(subCmd, subArgs, cmdErrors)
}

201
build/codeformat/formatimports.go Normal file
View file

@ -0,0 +1,201 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package codeformat
import (
"bytes"
"errors"
"fmt"
"io"
"os"
"sort"
"strings"
)
var importPackageGroupOrders = map[string]int{
"": 1, // internal
"code.gitea.io/gitea/": 2,
}
var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")
var (
importBlockBegin = []byte("\nimport (\n")
importBlockEnd = []byte("\n)")
)
type importLineParsed struct {
group string
pkg string
content string
}
func parseImportLine(line string) (*importLineParsed, error) {
il := &importLineParsed{content: line}
p1 := strings.IndexRune(line, '"')
if p1 == -1 {
return nil, errors.New("invalid import line: " + line)
}
p1++
p := strings.IndexRune(line[p1:], '"')
if p == -1 {
return nil, errors.New("invalid import line: " + line)
}
p2 := p1 + p
il.pkg = line[p1:p2]
pDot := strings.IndexRune(il.pkg, '.')
pSlash := strings.IndexRune(il.pkg, '/')
if pDot != -1 && pDot < pSlash {
il.group = "domain-package"
}
for groupName := range importPackageGroupOrders {
if groupName == "" {
continue // skip internal
}
if strings.HasPrefix(il.pkg, groupName) {
il.group = groupName
}
}
return il, nil
}
type (
importLineGroup []*importLineParsed
importLineGroupMap map[string]importLineGroup
)
func formatGoImports(contentBytes []byte) ([]byte, error) {
p1 := bytes.Index(contentBytes, importBlockBegin)
if p1 == -1 {
return nil, nil
}
p1 += len(importBlockBegin)
p := bytes.Index(contentBytes[p1:], importBlockEnd)
if p == -1 {
return nil, nil
}
p2 := p1 + p
importGroups := importLineGroupMap{}
r := bytes.NewBuffer(contentBytes[p1:p2])
eof := false
for !eof {
line, err := r.ReadString('\n')
eof = err == io.EOF
if err != nil && !eof {
return nil, err
}
line = strings.TrimSpace(line)
if line != "" {
if strings.HasPrefix(line, "//") || strings.HasPrefix(line, "/*") {
return nil, errInvalidCommentBetweenImports
}
importLine, err := parseImportLine(line)
if err != nil {
return nil, err
}
importGroups[importLine.group] = append(importGroups[importLine.group], importLine)
}
}
var groupNames []string
for groupName, importLines := range importGroups {
groupNames = append(groupNames, groupName)
sort.Slice(importLines, func(i, j int) bool {
return strings.Compare(importLines[i].pkg, importLines[j].pkg) < 0
})
}
sort.Slice(groupNames, func(i, j int) bool {
n1 := groupNames[i]
n2 := groupNames[j]
o1 := importPackageGroupOrders[n1]
o2 := importPackageGroupOrders[n2]
if o1 != 0 && o2 != 0 {
return o1 < o2
}
if o1 == 0 && o2 == 0 {
return strings.Compare(n1, n2) < 0
}
return o1 != 0
})
formattedBlock := bytes.Buffer{}
for _, groupName := range groupNames {
hasNormalImports := false
hasDummyImports := false
// non-dummy import comes first
for _, importLine := range importGroups[groupName] {
if strings.HasPrefix(importLine.content, "_") {
hasDummyImports = true
} else {
formattedBlock.WriteString("\t" + importLine.content + "\n")
hasNormalImports = true
}
}
// dummy (_ "pkg") comes later
if hasDummyImports {
if hasNormalImports {
formattedBlock.WriteString("\n")
}
for _, importLine := range importGroups[groupName] {
if strings.HasPrefix(importLine.content, "_") {
formattedBlock.WriteString("\t" + importLine.content + "\n")
}
}
}
formattedBlock.WriteString("\n")
}
formattedBlockBytes := bytes.TrimRight(formattedBlock.Bytes(), "\n")
var formattedBytes []byte
formattedBytes = append(formattedBytes, contentBytes[:p1]...)
formattedBytes = append(formattedBytes, formattedBlockBytes...)
formattedBytes = append(formattedBytes, contentBytes[p2:]...)
return formattedBytes, nil
}
// FormatGoImports format the imports by our rules (see unit tests)
func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
f, err := os.Open(file)
if err != nil {
return err
}
var contentBytes []byte
{
defer f.Close()
contentBytes, err = io.ReadAll(f)
if err != nil {
return err
}
}
formattedBytes, err := formatGoImports(contentBytes)
if err != nil {
return err
}
if formattedBytes == nil {
return nil
}
if bytes.Equal(contentBytes, formattedBytes) {
return nil
}
if doChangedFiles {
fmt.Println(file)
}
if doWriteFile {
f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
if err != nil {
return err
}
defer f.Close()
_, err = f.Write(formattedBytes)
return err
}
return err
}

125
build/codeformat/formatimports_test.go Normal file
View file

@ -0,0 +1,125 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package codeformat
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestFormatImportsSimple(t *testing.T) {
formatted, err := formatGoImports([]byte(`
package codeformat
import (
"github.com/stretchr/testify/assert"
"testing"
)
`))
expected := `
package codeformat
import (
"testing"
"github.com/stretchr/testify/assert"
)
`
assert.NoError(t, err)
assert.Equal(t, expected, string(formatted))
}
func TestFormatImportsGroup(t *testing.T) {
// gofmt/goimports won't group the packages, for example, they produce such code:
// "bytes"
// "image"
// (a blank line)
// "fmt"
// "image/color/palette"
// our formatter does better, and these packages are grouped into one.
formatted, err := formatGoImports([]byte(`
package test
import (
"bytes"
"fmt"
"image"
"image/color"
_ "image/gif" // for processing gif images
_ "image/jpeg" // for processing jpeg images
_ "image/png" // for processing png images
"code.gitea.io/other/package"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"xorm.io/the/package"
"github.com/issue9/identicon"
"github.com/nfnt/resize"
"github.com/oliamb/cutter"
)
`))
expected := `
package test
import (
"bytes"
"fmt"
"image"
"image/color"
_ "image/gif" // for processing gif images
_ "image/jpeg" // for processing jpeg images
_ "image/png" // for processing png images
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/other/package"
"github.com/issue9/identicon"
"github.com/nfnt/resize"
"github.com/oliamb/cutter"
"xorm.io/the/package"
)
`
assert.NoError(t, err)
assert.Equal(t, expected, string(formatted))
}
func TestFormatImportsInvalidComment(t *testing.T) {
// why we shouldn't write comments between imports: it breaks the grouping of imports
// for example:
// "pkg1"
// "pkg2"
// // a comment
// "pkgA"
// "pkgB"
// the comment splits the packages into two groups, pkg1/2 are sorted separately, pkgA/B are sorted separately
// we don't want such code, so the code should be:
// "pkg1"
// "pkg2"
// "pkgA" // a comment
// "pkgB"
_, err := formatGoImports([]byte(`
package test
import (
"image/jpeg"
// for processing gif images
"image/gif"
)
`))
assert.ErrorIs(t, err, errInvalidCommentBetweenImports)
}

16
build/generate-bindata.go
View file

@ -2,6 +2,7 @@
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
//go:build ignore
// +build ignore
package main
@ -10,7 +11,6 @@ import (
"bytes"
"crypto/sha1"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
@ -20,14 +20,14 @@ import (
"github.com/shurcooL/vfsgen"
)
func needsUpdate(dir string, filename string) (bool, []byte) {
func needsUpdate(dir, filename string) (bool, []byte) {
needRegen := false
_, err := os.Stat(filename)
if err != nil {
needRegen = true
}
oldHash, err := ioutil.ReadFile(filename + ".hash")
oldHash, err := os.ReadFile(filename + ".hash")
if err != nil {
oldHash = []byte{}
}
@ -50,7 +50,6 @@ func needsUpdate(dir string, filename string) (bool, []byte) {
newHash := hasher.Sum([]byte{})
if bytes.Compare(oldHash, newHash) != 0 {
return true, newHash
}
@ -58,11 +57,15 @@ func needsUpdate(dir string, filename string) (bool, []byte) {
}
func main() {
if len(os.Args) != 4 {
if len(os.Args) < 4 {
log.Fatal("Insufficient number of arguments. Need: directory packageName filename")
}
dir, packageName, filename := os.Args[1], os.Args[2], os.Args[3]
var useGlobalModTime bool
if len(os.Args) == 5 {
useGlobalModTime, _ = strconv.ParseBool(os.Args[4])
}
update, newHash := needsUpdate(dir, filename)
@ -78,9 +81,10 @@ func main() {
BuildTags: "bindata",
VariableName: "Assets",
Filename: filename,
UseGlobalModTime: useGlobalModTime,
})
if err != nil {
log.Fatalf("%v\n", err)
}
_ = ioutil.WriteFile(filename+".hash", newHash, 0666)
_ = os.WriteFile(filename+".hash", newHash, 0o666)
}

20
build/generate-emoji.go
View file

@ -3,6 +3,7 @@
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
//go:build ignore
// +build ignore
package main
@ -11,16 +12,17 @@ import (
"flag"
"fmt"
"go/format"
"io/ioutil"
"io"
"log"
"net/http"
"os"
"regexp"
"sort"
"strconv"
"strings"
"unicode/utf8"
jsoniter "github.com/json-iterator/go"
"code.gitea.io/gitea/modules/json"
)
const (
@ -28,9 +30,7 @@ const (
maxUnicodeVersion = 12
)
var (
flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
)
var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
// Gemoji is a set of emoji data.
type Gemoji []Emoji
@ -51,7 +51,6 @@ func (e Emoji) MarshalJSON() ([]byte, error) {
x.UnicodeVersion = ""
x.Description = ""
x.SkinTones = false
json := jsoniter.ConfigCompatibleWithStandardLibrary
return json.Marshal(x)
}
@ -67,7 +66,7 @@ func main() {
}
// write
err = ioutil.WriteFile(*flagOut, buf, 0644)
err = os.WriteFile(*flagOut, buf, 0o644)
if err != nil {
log.Fatal(err)
}
@ -96,20 +95,19 @@ func generate() ([]byte, error) {
defer res.Body.Close()
// read all
body, err := ioutil.ReadAll(res.Body)
body, err := io.ReadAll(res.Body)
if err != nil {
return nil, err
}
// unmarshal
var data Gemoji
json := jsoniter.ConfigCompatibleWithStandardLibrary
err = json.Unmarshal(body, &data)
if err != nil {
return nil, err
}
var skinTones = make(map[string]string)
skinTones := make(map[string]string)
skinTones["\U0001f3fb"] = "Light Skin Tone"
skinTones["\U0001f3fc"] = "Medium-Light Skin Tone"
@ -158,7 +156,7 @@ func generate() ([]byte, error) {
// write a JSON file to use with tribute (write before adding skin tones since we can't support them there yet)
file, _ := json.Marshal(data)
_ = ioutil.WriteFile("assets/emoji.json", file, 0644)
_ = os.WriteFile("assets/emoji.json", file, 0o644)
// Add skin tones to emoji that support it
var (

11
build/generate-gitignores.go
View file

@ -1,3 +1,4 @@
//go:build ignore
// +build ignore
package main
@ -8,7 +9,6 @@ import (
"flag"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"os"
@ -33,8 +33,7 @@ func main() {
flag.StringVar(&githubApiToken, "token", "", "github api token")
flag.Parse()
file, err := ioutil.TempFile(os.TempDir(), prefix)
file, err := os.CreateTemp(os.TempDir(), prefix)
if err != nil {
log.Fatalf("Failed to create temp file. %s", err)
}
@ -65,7 +64,6 @@ func main() {
}
gz, err := gzip.NewReader(file)
if err != nil {
log.Fatalf("Failed to gunzip the archive. %s", err)
}
@ -96,7 +94,6 @@ func main() {
}
out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")))
if err != nil {
log.Fatalf("Failed to create new file. %s", err)
}
@ -113,13 +110,13 @@ func main() {
for dst, src := range filesToCopy {
// Read all content of src to data
src = path.Join(destination, src)
data, err := ioutil.ReadFile(src)
data, err := os.ReadFile(src)
if err != nil {
log.Fatalf("Failed to read src file. %s", err)
}
// Write data to dst
dst = path.Join(destination, dst)
err = ioutil.WriteFile(dst, data, 0644)
err = os.WriteFile(dst, data, 0o644)
if err != nil {
log.Fatalf("Failed to write new file. %s", err)
}

7
build/generate-images.js
View file

@ -1,5 +1,5 @@
import imageminZopfli from 'imagemin-zopfli';
import {optimize, extendDefaultPlugins} from 'svgo';
import {optimize} from 'svgo';
import {fabric} from 'fabric';
import fs from 'fs';
import {resolve, dirname} from 'path';
@ -25,13 +25,14 @@ function loadSvg(svg) {
async function generate(svg, outputFile, {size, bg}) {
if (outputFile.endsWith('.svg')) {
const {data} = optimize(svg, {
plugins: extendDefaultPlugins([
plugins: [
'preset-default',
'removeDimensions',
{
name: 'addAttributesToSVGElement',
params: {attributes: [{width: size}, {height: size}]}
},
]),
],
});
await writeFile(outputFile, data);
return;

7
build/generate-licenses.go
View file

@ -1,3 +1,4 @@
//go:build ignore
// +build ignore
package main
@ -8,7 +9,6 @@ import (
"flag"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"os"
@ -33,8 +33,7 @@ func main() {
flag.StringVar(&githubApiToken, "token", "", "github api token")
flag.Parse()
file, err := ioutil.TempFile(os.TempDir(), prefix)
file, err := os.CreateTemp(os.TempDir(), prefix)
if err != nil {
log.Fatalf("Failed to create temp file. %s", err)
}
@ -66,7 +65,6 @@ func main() {
}
gz, err := gzip.NewReader(file)
if err != nil {
log.Fatalf("Failed to gunzip the archive. %s", err)
}
@ -100,7 +98,6 @@ func main() {
continue
}
out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
if err != nil {
log.Fatalf("Failed to create new file. %s", err)
}

22
build/generate-svg.js
View file

@ -1,5 +1,5 @@
import fastGlob from 'fast-glob';
import {optimize, extendDefaultPlugins} from 'svgo';
import {optimize} from 'svgo';
import {resolve, parse, dirname} from 'path';
import fs from 'fs';
import {fileURLToPath} from 'url';
@ -26,18 +26,14 @@ async function processFile(file, {prefix, fullName} = {}) {
}
const {data} = optimize(await readFile(file, 'utf8'), {
plugins: extendDefaultPlugins([
'removeXMLNS',
'removeDimensions',
{
name: 'addClassesToSVGElement',
params: {classNames: ['svg', name]},
},
{
name: 'addAttributesToSVGElement',
params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]},
},
]),
plugins: [
{name: 'preset-default'},
{name: 'removeXMLNS'},
{name: 'removeDimensions'},
{name: 'prefixIds', params: {prefix: () => name}},
{name: 'addClassesToSVGElement', params: {classNames: ['svg', name]}},
{name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
],
});
await writeFile(resolve(outputDir, `${name}.svg`), data);
}

27
build/gitea-format-imports.go Normal file
View file

@ -0,0 +1,27 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
//go:build ignore
// +build ignore
package main
import (
"log"
"os"
"code.gitea.io/gitea/build/codeformat"
)
func main() {
if len(os.Args) <= 1 {
log.Fatalf("Usage: gitea-format-imports [files...]")
}
for _, file := range os.Args[1:] {
if err := codeformat.FormatGoImports(file); err != nil {
log.Fatalf("can not format file %s, err=%v", file, err)
}
}
}

5
build/gocovmerge.go
View file

@ -6,6 +6,7 @@
// gocovmerge takes the results from multiple `go test -coverprofile` runs and
// merges them into one profile
//go:build ignore
// +build ignore
package main
@ -21,7 +22,7 @@ import (
"golang.org/x/tools/cover"
)
func mergeProfiles(p *cover.Profile, merge *cover.Profile) {
func mergeProfiles(p, merge *cover.Profile) {
if p.Mode != merge.Mode {
log.Fatalf("cannot merge profiles with different modes")
}
@ -108,7 +109,7 @@ func main() {
for _, file := range flag.Args() {
profiles, err := cover.ParseProfiles(file)
if err != nil {
log.Fatalf("failed to parse profiles: %v", err)
log.Fatalf("failed to parse profile '%s': %v", file, err)
}
for _, p := range profiles {
merged = addProfile(merged, p)

24
build/test-env-check.sh Executable file
View file

@ -0,0 +1,24 @@
#!/bin/sh
set -e
if [ ! -f ./build/test-env-check.sh ]; then
echo "${0} can only be executed in gitea source root directory"
exit 1
fi
echo "check uid ..."
# the uid of gitea defined in "https://gitea.com/gitea/test-env" is 1000
gitea_uid=$(id -u gitea)
if [ "$gitea_uid" != "1000" ]; then
echo "The uid of linux user 'gitea' is expected to be 1000, but it is $gitea_uid"
exit 1
fi
cur_uid=$(id -u)
if [ "$cur_uid" != "0" -a "$cur_uid" != "$gitea_uid" ]; then
echo "The uid of current linux user is expected to be 0 or $gitea_uid, but it is $cur_uid"
exit 1
fi

11
build/test-env-prepare.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
set -e
if [ ! -f ./build/test-env-prepare.sh ]; then
echo "${0} can only be executed in gitea source root directory"
exit 1
fi
echo "change the owner of files to gitea ..."
chown -R gitea:gitea .

374
cmd/admin.go
View file

@ -14,7 +14,10 @@ import (
"text/tabwriter"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/oauth2"
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/graceful"
"code.gitea.io/gitea/modules/log"
@ -22,6 +25,11 @@ import (
repo_module "code.gitea.io/gitea/modules/repository"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
auth_service "code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/auth/source/oauth2"
"code.gitea.io/gitea/services/auth/source/smtp"
repo_service "code.gitea.io/gitea/services/repository"
user_service "code.gitea.io/gitea/services/user"
"github.com/urfave/cli"
)
@ -183,6 +191,8 @@ var (
cmdAuthUpdateLdapBindDn,
cmdAuthAddLdapSimpleAuth,
cmdAuthUpdateLdapSimpleAuth,
microcmdAuthAddSMTP,
microcmdAuthUpdateSMTP,
microcmdAuthList,
microcmdAuthDelete,
},
@ -288,6 +298,40 @@ var (
Value: "",
Usage: "Custom icon URL for OAuth2 login source",
},
cli.BoolFlag{
Name: "skip-local-2fa",
Usage: "Set to true to skip local 2fa for users authenticated by this source",
},
cli.StringSliceFlag{
Name: "scopes",
Value: nil,
Usage: "Scopes to request when to authenticate against this OAuth2 source",
},
cli.StringFlag{
Name: "required-claim-name",
Value: "",
Usage: "Claim name that has to be set to allow users to login with this source",
},
cli.StringFlag{
Name: "required-claim-value",
Value: "",
Usage: "Claim value that has to be set to allow users to login with this source",
},
cli.StringFlag{
Name: "group-claim-name",
Value: "",
Usage: "Claim name providing group names for this source",
},
cli.StringFlag{
Name: "admin-group",
Value: "",
Usage: "Group Claim value for administrator users",
},
cli.StringFlag{
Name: "restricted-group",
Value: "",
Usage: "Group Claim value for restricted users",
},
}
microcmdAuthUpdateOauth = cli.Command{
@ -325,6 +369,72 @@ var (
},
},
}
smtpCLIFlags = []cli.Flag{
cli.StringFlag{
Name: "name",
Value: "",
Usage: "Application Name",
},
cli.StringFlag{
Name: "auth-type",
Value: "PLAIN",
Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
},
cli.StringFlag{
Name: "host",
Value: "",
Usage: "SMTP Host",
},
cli.IntFlag{
Name: "port",
Usage: "SMTP Port",
},
cli.BoolTFlag{
Name: "force-smtps",
Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
},
cli.BoolTFlag{
Name: "skip-verify",
Usage: "Skip TLS verify.",
},
cli.StringFlag{
Name: "helo-hostname",
Value: "",
Usage: "Hostname sent with HELO. Leave blank to send current hostname",
},
cli.BoolTFlag{
Name: "disable-helo",
Usage: "Disable SMTP helo.",
},
cli.StringFlag{
Name: "allowed-domains",
Value: "",
Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",
},
cli.BoolTFlag{
Name: "skip-local-2fa",
Usage: "Skip 2FA to log on.",
},
cli.BoolTFlag{
Name: "active",
Usage: "This Authentication Source is Activated.",
},
}
microcmdAuthAddSMTP = cli.Command{
Name: "add-smtp",
Usage: "Add new SMTP authentication source",
Action: runAddSMTP,
Flags: smtpCLIFlags,
}
microcmdAuthUpdateSMTP = cli.Command{
Name: "update-smtp",
Usage: "Update existing SMTP authentication source",
Action: runUpdateSMTP,
Flags: append(smtpCLIFlags[:1], append([]cli.Flag{idFlag}, smtpCLIFlags[1:]...)...),
}
)
func runChangePassword(c *cli.Context) error {
@ -332,9 +442,16 @@ func runChangePassword(c *cli.Context) error {
return err
}
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
if len(c.String("password")) < setting.MinPasswordLength {
return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
}
if !pwd.IsComplexEnough(c.String("password")) {
return errors.New("Password does not meet complexity requirements")
}
@ -346,7 +463,7 @@ func runChangePassword(c *cli.Context) error {
return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
}
uname := c.String("username")
user, err := models.GetUserByName(uname)
user, err := user_model.GetUserByName(uname)
if err != nil {
return err
}
@ -354,7 +471,7 @@ func runChangePassword(c *cli.Context) error {
return err
}
if err = models.UpdateUserCols(user, "passwd", "passwd_hash_algo", "salt"); err != nil {
if err = user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
return err
}
@ -386,7 +503,10 @@ func runCreateUser(c *cli.Context) error {
fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
}
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
@ -405,11 +525,11 @@ func runCreateUser(c *cli.Context) error {
}
// always default to true
var changePassword = true
changePassword := true
// If this is the first user being created.
// Take it as the admin and don't force a password update.
if n := models.CountUsers(); n == 0 {
if n := user_model.CountUsers(); n == 0 {
changePassword = false
}
@ -417,7 +537,7 @@ func runCreateUser(c *cli.Context) error {
changePassword = c.Bool("must-change-password")
}
u := &models.User{
u := &user_model.User{
Name: username,
Email: c.String("email"),
Passwd: password,
@ -427,7 +547,7 @@ func runCreateUser(c *cli.Context) error {
Theme: setting.UI.DefaultTheme,
}
if err := models.CreateUser(u); err != nil {
if err := user_model.CreateUser(u); err != nil {
return fmt.Errorf("CreateUser: %v", err)
}
@ -449,12 +569,14 @@ func runCreateUser(c *cli.Context) error {
}
func runListUsers(c *cli.Context) error {
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
users, err := models.GetAllUsers()
users, err := user_model.GetAllUsers()
if err != nil {
return err
}
@ -478,7 +600,6 @@ func runListUsers(c *cli.Context) error {
w.Flush()
return nil
}
func runDeleteUser(c *cli.Context) error {
@ -486,7 +607,10 @@ func runDeleteUser(c *cli.Context) error {
return fmt.Errorf("You must provide the id, username or email of a user to delete")
}
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
@ -495,13 +619,13 @@ func runDeleteUser(c *cli.Context) error {
}
var err error
var user *models.User
var user *user_model.User
if c.IsSet("email") {
user, err = models.GetUserByEmail(c.String("email"))
user, err = user_model.GetUserByEmail(c.String("email"))
} else if c.IsSet("username") {
user, err = models.GetUserByName(c.String("username"))
user, err = user_model.GetUserByName(c.String("username"))
} else {
user, err = models.GetUserByID(c.Int64("id"))
user, err = user_model.GetUserByID(c.Int64("id"))
}
if err != nil {
return err
@ -514,18 +638,21 @@ func runDeleteUser(c *cli.Context) error {
return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
}
return models.DeleteUser(user)
return user_service.DeleteUser(user)
}
func runRepoSyncReleases(_ *cli.Context) error {
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
log.Trace("Synchronizing repository releases (this may take a while)")
for page := 1; ; page++ {
repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
ListOptions: models.ListOptions{
ListOptions: db.ListOptions{
PageSize: models.RepositoryListDefaultPageSize,
Page: page,
},
@ -540,7 +667,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
log.Trace("Processing next %d repos of %d", len(repos), count)
for _, repo := range repos {
log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())
gitRepo, err := git.OpenRepository(repo.RepoPath())
gitRepo, err := git.OpenRepositoryCtx(ctx, repo.RepoPath())
if err != nil {
log.Warn("OpenRepository: %v", err)
continue
@ -584,20 +711,26 @@ func getReleaseCount(id int64) (int64, error) {
}
func runRegenerateHooks(_ *cli.Context) error {
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
return repo_module.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
}
func runRegenerateKeys(_ *cli.Context) error {
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
return models.RewriteAllPublicKeys()
return asymkey_model.RewriteAllPublicKeys()
}
func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
func parseOAuth2Config(c *cli.Context) *oauth2.Source {
var customURLMapping *oauth2.CustomURLMapping
if c.IsSet("use-custom-urls") {
customURLMapping = &oauth2.CustomURLMapping{
@ -609,25 +742,35 @@ func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
} else {
customURLMapping = nil
}
return &models.OAuth2Config{
return &oauth2.Source{
Provider: c.String("provider"),
ClientID: c.String("key"),
ClientSecret: c.String("secret"),
OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
CustomURLMapping: customURLMapping,
IconURL: c.String("icon-url"),
SkipLocalTwoFA: c.Bool("skip-local-2fa"),
Scopes: c.StringSlice("scopes"),
RequiredClaimName: c.String("required-claim-name"),
RequiredClaimValue: c.String("required-claim-value"),
GroupClaimName: c.String("group-claim-name"),
AdminGroup: c.String("admin-group"),
RestrictedGroup: c.String("restricted-group"),
}
}
func runAddOauth(c *cli.Context) error {
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
return models.CreateLoginSource(&models.LoginSource{
Type: models.LoginOAuth2,
return auth.CreateSource(&auth.Source{
Type: auth.OAuth2,
Name: c.String("name"),
IsActived: true,
IsActive: true,
Cfg: parseOAuth2Config(c),
})
}
@ -637,16 +780,19 @@ func runUpdateOauth(c *cli.Context) error {
return fmt.Errorf("--id flag is missing")
}
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
source, err := models.GetLoginSourceByID(c.Int64("id"))
source, err := auth.GetSourceByID(c.Int64("id"))
if err != nil {
return err
}
oAuth2Config := source.OAuth2()
oAuth2Config := source.Cfg.(*oauth2.Source)
if c.IsSet("name") {
source.Name = c.String("name")
@ -672,8 +818,29 @@ func runUpdateOauth(c *cli.Context) error {
oAuth2Config.IconURL = c.String("icon-url")
}
if c.IsSet("scopes") {
oAuth2Config.Scopes = c.StringSlice("scopes")
}
if c.IsSet("required-claim-name") {
oAuth2Config.RequiredClaimName = c.String("required-claim-name")
}
if c.IsSet("required-claim-value") {
oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
}
if c.IsSet("group-claim-name") {
oAuth2Config.GroupClaimName = c.String("group-claim-name")
}
if c.IsSet("admin-group") {
oAuth2Config.AdminGroup = c.String("admin-group")
}
if c.IsSet("restricted-group") {
oAuth2Config.RestrictedGroup = c.String("restricted-group")
}
// update custom URL mapping
var customURLMapping = &oauth2.CustomURLMapping{}
customURLMapping := &oauth2.CustomURLMapping{}
if oAuth2Config.CustomURLMapping != nil {
customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
@ -700,16 +867,130 @@ func runUpdateOauth(c *cli.Context) error {
oAuth2Config.CustomURLMapping = customURLMapping
source.Cfg = oAuth2Config
return models.UpdateSource(source)
return auth.UpdateSource(source)
}
func runListAuth(c *cli.Context) error {
if err := initDB(); err != nil {
func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
if c.IsSet("auth-type") {
conf.Auth = c.String("auth-type")
validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
}
conf.Auth = c.String("auth-type")
}
if c.IsSet("host") {
conf.Host = c.String("host")
}
if c.IsSet("port") {
conf.Port = c.Int("port")
}
if c.IsSet("allowed-domains") {
conf.AllowedDomains = c.String("allowed-domains")
}
if c.IsSet("force-smtps") {
conf.ForceSMTPS = c.BoolT("force-smtps")
}
if c.IsSet("skip-verify") {
conf.SkipVerify = c.BoolT("skip-verify")
}
if c.IsSet("helo-hostname") {
conf.HeloHostname = c.String("helo-hostname")
}
if c.IsSet("disable-helo") {
conf.DisableHelo = c.BoolT("disable-helo")
}
if c.IsSet("skip-local-2fa") {
conf.SkipLocalTwoFA = c.BoolT("skip-local-2fa")
}
return nil
}
func runAddSMTP(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
loginSources, err := models.LoginSources()
if !c.IsSet("name") || len(c.String("name")) == 0 {
return errors.New("name must be set")
}
if !c.IsSet("host") || len(c.String("host")) == 0 {
return errors.New("host must be set")
}
if !c.IsSet("port") {
return errors.New("port must be set")
}
active := true
if c.IsSet("active") {
active = c.BoolT("active")
}
var smtpConfig smtp.Source
if err := parseSMTPConfig(c, &smtpConfig); err != nil {
return err
}
// If not set default to PLAIN
if len(smtpConfig.Auth) == 0 {
smtpConfig.Auth = "PLAIN"
}
return auth.CreateSource(&auth.Source{
Type: auth.SMTP,
Name: c.String("name"),
IsActive: active,
Cfg: &smtpConfig,
})
}
func runUpdateSMTP(c *cli.Context) error {
if !c.IsSet("id") {
return fmt.Errorf("--id flag is missing")
}
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
source, err := auth.GetSourceByID(c.Int64("id"))
if err != nil {
return err
}
smtpConfig := source.Cfg.(*smtp.Source)
if err := parseSMTPConfig(c, smtpConfig); err != nil {
return err
}
if c.IsSet("name") {
source.Name = c.String("name")
}
if c.IsSet("active") {
source.IsActive = c.BoolT("active")
}
source.Cfg = smtpConfig
return auth.UpdateSource(source)
}
func runListAuth(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
authSources, err := auth.Sources()
if err != nil {
return err
}
@ -727,8 +1008,8 @@ func runListAuth(c *cli.Context) error {
// loop through each source and print
w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)
fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
for _, source := range loginSources {
fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
for _, source := range authSources {
fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, source.Type.String(), source.IsActive)
}
w.Flush()
@ -740,14 +1021,17 @@ func runDeleteAuth(c *cli.Context) error {
return fmt.Errorf("--id flag is missing")
}
if err := initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
source, err := models.GetLoginSourceByID(c.Int64("id"))
source, err := auth.GetSourceByID(c.Int64("id"))
if err != nil {
return err
}
return models.DeleteSource(source)
return auth_service.DeleteSource(source)
}

167
cmd/admin_auth_ldap.go
View file

@ -5,21 +5,22 @@
package cmd
import (
"context"
"fmt"
"strings"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth/ldap"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/services/auth/source/ldap"
"github.com/urfave/cli"
)
type (
authService struct {
initDB func() error
createLoginSource func(loginSource *models.LoginSource) error
updateLoginSource func(loginSource *models.LoginSource) error
getLoginSourceByID func(id int64) (*models.LoginSource, error)
initDB func(ctx context.Context) error
createAuthSource func(*auth.Source) error
updateAuthSource func(*auth.Source) error
getAuthSourceByID func(id int64) (*auth.Source, error)
}
)
@ -89,6 +90,14 @@ var (
Name: "public-ssh-key-attribute",
Usage: "The attribute of the users LDAP record containing the users public ssh key.",
},
cli.BoolFlag{
Name: "skip-local-2fa",
Usage: "Set to true to skip local 2fa for users authenticated by this source",
},
cli.StringFlag{
Name: "avatar-attribute",
Usage: "The attribute of the users LDAP record containing the users avatar.",
},
}
ldapBindDnCLIFlags = append(commonLdapCLIFlags,
@ -160,90 +169,96 @@ var (
func newAuthService() *authService {
return &authService{
initDB: initDB,
createLoginSource: models.CreateLoginSource,
updateLoginSource: models.UpdateSource,
getLoginSourceByID: models.GetLoginSourceByID,
createAuthSource: auth.CreateSource,
updateAuthSource: auth.UpdateSource,
getAuthSourceByID: auth.GetSourceByID,
}
}
// parseLoginSource assigns values on loginSource according to command line flags.
func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) {
// parseAuthSource assigns values on authSource according to command line flags.
func parseAuthSource(c *cli.Context, authSource *auth.Source) {
if c.IsSet("name") {
loginSource.Name = c.String("name")
authSource.Name = c.String("name")
}
if c.IsSet("not-active") {
loginSource.IsActived = !c.Bool("not-active")
authSource.IsActive = !c.Bool("not-active")
}
if c.IsSet("synchronize-users") {
loginSource.IsSyncEnabled = c.Bool("synchronize-users")
authSource.IsSyncEnabled = c.Bool("synchronize-users")
}
}
// parseLdapConfig assigns values on config according to command line flags.
func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
if c.IsSet("name") {
config.Source.Name = c.String("name")
config.Name = c.String("name")
}
if c.IsSet("host") {
config.Source.Host = c.String("host")
config.Host = c.String("host")
}
if c.IsSet("port") {
config.Source.Port = c.Int("port")
config.Port = c.Int("port")
}
if c.IsSet("security-protocol") {
p, ok := findLdapSecurityProtocolByName(c.String("security-protocol"))
if !ok {
return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol"))
}
config.Source.SecurityProtocol = p
config.SecurityProtocol = p
}
if c.IsSet("skip-tls-verify") {
config.Source.SkipVerify = c.Bool("skip-tls-verify")
config.SkipVerify = c.Bool("skip-tls-verify")
}
if c.IsSet("bind-dn") {
config.Source.BindDN = c.String("bind-dn")
config.BindDN = c.String("bind-dn")
}
if c.IsSet("user-dn") {
config.Source.UserDN = c.String("user-dn")
config.UserDN = c.String("user-dn")
}
if c.IsSet("bind-password") {
config.Source.BindPassword = c.String("bind-password")
config.BindPassword = c.String("bind-password")
}
if c.IsSet("user-search-base") {
config.Source.UserBase = c.String("user-search-base")
config.UserBase = c.String("user-search-base")
}
if c.IsSet("username-attribute") {
config.Source.AttributeUsername = c.String("username-attribute")
config.AttributeUsername = c.String("username-attribute")
}
if c.IsSet("firstname-attribute") {
config.Source.AttributeName = c.String("firstname-attribute")
config.AttributeName = c.String("firstname-attribute")
}
if c.IsSet("surname-attribute") {
config.Source.AttributeSurname = c.String("surname-attribute")
config.AttributeSurname = c.String("surname-attribute")
}
if c.IsSet("email-attribute") {
config.Source.AttributeMail = c.String("email-attribute")
config.AttributeMail = c.String("email-attribute")
}
if c.IsSet("attributes-in-bind") {
config.Source.AttributesInBind = c.Bool("attributes-in-bind")
config.AttributesInBind = c.Bool("attributes-in-bind")
}
if c.IsSet("public-ssh-key-attribute") {
config.Source.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
config.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
}
if c.IsSet("avatar-attribute") {
config.AttributeAvatar = c.String("avatar-attribute")
}
if c.IsSet("page-size") {
config.Source.SearchPageSize = uint32(c.Uint("page-size"))
config.SearchPageSize = uint32(c.Uint("page-size"))
}
if c.IsSet("user-filter") {
config.Source.Filter = c.String("user-filter")
config.Filter = c.String("user-filter")
}
if c.IsSet("admin-filter") {
config.Source.AdminFilter = c.String("admin-filter")
config.AdminFilter = c.String("admin-filter")
}
if c.IsSet("restricted-filter") {
config.Source.RestrictedFilter = c.String("restricted-filter")
config.RestrictedFilter = c.String("restricted-filter")
}
if c.IsSet("allow-deactivate-all") {
config.Source.AllowDeactivateAll = c.Bool("allow-deactivate-all")
config.AllowDeactivateAll = c.Bool("allow-deactivate-all")
}
if c.IsSet("skip-local-2fa") {
config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
}
return nil
}
@ -251,7 +266,7 @@ func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
// findLdapSecurityProtocolByName finds security protocol by its name ignoring case.
// It returns the value of the security protocol and if it was found.
func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
for i, n := range models.SecurityProtocolNames {
for i, n := range ldap.SecurityProtocolNames {
if strings.EqualFold(name, n) {
return i, true
}
@ -259,23 +274,23 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
return 0, false
}
// getLoginSource gets the login source by its id defined in the command line flags.
// getAuthSource gets the login source by its id defined in the command line flags.
// It returns an error if the id is not set, does not match any source or if the source is not of expected type.
func (a *authService) getLoginSource(c *cli.Context, loginType models.LoginType) (*models.LoginSource, error) {
func (a *authService) getAuthSource(c *cli.Context, authType auth.Type) (*auth.Source, error) {
if err := argsSet(c, "id"); err != nil {
return nil, err
}
loginSource, err := a.getLoginSourceByID(c.Int64("id"))
authSource, err := a.getAuthSourceByID(c.Int64("id"))
if err != nil {
return nil, err
}
if loginSource.Type != loginType {
return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", models.LoginNames[loginType], models.LoginNames[loginSource.Type])
if authSource.Type != authType {
return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", authType.String(), authSource.Type.String())
}
return loginSource, nil
return authSource, nil
}
// addLdapBindDn adds a new LDAP via Bind DN authentication source.
@ -284,45 +299,49 @@ func (a *authService) addLdapBindDn(c *cli.Context) error {
return err
}
if err := a.initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := a.initDB(ctx); err != nil {
return err
}
loginSource := &models.LoginSource{
Type: models.LoginLDAP,
IsActived: true, // active by default
Cfg: &models.LDAPConfig{
Source: &ldap.Source{
authSource := &auth.Source{
Type: auth.LDAP,
IsActive: true, // active by default
Cfg: &ldap.Source{
Enabled: true, // always true
},
},
}
parseLoginSource(c, loginSource)
if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
parseAuthSource(c, authSource)
if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
return err
}
return a.createLoginSource(loginSource)
return a.createAuthSource(authSource)
}
// updateLdapBindDn updates a new LDAP via Bind DN authentication source.
func (a *authService) updateLdapBindDn(c *cli.Context) error {
if err := a.initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := a.initDB(ctx); err != nil {
return err
}
loginSource, err := a.getLoginSource(c, models.LoginLDAP)
authSource, err := a.getAuthSource(c, auth.LDAP)
if err != nil {
return err
}
parseLoginSource(c, loginSource)
if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
parseAuthSource(c, authSource)
if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
return err
}
return a.updateLoginSource(loginSource)
return a.updateAuthSource(authSource)
}
// addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
@ -331,43 +350,47 @@ func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
return err
}
if err := a.initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := a.initDB(ctx); err != nil {
return err
}
loginSource := &models.LoginSource{
Type: models.LoginDLDAP,
IsActived: true, // active by default
Cfg: &models.LDAPConfig{
Source: &ldap.Source{
authSource := &auth.Source{
Type: auth.DLDAP,
IsActive: true, // active by default
Cfg: &ldap.Source{
Enabled: true, // always true
},
},
}
parseLoginSource(c, loginSource)
if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
parseAuthSource(c, authSource)
if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
return err
}
return a.createLoginSource(loginSource)
return a.createAuthSource(authSource)
}
// updateLdapBindDn updates a new LDAP (simple auth) authentication source.
func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
if err := a.initDB(); err != nil {
ctx, cancel := installSignals()
defer cancel()
if err := a.initDB(ctx); err != nil {
return err
}
loginSource, err := a.getLoginSource(c, models.LoginDLDAP)
authSource, err := a.getAuthSource(c, auth.DLDAP)
if err != nil {
return err
}
parseLoginSource(c, loginSource)
if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
parseAuthSource(c, authSource)
if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
return err
}
return a.updateLoginSource(loginSource)
return a.updateAuthSource(authSource)
}

531
cmd/admin_auth_ldap_test.go
View file

File diff suppressed because it is too large Load diff

2
cmd/cert.go
View file

@ -180,7 +180,7 @@ func runCert(c *cli.Context) error {
}
log.Println("Written cert.pem")
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
if err != nil {
log.Fatalf("Failed to open key.pem for writing: %v", err)
}

48
cmd/cmd.go
View file

@ -7,11 +7,16 @@
package cmd
import (
"context"
"errors"
"fmt"
"os"
"os/signal"
"strings"
"syscall"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
@ -52,17 +57,40 @@ func confirm() (bool, error) {
}
}
func initDB() error {
return initDBDisableConsole(false)
}
func initDBDisableConsole(disableConsole bool) error {
setting.NewContext()
func initDB(ctx context.Context) error {
setting.LoadFromExisting()
setting.InitDBConfig()
setting.NewXORMLogService(false)
setting.NewXORMLogService(disableConsole)
if err := models.SetEngine(); err != nil {
return fmt.Errorf("models.SetEngine: %v", err)
if setting.Database.Type == "" {
log.Fatal(`Database settings are missing from the configuration file: %q.
Ensure you are running in the correct environment or set the correct configuration file with -c.
If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
}
if err := db.InitEngine(ctx); err != nil {
return fmt.Errorf("unable to initialise the database using the configuration in %q. Error: %v", setting.CustomConf, err)
}
return nil
}
func installSignals() (context.Context, context.CancelFunc) {
ctx, cancel := context.WithCancel(context.Background())
go func() {
// install notify
signalChannel := make(chan os.Signal, 1)
signal.Notify(
signalChannel,
syscall.SIGINT,
syscall.SIGTERM,
)
select {
case <-signalChannel:
case <-ctx.Done():
}
cancel()
signal.Reset()
}()
return ctx, cancel
}

11
cmd/convert.go
View file

@ -7,7 +7,7 @@ package cmd
import (
"fmt"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
@ -23,7 +23,10 @@ var CmdConvert = cli.Command{
}
func runConvert(ctx *cli.Context) error {
if err := initDB(); err != nil {
stdCtx, cancel := installSignals()
defer cancel()
if err := initDB(stdCtx); err != nil {
return err
}
@ -31,14 +34,14 @@ func runConvert(ctx *cli.Context) error {
log.Info("AppWorkPath: %s", setting.AppWorkPath)
log.Info("Custom path: %s", setting.CustomPath)
log.Info("Log path: %s", setting.LogRootPath)
setting.InitDBConfig()
log.Info("Configuration file: %s", setting.CustomConf)
if !setting.Database.UseMySQL {
fmt.Println("This command can only be used with a MySQL database")
return nil
}
if err := models.ConvertUtf8ToUtf8mb4(); err != nil {
if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
return err
}

6
cmd/docs.go
View file

@ -43,7 +43,11 @@ func runDocs(ctx *cli.Context) error {
// Clean up markdown. The following bug was fixed in v2, but is present in v1.
// It affects markdown output (even though the issue is referring to man pages)
// https://github.com/urfave/cli/issues/1040
docs = docs[strings.Index(docs, "#"):]
firstHashtagIndex := strings.Index(docs, "#")
if firstHashtagIndex > 0 {
docs = docs[firstHashtagIndex:]
}
}
out := os.Stdout

24
cmd/doctor.go
View file

@ -5,22 +5,20 @@
package cmd
import (
"context"
"fmt"
golog "log"
"os"
"strings"
"text/tabwriter"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/migrations"
"code.gitea.io/gitea/modules/doctor"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"xorm.io/xorm"
"github.com/urfave/cli"
"xorm.io/xorm"
)
// CmdDoctor represents the available doctor sub-command.
@ -88,7 +86,7 @@ func runRecreateTable(ctx *cli.Context) error {
golog.SetPrefix("")
golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
setting.NewContext()
setting.LoadFromExisting()
setting.InitDBConfig()
setting.EnableXORMLog = ctx.Bool("debug")
@ -96,7 +94,10 @@ func runRecreateTable(ctx *cli.Context) error {
setting.Cfg.Section("log").Key("XORM").SetValue(",")
setting.NewXORMLogService(!ctx.Bool("debug"))
if err := models.SetEngine(); err != nil {
stdCtx, cancel := installSignals()
defer cancel()
if err := db.InitEngine(stdCtx); err != nil {
fmt.Println(err)
fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
return nil
@ -108,27 +109,28 @@ func runRecreateTable(ctx *cli.Context) error {
names = append(names, args.Get(i))
}
beans, err := models.NamesToBean(names...)
beans, err := db.NamesToBean(names...)
if err != nil {
return err
}
recreateTables := migrations.RecreateTables(beans...)
return models.NewEngine(context.Background(), func(x *xorm.Engine) error {
return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
if err := migrations.EnsureUpToDate(x); err != nil {
return err
}
return recreateTables(x)
})
}
func runDoctor(ctx *cli.Context) error {
// Silence the default loggers
log.DelNamedLogger("console")
log.DelNamedLogger(log.DEFAULT)
stdCtx, cancel := installSignals()
defer cancel()
// Now setup our own
logFile := ctx.String("log-file")
if !ctx.IsSet("log-file") {
@ -211,5 +213,5 @@ func runDoctor(ctx *cli.Context) error {
logger := log.GetLogger("doctorouter")
defer logger.Close()
return doctor.RunChecks(logger, ctx.Bool("fix"), checks)
return doctor.RunChecks(stdCtx, logger, ctx.Bool("fix"), checks)
}

33
cmd/dump.go
View file

@ -7,26 +7,25 @@ package cmd
import (
"fmt"
"io/ioutil"
"os"
"path"
"path/filepath"
"strings"
"time"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
"code.gitea.io/gitea/modules/util"
"gitea.com/go-chi/session"
jsoniter "github.com/json-iterator/go"
archiver "github.com/mholt/archiver/v3"
"github.com/urfave/cli"
)
func addFile(w archiver.Writer, filePath string, absPath string, verbose bool) error {
func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
if verbose {
log.Info("Adding file %s\n", filePath)
}
@ -49,7 +48,7 @@ func addFile(w archiver.Writer, filePath string, absPath string, verbose bool) e
})
}
func isSubdir(upper string, lower string) (bool, error) {
func isSubdir(upper, lower string) (bool, error) {
if relPath, err := filepath.Rel(upper, lower); err != nil {
return false, err
} else if relPath == "." || !strings.HasPrefix(relPath, ".") {
@ -87,7 +86,7 @@ func (o outputType) String() string {
}
var outputTypeEnum = &outputType{
Enum: []string{"zip", "tar", "tar.gz", "tar.xz", "tar.bz2"},
Enum: []string{"zip", "rar", "tar", "sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
Default: "zip",
}
@ -153,14 +152,19 @@ func fatal(format string, args ...interface{}) {
func runDump(ctx *cli.Context) error {
var file *os.File
fileName := ctx.String("file")
outType := ctx.String("type")
if fileName == "-" {
file = os.Stdout
err := log.DelLogger("console")
if err != nil {
fatal("Deleting default logger failed. Can not write to stdout: %v", err)
}
} else {
fileName = strings.TrimSuffix(fileName, path.Ext(fileName))
fileName += "." + outType
}
setting.NewContext()
setting.LoadFromExisting()
// make sure we are logging to the console no matter what the configuration tells us do to
if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
fatal("Setting logging mode to console failed: %v", err)
@ -174,7 +178,10 @@ func runDump(ctx *cli.Context) error {
}
setting.NewServices() // cannot access session settings otherwise
err := models.SetEngine()
stdCtx, cancel := installSignals()
defer cancel()
err := db.InitEngine(stdCtx)
if err != nil {
return err
}
@ -197,7 +204,6 @@ func runDump(ctx *cli.Context) error {
}
verbose := ctx.Bool("verbose")
outType := ctx.String("type")
var iface interface{}
if fileName == "-" {
iface, err = archiver.ByExtension(fmt.Sprintf(".%s", outType))
@ -247,7 +253,7 @@ func runDump(ctx *cli.Context) error {
fatal("Path does not exist: %s", tmpDir)
}
dbDump, err := ioutil.TempFile(tmpDir, "gitea-db.sql")
dbDump, err := os.CreateTemp(tmpDir, "gitea-db.sql")
if err != nil {
fatal("Failed to create tmp file: %v", err)
}
@ -264,7 +270,7 @@ func runDump(ctx *cli.Context) error {
log.Info("Dumping database...")
}
if err := models.DumpDatabase(dbDump.Name(), targetDBType); err != nil {
if err := db.DumpDatabase(dbDump.Name(), targetDBType); err != nil {
fatal("Failed to dump database: %v", err)
}
@ -280,7 +286,7 @@ func runDump(ctx *cli.Context) error {
}
if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
log.Info("Skiping custom directory")
log.Info("Skipping custom directory")
} else {
customDir, err := os.Stat(setting.CustomPath)
if err == nil && customDir.IsDir() {
@ -306,7 +312,6 @@ func runDump(ctx *cli.Context) error {
var excludes []string
if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
var opts session.Options
json := jsoniter.ConfigCompatibleWithStandardLibrary
if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
return err
}
@ -365,7 +370,7 @@ func runDump(ctx *cli.Context) error {
fatal("Failed to save %s: %v", fileName, err)
}
if err := os.Chmod(fileName, 0600); err != nil {
if err := os.Chmod(fileName, 0o600); err != nil {
log.Info("Can't change file access permissions mask to 0600: %v", err)
}
}

13
cmd/dump_repo.go
View file

@ -11,10 +11,10 @@ import (
"code.gitea.io/gitea/modules/convert"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/migrations"
"code.gitea.io/gitea/modules/migrations/base"
base "code.gitea.io/gitea/modules/migration"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/services/migrations"
"github.com/urfave/cli"
)
@ -76,7 +76,10 @@ wiki, issues, labels, releases, release_assets, milestones, pull_requests, comme
}
func runDumpRepository(ctx *cli.Context) error {
if err := initDB(); err != nil {
stdCtx, cancel := installSignals()
defer cancel()
if err := initDB(stdCtx); err != nil {
return err
}
@ -84,7 +87,7 @@ func runDumpRepository(ctx *cli.Context) error {
log.Info("AppWorkPath: %s", setting.AppWorkPath)
log.Info("Custom path: %s", setting.CustomPath)
log.Info("Log path: %s", setting.LogRootPath)
setting.InitDBConfig()
log.Info("Configuration file: %s", setting.CustomConf)
var (
serviceType structs.GitServiceType
@ -104,7 +107,7 @@ func runDumpRepository(ctx *cli.Context) error {
}
serviceType = convert.ToGitServiceType(serviceStr)
var opts = base.MigrateOptions{
opts := base.MigrateOptions{
GitServiceType: serviceType,
CloneAddr: cloneAddr,
AuthUsername: ctx.String("auth_username"),

17
cmd/embedded.go
View file

@ -2,6 +2,7 @@
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
//go:build bindata
// +build bindata
package cmd
@ -19,6 +20,7 @@ import (
"code.gitea.io/gitea/modules/public"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/util"
"github.com/gobwas/glob"
"github.com/urfave/cli"
@ -107,13 +109,12 @@ type asset struct {
}
func initEmbeddedExtractor(c *cli.Context) error {
// Silence the console logger
log.DelNamedLogger("console")
log.DelNamedLogger(log.DEFAULT)
// Read configuration file
setting.NewContext()
setting.LoadAllowEmpty()
pats, err := getPatterns(c.Args())
if err != nil {
@ -258,7 +259,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
return fmt.Errorf("%s: %v", dir, err)
}
perms := os.ModePerm & 0666
perms := os.ModePerm & 0o666
fi, err := os.Lstat(dest)
if err != nil {
@ -271,7 +272,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
} else if !fi.Mode().IsRegular() {
return fmt.Errorf("%s already exists, but it's not a regular file", dest)
} else if rename {
if err := os.Rename(dest, dest+".bak"); err != nil {
if err := util.Rename(dest, dest+".bak"); err != nil {
return fmt.Errorf("Error creating backup for %s: %v", dest, err)
}
// Attempt to respect file permissions mask (even if user:group will be set anew)
@ -294,7 +295,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
}
func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
var results = make([]asset, 0, 64)
results := make([]asset, 0, 64)
for _, name := range sec.Names() {
if isdir, err := sec.IsDir(name); !isdir && err == nil {
if sec.Path == "public" &&
@ -305,9 +306,11 @@ func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
matchName := sec.Path + "/" + name
for _, g := range globs {
if g.Match(matchName) {
results = append(results, asset{Section: sec,
results = append(results, asset{
Section: sec,
Name: name,
Path: sec.Path + "/" + name})
Path: sec.Path + "/" + name,
})
break
}
}

1
cmd/embedded_stub.go
View file

@ -2,6 +2,7 @@
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
//go:build !bindata
// +build !bindata
package cmd

396
cmd/hook.go
View file

@ -38,6 +38,7 @@ var (
subcmdHookPreReceive,
subcmdHookUpdate,
subcmdHookPostReceive,
subcmdHookProcReceive,
},
}
@ -74,6 +75,18 @@ var (
},
},
}
// Note: new hook since git 2.29
subcmdHookProcReceive = cli.Command{
Name: "proc-receive",
Usage: "Delegate proc-receive Git hook",
Description: "This command should only be called by Git",
Action: runHookProcReceive,
Flags: []cli.Flag{
cli.BoolFlag{
Name: "debug",
},
},
}
)
type delayWriter struct {
@ -152,20 +165,21 @@ func runHookPreReceive(c *cli.Context) error {
if os.Getenv(models.EnvIsInternal) == "true" {
return nil
}
ctx, cancel := installSignals()
defer cancel()
setup("hooks/pre-receive.log", c.Bool("debug"))
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
if setting.OnlyAllowPushIfGiteaEnvironmentSet {
fail(`Rejecting changes as Gitea environment not set.
return fail(`Rejecting changes as Gitea environment not set.
If you are pushing over SSH you must push with a key managed by
Gitea or set your environment appropriately.`, "")
} else {
}
return nil
}
}
// the environment setted on serv command
// the environment is set by serv command
isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
username := os.Getenv(models.EnvRepoUsername)
reponame := os.Getenv(models.EnvRepoName)
@ -204,6 +218,11 @@ Gitea or set your environment appropriately.`, "")
}
}
supportProcRecive := false
if git.CheckGitVersionAtLeast("2.29") == nil {
supportProcRecive = true
}
for scanner.Scan() {
// TODO: support news feeds for wiki
if isWiki {
@ -222,7 +241,9 @@ Gitea or set your environment appropriately.`, "")
lastline++
// If the ref is a branch or tag, check if it's protected
if strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
// if supportProcRecive all ref should be checked because
// permission check was delayed
if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
oldCommitIDs[count] = oldCommitID
newCommitIDs[count] = newCommitID
refFullNames[count] = refFullName
@ -235,14 +256,14 @@ Gitea or set your environment appropriately.`, "")
hookOptions.OldCommitIDs = oldCommitIDs
hookOptions.NewCommitIDs = newCommitIDs
hookOptions.RefFullNames = refFullNames
statusCode, msg := private.HookPreReceive(username, reponame, hookOptions)
statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
switch statusCode {
case http.StatusOK:
// no-op
case http.StatusInternalServerError:
fail("Internal Server Error", msg)
return fail("Internal Server Error", msg)
default:
fail(msg, "")
return fail(msg, "")
}
count = 0
lastline = 0
@ -263,16 +284,15 @@ Gitea or set your environment appropriately.`, "")
fmt.Fprintf(out, " Checking %d references\n", count)
statusCode, msg := private.HookPreReceive(username, reponame, hookOptions)
statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
switch statusCode {
case http.StatusInternalServerError:
fail("Internal Server Error", msg)
return fail("Internal Server Error", msg)
case http.StatusForbidden:
fail(msg, "")
return fail(msg, "")
}
} else if lastline > 0 {
fmt.Fprintf(out, "\n")
lastline = 0
}
fmt.Fprintf(out, "Checked %d references in total\n", total)
@ -285,8 +305,11 @@ func runHookUpdate(c *cli.Context) error {
}
func runHookPostReceive(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
// First of all run update-server-info no matter what
if _, err := git.NewCommand("update-server-info").Run(); err != nil {
if _, err := git.NewCommand(ctx, "update-server-info").Run(); err != nil {
return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
}
@ -299,12 +322,11 @@ func runHookPostReceive(c *cli.Context) error {
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
if setting.OnlyAllowPushIfGiteaEnvironmentSet {
fail(`Rejecting changes as Gitea environment not set.
return fail(`Rejecting changes as Gitea environment not set.
If you are pushing over SSH you must push with a key managed by
Gitea or set your environment appropriately.`, "")
} else {
return nil
}
return nil
}
var out io.Writer
@ -320,7 +342,7 @@ Gitea or set your environment appropriately.`, "")
}
}
// the environment setted on serv command
// the environment is set by serv command
repoUser := os.Getenv(models.EnvRepoUsername)
isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
repoName := os.Getenv(models.EnvRepoName)
@ -371,11 +393,11 @@ Gitea or set your environment appropriately.`, "")
hookOptions.OldCommitIDs = oldCommitIDs
hookOptions.NewCommitIDs = newCommitIDs
hookOptions.RefFullNames = refFullNames
resp, err := private.HookPostReceive(repoUser, repoName, hookOptions)
resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
if resp == nil {
_ = dWriter.Close()
hookPrintResults(results)
fail("Internal Server Error", err)
return fail("Internal Server Error", err)
}
wasEmpty = wasEmpty || resp.RepoWasEmpty
results = append(results, resp.Results...)
@ -386,9 +408,9 @@ Gitea or set your environment appropriately.`, "")
if count == 0 {
if wasEmpty && masterPushed {
// We need to tell the repo to reset the default branch to master
err := private.SetDefaultBranch(repoUser, repoName, "master")
err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
if err != nil {
fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
}
}
fmt.Fprintf(out, "Processed %d references in total\n", total)
@ -404,11 +426,11 @@ Gitea or set your environment appropriately.`, "")
fmt.Fprintf(out, " Processing %d references\n", count)
resp, err := private.HookPostReceive(repoUser, repoName, hookOptions)
resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
if resp == nil {
_ = dWriter.Close()
hookPrintResults(results)
fail("Internal Server Error", err)
return fail("Internal Server Error", err)
}
wasEmpty = wasEmpty || resp.RepoWasEmpty
results = append(results, resp.Results...)
@ -417,9 +439,9 @@ Gitea or set your environment appropriately.`, "")
if wasEmpty && masterPushed {
// We need to tell the repo to reset the default branch to master
err := private.SetDefaultBranch(repoUser, repoName, "master")
err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
if err != nil {
fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
}
}
_ = dWriter.Close()
@ -460,3 +482,327 @@ func pushOptions() map[string]string {
}
return opts
}
func runHookProcReceive(c *cli.Context) error {
setup("hooks/proc-receive.log", c.Bool("debug"))
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
if setting.OnlyAllowPushIfGiteaEnvironmentSet {
return fail(`Rejecting changes as Gitea environment not set.
If you are pushing over SSH you must push with a key managed by
Gitea or set your environment appropriately.`, "")
}
return nil
}
ctx, cancel := installSignals()
defer cancel()
if git.CheckGitVersionAtLeast("2.29") != nil {
return fail("Internal Server Error", "git not support proc-receive.")
}
reader := bufio.NewReader(os.Stdin)
repoUser := os.Getenv(models.EnvRepoUsername)
repoName := os.Getenv(models.EnvRepoName)
pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
pusherName := os.Getenv(models.EnvPusherName)
// 1. Version and features negotiation.
// S: PKT-LINE(version=1\0push-options atomic...) / PKT-LINE(version=1\n)
// S: flush-pkt
// H: PKT-LINE(version=1\0push-options...)
// H: flush-pkt
rs, err := readPktLine(reader, pktLineTypeData)
if err != nil {
return err
}
const VersionHead string = "version=1"
var (
hasPushOptions bool
response = []byte(VersionHead)
requestOptions []string
)
index := bytes.IndexByte(rs.Data, byte(0))
if index >= len(rs.Data) {
return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
}
if index < 0 {
if len(rs.Data) == 10 && rs.Data[9] == '\n' {
index = 9
} else {
return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
}
}
if string(rs.Data[0:index]) != VersionHead {
return fail("Internal Server Error", "Received unsupported version: %s", string(rs.Data[0:index]))
}
requestOptions = strings.Split(string(rs.Data[index+1:]), " ")
for _, option := range requestOptions {
if strings.HasPrefix(option, "push-options") {
response = append(response, byte(0))
response = append(response, []byte("push-options")...)
hasPushOptions = true
}
}
response = append(response, '\n')
_, err = readPktLine(reader, pktLineTypeFlush)
if err != nil {
return err
}
err = writeDataPktLine(os.Stdout, response)
if err != nil {
return err
}
err = writeFlushPktLine(os.Stdout)
if err != nil {
return err
}
// 2. receive commands from server.
// S: PKT-LINE(<old-oid> <new-oid> <ref>)
// S: ... ...
// S: flush-pkt
// # [receive push-options]
// S: PKT-LINE(push-option)
// S: ... ...
// S: flush-pkt
hookOptions := private.HookOptions{
UserName: pusherName,
UserID: pusherID,
}
hookOptions.OldCommitIDs = make([]string, 0, hookBatchSize)
hookOptions.NewCommitIDs = make([]string, 0, hookBatchSize)
hookOptions.RefFullNames = make([]string, 0, hookBatchSize)
for {
// note: pktLineTypeUnknow means pktLineTypeFlush and pktLineTypeData all allowed
rs, err = readPktLine(reader, pktLineTypeUnknow)
if err != nil {
return err
}
if rs.Type == pktLineTypeFlush {
break
}
t := strings.SplitN(string(rs.Data), " ", 3)
if len(t) != 3 {
continue
}
hookOptions.OldCommitIDs = append(hookOptions.OldCommitIDs, t[0])
hookOptions.NewCommitIDs = append(hookOptions.NewCommitIDs, t[1])
hookOptions.RefFullNames = append(hookOptions.RefFullNames, t[2])
}
hookOptions.GitPushOptions = make(map[string]string)
if hasPushOptions {
for {
rs, err = readPktLine(reader, pktLineTypeUnknow)
if err != nil {
return err
}
if rs.Type == pktLineTypeFlush {
break
}
kv := strings.SplitN(string(rs.Data), "=", 2)
if len(kv) == 2 {
hookOptions.GitPushOptions[kv[0]] = kv[1]
}
}
}
// 3. run hook
resp, err := private.HookProcReceive(ctx, repoUser, repoName, hookOptions)
if err != nil {
return fail("Internal Server Error", "run proc-receive hook failed :%v", err)
}
// 4. response result to service
// # a. OK, but has an alternate reference. The alternate reference name
// # and other status can be given in option directives.
// H: PKT-LINE(ok <ref>)
// H: PKT-LINE(option refname <refname>)
// H: PKT-LINE(option old-oid <old-oid>)
// H: PKT-LINE(option new-oid <new-oid>)
// H: PKT-LINE(option forced-update)
// H: ... ...
// H: flush-pkt
// # b. NO, I reject it.
// H: PKT-LINE(ng <ref> <reason>)
// # c. Fall through, let 'receive-pack' to execute it.
// H: PKT-LINE(ok <ref>)
// H: PKT-LINE(option fall-through)
for _, rs := range resp.Results {
if len(rs.Err) > 0 {
err = writeDataPktLine(os.Stdout, []byte("ng "+rs.OriginalRef+" "+rs.Err))
if err != nil {
return err
}
continue
}
if rs.IsNotMatched {
err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
if err != nil {
return err
}
err = writeDataPktLine(os.Stdout, []byte("option fall-through"))
if err != nil {
return err
}
continue
}
err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
if err != nil {
return err
}
err = writeDataPktLine(os.Stdout, []byte("option refname "+rs.Ref))
if err != nil {
return err
}
if rs.OldOID != git.EmptySHA {
err = writeDataPktLine(os.Stdout, []byte("option old-oid "+rs.OldOID))
if err != nil {
return err
}
}
err = writeDataPktLine(os.Stdout, []byte("option new-oid "+rs.NewOID))
if err != nil {
return err
}
if rs.IsForcePush {
err = writeDataPktLine(os.Stdout, []byte("option forced-update"))
if err != nil {
return err
}
}
}
err = writeFlushPktLine(os.Stdout)
return err
}
// git PKT-Line api
// pktLineType message type of pkt-line
type pktLineType int64
const (
// UnKnow type
pktLineTypeUnknow pktLineType = 0
// flush-pkt "0000"
pktLineTypeFlush pktLineType = iota
// data line
pktLineTypeData
)
// gitPktLine pkt-line api
type gitPktLine struct {
Type pktLineType
Length uint64
Data []byte
}
func readPktLine(in *bufio.Reader, requestType pktLineType) (*gitPktLine, error) {
var (
err error
r *gitPktLine
)
// read prefix
lengthBytes := make([]byte, 4)
for i := 0; i < 4; i++ {
lengthBytes[i], err = in.ReadByte()
if err != nil {
return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
}
}
r = new(gitPktLine)
r.Length, err = strconv.ParseUint(string(lengthBytes), 16, 32)
if err != nil {
return nil, fail("Internal Server Error", "Pkt-Line format is wrong :%v", err)
}
if r.Length == 0 {
if requestType == pktLineTypeData {
return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
}
r.Type = pktLineTypeFlush
return r, nil
}
if r.Length <= 4 || r.Length > 65520 || requestType == pktLineTypeFlush {
return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
}
r.Data = make([]byte, r.Length-4)
for i := range r.Data {
r.Data[i], err = in.ReadByte()
if err != nil {
return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
}
}
r.Type = pktLineTypeData
return r, nil
}
func writeFlushPktLine(out io.Writer) error {
l, err := out.Write([]byte("0000"))
if err != nil {
return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
}
if l != 4 {
return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
}
return nil
}
func writeDataPktLine(out io.Writer, data []byte) error {
hexchar := []byte("0123456789abcdef")
hex := func(n uint64) byte {
return hexchar[(n)&15]
}
length := uint64(len(data) + 4)
tmp := make([]byte, 4)
tmp[0] = hex(length >> 12)
tmp[1] = hex(length >> 8)
tmp[2] = hex(length >> 4)
tmp[3] = hex(length)
lr, err := out.Write(tmp)
if err != nil {
return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
}
if 4 != lr {
return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
}
lr, err = out.Write(data)
if err != nil {
return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
}
if int(length-4) != lr {
return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
}
return nil
}

41
cmd/hook_test.go Normal file
View file

@ -0,0 +1,41 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package cmd
import (
"bufio"
"bytes"
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
func TestPktLine(t *testing.T) {
// test read
s := strings.NewReader("0000")
r := bufio.NewReader(s)
result, err := readPktLine(r, pktLineTypeFlush)
assert.NoError(t, err)
assert.Equal(t, pktLineTypeFlush, result.Type)
s = strings.NewReader("0006a\n")
r = bufio.NewReader(s)
result, err = readPktLine(r, pktLineTypeData)
assert.NoError(t, err)
assert.Equal(t, pktLineTypeData, result.Type)
assert.Equal(t, []byte("a\n"), result.Data)
// test write
w := bytes.NewBuffer([]byte{})
err = writeFlushPktLine(w)
assert.NoError(t, err)
assert.Equal(t, []byte("0000"), w.Bytes())
w.Reset()
err = writeDataPktLine(w, []byte("a\nb"))
assert.NoError(t, err)
assert.Equal(t, []byte("0007a\nb"), w.Bytes())
}

5
cmd/keys.go
View file

@ -62,9 +62,12 @@ func runKeys(c *cli.Context) error {
return errors.New("No key type and content provided")
}
ctx, cancel := installSignals()
defer cancel()
setup("keys.log", false)
authorizedString, err := private.AuthorizedPublicKeyByContent(content)
authorizedString, err := private.AuthorizedPublicKeyByContent(ctx, content)
if err != nil {
return err
}

8
cmd/mailer.go
View file

@ -10,11 +10,15 @@ import (
"code.gitea.io/gitea/modules/private"
"code.gitea.io/gitea/modules/setting"
"github.com/urfave/cli"
)
func runSendMail(c *cli.Context) error {
setting.NewContext()
ctx, cancel := installSignals()
defer cancel()
setting.LoadFromExisting()
if err := argsSet(c, "title"); err != nil {
return err
@ -39,7 +43,7 @@ func runSendMail(c *cli.Context) error {
}
}
status, message := private.SendEmail(subject, body, nil)
status, message := private.SendEmail(ctx, subject, body, nil)
if status != http.StatusOK {
fmt.Printf("error: %s\n", message)
return nil

59
cmd/manager.go
View file

@ -58,7 +58,8 @@ var (
Name: "timeout",
Value: 60 * time.Second,
Usage: "Timeout for the flushing process",
}, cli.BoolFlag{
},
cli.BoolFlag{
Name: "non-blocking",
Usage: "Set to true to not wait for flush to complete before returning",
},
@ -236,10 +237,13 @@ func runRemoveLogger(c *cli.Context) error {
group = log.DEFAULT
}
name := c.Args().First()
statusCode, msg := private.RemoveLogger(group, name)
ctx, cancel := installSignals()
defer cancel()
statusCode, msg := private.RemoveLogger(ctx, group, name)
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)
@ -371,10 +375,13 @@ func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) e
if c.IsSet("name") {
name = c.String("name")
}
statusCode, msg := private.AddLogger(group, name, mode, vals)
ctx, cancel := installSignals()
defer cancel()
statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)
@ -382,11 +389,14 @@ func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) e
}
func runShutdown(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
setup("manager", c.Bool("debug"))
statusCode, msg := private.Shutdown()
statusCode, msg := private.Shutdown(ctx)
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)
@ -394,11 +404,14 @@ func runShutdown(c *cli.Context) error {
}
func runRestart(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
setup("manager", c.Bool("debug"))
statusCode, msg := private.Restart()
statusCode, msg := private.Restart(ctx)
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)
@ -406,11 +419,14 @@ func runRestart(c *cli.Context) error {
}
func runFlushQueues(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
setup("manager", c.Bool("debug"))
statusCode, msg := private.FlushQueues(c.Duration("timeout"), c.Bool("non-blocking"))
statusCode, msg := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking"))
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)
@ -418,11 +434,14 @@ func runFlushQueues(c *cli.Context) error {
}
func runPauseLogging(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
setup("manager", c.Bool("debug"))
statusCode, msg := private.PauseLogging()
statusCode, msg := private.PauseLogging(ctx)
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)
@ -430,11 +449,14 @@ func runPauseLogging(c *cli.Context) error {
}
func runResumeLogging(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
setup("manager", c.Bool("debug"))
statusCode, msg := private.ResumeLogging()
statusCode, msg := private.ResumeLogging(ctx)
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)
@ -442,11 +464,14 @@ func runResumeLogging(c *cli.Context) error {
}
func runReleaseReopenLogging(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
setup("manager", c.Bool("debug"))
statusCode, msg := private.ReleaseReopenLogging()
statusCode, msg := private.ReleaseReopenLogging(ctx)
switch statusCode {
case http.StatusInternalServerError:
fail("InternalServerError", msg)
return fail("InternalServerError", msg)
}
fmt.Fprintln(os.Stdout, msg)

11
cmd/migrate.go
View file

@ -7,7 +7,7 @@ package cmd
import (
"context"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/migrations"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
@ -24,7 +24,10 @@ var CmdMigrate = cli.Command{
}
func runMigrate(ctx *cli.Context) error {
if err := initDB(); err != nil {
stdCtx, cancel := installSignals()
defer cancel()
if err := initDB(stdCtx); err != nil {
return err
}
@ -32,9 +35,9 @@ func runMigrate(ctx *cli.Context) error {
log.Info("AppWorkPath: %s", setting.AppWorkPath)
log.Info("Custom path: %s", setting.CustomPath)
log.Info("Log path: %s", setting.LogRootPath)
setting.InitDBConfig()
log.Info("Configuration file: %s", setting.CustomConf)
if err := models.NewEngine(context.Background(), migrations.Migrate); err != nil {
if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
log.Fatal("Failed to initialize ORM engine: %v", err)
return err
}

20
cmd/migrate_storage.go
View file

@ -10,7 +10,10 @@ import (
"strings"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/migrations"
repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
@ -78,7 +81,7 @@ var CmdMigrateStorage = cli.Command{
}
func migrateAttachments(dstStorage storage.ObjectStorage) error {
return models.IterateAttachment(func(attach *models.Attachment) error {
return repo_model.IterateAttachment(func(attach *repo_model.Attachment) error {
_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
return err
})
@ -92,21 +95,24 @@ func migrateLFS(dstStorage storage.ObjectStorage) error {
}
func migrateAvatars(dstStorage storage.ObjectStorage) error {
return models.IterateUser(func(user *models.User) error {
return user_model.IterateUser(func(user *user_model.User) error {
_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
return err
})
}
func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
return models.IterateRepository(func(repo *models.Repository) error {
return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
return err
})
}
func runMigrateStorage(ctx *cli.Context) error {
if err := initDB(); err != nil {
stdCtx, cancel := installSignals()
defer cancel()
if err := initDB(stdCtx); err != nil {
return err
}
@ -114,9 +120,9 @@ func runMigrateStorage(ctx *cli.Context) error {
log.Info("AppWorkPath: %s", setting.AppWorkPath)
log.Info("Custom path: %s", setting.CustomPath)
log.Info("Log path: %s", setting.LogRootPath)
setting.InitDBConfig()
log.Info("Configuration file: %s", setting.CustomConf)
if err := models.NewEngine(context.Background(), migrations.Migrate); err != nil {
if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
log.Fatal("Failed to initialize ORM engine: %v", err)
return err
}
@ -184,7 +190,7 @@ func runMigrateStorage(ctx *cli.Context) error {
return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
}
log.Warn("All files have been copied to the new placement but old files are still on the orignial placement.")
log.Warn("All files have been copied to the new placement but old files are still on the original placement.")
return nil
}

21
cmd/restore_repo.go
View file

@ -43,17 +43,26 @@ var CmdRestoreRepository = cli.Command{
Usage: `Which items will be restored, one or more units should be separated as comma.
wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
},
cli.BoolFlag{
Name: "validation",
Usage: "Sanity check the content of the files before trying to load them",
},
},
}
func runRestoreRepository(ctx *cli.Context) error {
setting.NewContext()
func runRestoreRepository(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
setting.LoadFromExisting()
statusCode, errStr := private.RestoreRepo(
ctx.String("repo_dir"),
ctx.String("owner_name"),
ctx.String("repo_name"),
ctx.StringSlice("units"),
ctx,
c.String("repo_dir"),
c.String("owner_name"),
c.String("repo_name"),
c.StringSlice("units"),
c.Bool("validation"),
)
if statusCode == http.StatusOK {
return nil

111
cmd/serv.go
View file

@ -17,14 +17,17 @@ import (
"time"
"code.gitea.io/gitea/models"
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/pprof"
"code.gitea.io/gitea/modules/private"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/services/lfs"
"github.com/dgrijalva/jwt-go"
jsoniter "github.com/json-iterator/go"
"github.com/golang-jwt/jwt/v4"
"github.com/kballard/go-shellquote"
"github.com/urfave/cli"
)
@ -56,39 +59,46 @@ func setup(logPath string, debug bool) {
} else {
_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
}
setting.NewContext()
setting.LoadFromExisting()
if debug {
setting.RunMode = "dev"
}
}
var (
allowedCommands = map[string]models.AccessMode{
"git-upload-pack": models.AccessModeRead,
"git-upload-archive": models.AccessModeRead,
"git-receive-pack": models.AccessModeWrite,
lfsAuthenticateVerb: models.AccessModeNone,
allowedCommands = map[string]perm.AccessMode{
"git-upload-pack": perm.AccessModeRead,
"git-upload-archive": perm.AccessModeRead,
"git-receive-pack": perm.AccessModeWrite,
lfsAuthenticateVerb: perm.AccessModeNone,
}
alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
)
func fail(userMessage, logMessage string, args ...interface{}) {
func fail(userMessage, logMessage string, args ...interface{}) error {
// There appears to be a chance to cause a zombie process and failure to read the Exit status
// if nothing is outputted on stdout.
fmt.Fprintln(os.Stdout, "")
fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
if len(logMessage) > 0 {
if !setting.IsProd() {
if !setting.IsProd {
fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
}
}
ctx, cancel := installSignals()
defer cancel()
if len(logMessage) > 0 {
_ = private.SSHLog(true, fmt.Sprintf(logMessage+": ", args...))
_ = private.SSHLog(ctx, true, fmt.Sprintf(logMessage+": ", args...))
}
os.Exit(1)
return cli.NewExitError("", 1)
}
func runServ(c *cli.Context) error {
ctx, cancel := installSignals()
defer cancel()
// FIXME: This needs to internationalised
setup("serv.log", c.Bool("debug"))
@ -106,23 +116,23 @@ func runServ(c *cli.Context) error {
keys := strings.Split(c.Args()[0], "-")
if len(keys) != 2 || keys[0] != "key" {
fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
return fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
}
keyID, err := strconv.ParseInt(keys[1], 10, 64)
if err != nil {
fail("Key ID format error", "Invalid key argument: %s", c.Args()[1])
return fail("Key ID format error", "Invalid key argument: %s", c.Args()[1])
}
cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
if len(cmd) == 0 {
key, user, err := private.ServNoCommand(keyID)
key, user, err := private.ServNoCommand(ctx, keyID)
if err != nil {
fail("Internal error", "Failed to check provided key: %v", err)
return fail("Internal error", "Failed to check provided key: %v", err)
}
switch key.Type {
case models.KeyTypeDeploy:
case asymkey_model.KeyTypeDeploy:
println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
case models.KeyTypePrincipal:
case asymkey_model.KeyTypePrincipal:
println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
default:
println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
@ -135,11 +145,18 @@ func runServ(c *cli.Context) error {
words, err := shellquote.Split(cmd)
if err != nil {
fail("Error parsing arguments", "Failed to parse arguments: %v", err)
return fail("Error parsing arguments", "Failed to parse arguments: %v", err)
}
if len(words) < 2 {
fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
if git.CheckGitVersionAtLeast("2.29") == nil {
// for AGit Flow
if cmd == "ssh_info" {
fmt.Print(`{"type":"gitea","version":1}`)
return nil
}
}
return fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
}
verb := words[0]
@ -151,7 +168,7 @@ func runServ(c *cli.Context) error {
var lfsVerb string
if verb == lfsAuthenticateVerb {
if !setting.LFS.StartServer {
fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
return fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
}
if len(words) > 2 {
@ -164,60 +181,59 @@ func runServ(c *cli.Context) error {
rr := strings.SplitN(repoPath, "/", 2)
if len(rr) != 2 {
fail("Invalid repository path", "Invalid repository path: %v", repoPath)
return fail("Invalid repository path", "Invalid repository path: %v", repoPath)
}
username := strings.ToLower(rr[0])
reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))
if alphaDashDotPattern.MatchString(reponame) {
fail("Invalid repo name", "Invalid repo name: %s", reponame)
return fail("Invalid repo name", "Invalid repo name: %s", reponame)
}
if setting.EnablePprof || c.Bool("enable-pprof") {
if c.Bool("enable-pprof") {
if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
return fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
}
stopCPUProfiler, err := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
if err != nil {
fail("Internal Server Error", "Unable to start CPU profile: %v", err)
return fail("Internal Server Error", "Unable to start CPU profile: %v", err)
}
defer func() {
stopCPUProfiler()
err := pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
if err != nil {
fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
_ = fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
}
}()
}
requestedMode, has := allowedCommands[verb]
if !has {
fail("Unknown git command", "Unknown git command %s", verb)
return fail("Unknown git command", "Unknown git command %s", verb)
}
if verb == lfsAuthenticateVerb {
if lfsVerb == "upload" {
requestedMode = models.AccessModeWrite
requestedMode = perm.AccessModeWrite
} else if lfsVerb == "download" {
requestedMode = models.AccessModeRead
requestedMode = perm.AccessModeRead
} else {
fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
return fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
}
}
results, err := private.ServCommand(keyID, username, reponame, requestedMode, verb, lfsVerb)
results, err := private.ServCommand(ctx, keyID, username, reponame, requestedMode, verb, lfsVerb)
if err != nil {
if private.IsErrServCommand(err) {
errServCommand := err.(private.ErrServCommand)
if errServCommand.StatusCode != http.StatusInternalServerError {
fail("Unauthorized", "%s", errServCommand.Error())
} else {
fail("Internal Server Error", "%s", errServCommand.Error())
return fail("Unauthorized", "%s", errServCommand.Error())
}
return fail("Internal Server Error", "%s", errServCommand.Error())
}
fail("Internal Server Error", "%s", err.Error())
return fail("Internal Server Error", "%s", err.Error())
}
os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
os.Setenv(models.EnvRepoName, results.RepoName)
@ -237,9 +253,9 @@ func runServ(c *cli.Context) error {
now := time.Now()
claims := lfs.Claims{
StandardClaims: jwt.StandardClaims{
ExpiresAt: now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
NotBefore: now.Unix(),
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(now.Add(setting.LFS.HTTPAuthExpiry)),
NotBefore: jwt.NewNumericDate(now),
},
RepoID: results.RepoID,
Op: lfsVerb,
@ -250,7 +266,7 @@ func runServ(c *cli.Context) error {
// Sign and get the complete encoded token as a string using the secret
tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
if err != nil {
fail("Internal error", "Failed to sign JWT token: %v", err)
return fail("Internal error", "Failed to sign JWT token: %v", err)
}
tokenAuthentication := &models.LFSTokenResponse{
@ -259,11 +275,10 @@ func runServ(c *cli.Context) error {
}
tokenAuthentication.Header["Authorization"] = fmt.Sprintf("Bearer %s", tokenString)
json := jsoniter.ConfigCompatibleWithStandardLibrary
enc := json.NewEncoder(os.Stdout)
err = enc.Encode(tokenAuthentication)
if err != nil {
fail("Internal error", "Failed to encode LFS json response: %v", err)
return fail("Internal error", "Failed to encode LFS json response: %v", err)
}
return nil
}
@ -276,9 +291,9 @@ func runServ(c *cli.Context) error {
var gitcmd *exec.Cmd
verbs := strings.Split(verb, " ")
if len(verbs) == 2 {
gitcmd = exec.Command(verbs[0], verbs[1], repoPath)
gitcmd = exec.CommandContext(ctx, verbs[0], verbs[1], repoPath)
} else {
gitcmd = exec.Command(verb, repoPath)
gitcmd = exec.CommandContext(ctx, verb, repoPath)
}
gitcmd.Dir = setting.RepoRootPath
@ -286,13 +301,13 @@ func runServ(c *cli.Context) error {
gitcmd.Stdin = os.Stdin
gitcmd.Stderr = os.Stderr
if err = gitcmd.Run(); err != nil {
fail("Internal error", "Failed to execute git command: %v", err)
return fail("Internal error", "Failed to execute git command: %v", err)
}
// Update user key activity.
if results.KeyID > 0 {
if err = private.UpdatePublicKeyInRepo(results.KeyID, results.RepoID); err != nil {
fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
if err = private.UpdatePublicKeyInRepo(ctx, results.KeyID, results.RepoID); err != nil {
return fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
}
}

53
cmd/web.go
View file

@ -9,17 +9,17 @@ import (
"fmt"
"net"
"net/http"
_ "net/http/pprof" // Used for debugging if enabled and a web server is running
"os"
"strings"
_ "net/http/pprof" // Used for debugging if enabled and a web server is running
"code.gitea.io/gitea/modules/graceful"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/routers"
"code.gitea.io/gitea/routers/install"
context2 "github.com/gorilla/context"
"github.com/urfave/cli"
ini "gopkg.in/ini.v1"
)
@ -71,8 +71,7 @@ func runHTTPRedirector() {
http.Redirect(w, r, target, http.StatusTemporaryRedirect)
})
var err = runHTTP("tcp", source, "HTTP Redirector", context2.ClearHandler(handler))
err := runHTTP("tcp", source, "HTTP Redirector", handler)
if err != nil {
log.Fatal("Failed to start port redirection: %v", err)
}
@ -86,6 +85,11 @@ func runWeb(ctx *cli.Context) error {
_ = log.DelLogger("console")
log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "fatal", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
}
defer func() {
if panicked := recover(); panicked != nil {
log.Fatal("PANIC: %v\n%s", panicked, log.Stack(2))
}
}()
managerCtx, cancel := context.WithCancel(context.Background())
graceful.InitManager(managerCtx)
@ -119,6 +123,10 @@ func runWeb(ctx *cli.Context) error {
}
c := install.Routes()
err := listen(c, false)
if err != nil {
log.Critical("Unable to open listener for installer. Is Gitea already running?")
graceful.GetManager().DoGracefulShutdown()
}
select {
case <-graceful.GetManager().IsShutdown():
<-graceful.GetManager().Done()
@ -140,7 +148,15 @@ func runWeb(ctx *cli.Context) error {
log.Info("Global init")
// Perform global initialization
routers.GlobalInit(graceful.GetManager().HammerContext())
setting.LoadFromExisting()
routers.GlobalInitInstalled(graceful.GetManager().HammerContext())
// We check that AppDataPath exists here (it should have been created during installation)
// We can't check it in `GlobalInitInstalled`, because some integration tests
// use cmd -> GlobalInitInstalled, but the AppDataPath doesn't exist during those tests.
if _, err := os.Stat(setting.AppDataPath); err != nil {
log.Fatal("Can not find APP_DATA_PATH '%s'", setting.AppDataPath)
}
// Override the provided port number within the configuration
if ctx.IsSet("port") {
@ -163,7 +179,7 @@ func setPort(port string) error {
setting.HTTPPort = port
switch setting.Protocol {
case setting.UnixSocket:
case setting.HTTPUnix:
case setting.FCGI:
case setting.FCGIUnix:
default:
@ -185,10 +201,14 @@ func setPort(port string) error {
func listen(m http.Handler, handleRedirector bool) error {
listenAddr := setting.HTTPAddr
if setting.Protocol != setting.UnixSocket && setting.Protocol != setting.FCGIUnix {
if setting.Protocol != setting.HTTPUnix && setting.Protocol != setting.FCGIUnix {
listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
}
log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
// This can be useful for users, many users do wrong to their config and get strange behaviors behind a reverse-proxy.
// A user may fix the configuration mistake when he sees this log.
// And this is also very helpful to maintainers to provide help to users to resolve their configuration problems.
log.Info("AppURL(ROOT_URL): %s", setting.AppURL)
if setting.LFS.StartServer {
log.Info("LFS server enabled")
@ -200,12 +220,12 @@ func listen(m http.Handler, handleRedirector bool) error {
if handleRedirector {
NoHTTPRedirector()
}
err = runHTTP("tcp", listenAddr, "Web", context2.ClearHandler(m))
err = runHTTP("tcp", listenAddr, "Web", m)
case setting.HTTPS:
if setting.EnableLetsEncrypt {
err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
if setting.EnableAcme {
err = runACME(listenAddr, m)
break
}
} else {
if handleRedirector {
if setting.RedirectOtherPort {
go runHTTPRedirector()
@ -213,22 +233,23 @@ func listen(m http.Handler, handleRedirector bool) error {
NoHTTPRedirector()
}
}
err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
}
case setting.FCGI:
if handleRedirector {
NoHTTPRedirector()
}
err = runFCGI("tcp", listenAddr, "FCGI Web", context2.ClearHandler(m))
case setting.UnixSocket:
err = runFCGI("tcp", listenAddr, "FCGI Web", m)
case setting.HTTPUnix:
if handleRedirector {
NoHTTPRedirector()
}
err = runHTTP("unix", listenAddr, "Web", context2.ClearHandler(m))
err = runHTTP("unix", listenAddr, "Web", m)
case setting.FCGIUnix:
if handleRedirector {
NoHTTPRedirector()
}
err = runFCGI("unix", listenAddr, "Web", context2.ClearHandler(m))
err = runFCGI("unix", listenAddr, "Web", m)
default:
log.Fatal("Invalid protocol: %s", setting.Protocol)
}

132
cmd/web_acme.go Normal file
View file

@ -0,0 +1,132 @@
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package cmd
import (
"crypto/x509"
"encoding/pem"
"fmt"
"net/http"
"os"
"strconv"
"strings"
"code.gitea.io/gitea/modules/graceful"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"github.com/caddyserver/certmagic"
)
func getCARoot(path string) (*x509.CertPool, error) {
r, err := os.ReadFile(path)
if err != nil {
return nil, err
}
block, _ := pem.Decode(r)
if block == nil {
return nil, fmt.Errorf("no PEM found in the file %s", path)
}
caRoot, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
certPool := x509.NewCertPool()
certPool.AddCert(caRoot)
return certPool, nil
}
func runACME(listenAddr string, m http.Handler) error {
// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
// Due to docker port mapping this can't be checked programmatically
// TODO: these are placeholders until we add options for each in settings with appropriate warning
enableHTTPChallenge := true
enableTLSALPNChallenge := true
altHTTPPort := 0
altTLSALPNPort := 0
if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
altHTTPPort = p
}
if p, err := strconv.Atoi(setting.HTTPPort); err == nil {
altTLSALPNPort = p
}
magic := certmagic.NewDefault()
magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
// Try to use private CA root if provided, otherwise defaults to system's trust
var certPool *x509.CertPool
if setting.AcmeCARoot != "" {
var err error
certPool, err = getCARoot(setting.AcmeCARoot)
if err != nil {
log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err)
}
}
myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
CA: setting.AcmeURL,
TrustedRoots: certPool,
Email: setting.AcmeEmail,
Agreed: setting.AcmeTOS,
DisableHTTPChallenge: !enableHTTPChallenge,
DisableTLSALPNChallenge: !enableTLSALPNChallenge,
ListenHost: setting.HTTPAddr,
AltTLSALPNPort: altTLSALPNPort,
AltHTTPPort: altHTTPPort,
})
magic.Issuers = []certmagic.Issuer{myACME}
// this obtains certificates or renews them if necessary
err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{setting.Domain})
if err != nil {
return err
}
tlsConfig := magic.TLSConfig()
tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
tlsConfig.MinVersion = version
}
if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
tlsConfig.MaxVersion = version
}
// Set curve preferences
if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
tlsConfig.CurvePreferences = curves
}
// Set cipher suites
if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
tlsConfig.CipherSuites = ciphers
}
if enableHTTPChallenge {
go func() {
log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
if err != nil {
log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
}
}()
}
return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
}
func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" && r.Method != "HEAD" {
http.Error(w, "Use HTTPS", http.StatusBadRequest)
return
}
// Remove the trailing slash at the end of setting.AppURL, the request
// URI always contains a leading slash, which would result in a double
// slash
target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
http.Redirect(w, r, target, http.StatusFound)
}

9
cmd/web_graceful.go
View file

@ -5,7 +5,6 @@
package cmd
import (
"crypto/tls"
"net"
"net/http"
"net/http/fcgi"
@ -20,14 +19,6 @@ func runHTTP(network, listenAddr, name string, m http.Handler) error {
return graceful.HTTPListenAndServe(network, listenAddr, name, m)
}
func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
return graceful.HTTPListenAndServeTLS(network, listenAddr, name, certFile, keyFile, m)
}
func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
}
// NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
func NoHTTPRedirector() {
graceful.GetManager().InformCleanup()

192
cmd/web_https.go Normal file
View file

@ -0,0 +1,192 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package cmd
import (
"crypto/tls"
"net/http"
"os"
"strings"
"code.gitea.io/gitea/modules/graceful"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"github.com/klauspost/cpuid/v2"
)
var tlsVersionStringMap = map[string]uint16{
"": tls.VersionTLS12, // Default to tls.VersionTLS12
"tlsv1.0": tls.VersionTLS10,
"tlsv1.1": tls.VersionTLS11,
"tlsv1.2": tls.VersionTLS12,
"tlsv1.3": tls.VersionTLS13,
}
func toTLSVersion(version string) uint16 {
tlsVersion, ok := tlsVersionStringMap[strings.TrimSpace(strings.ToLower(version))]
if !ok {
log.Warn("Unknown tls version: %s", version)
return 0
}
return tlsVersion
}
var curveStringMap = map[string]tls.CurveID{
"x25519": tls.X25519,
"p256": tls.CurveP256,
"p384": tls.CurveP384,
"p521": tls.CurveP521,
}
func toCurvePreferences(preferences []string) []tls.CurveID {
ids := make([]tls.CurveID, 0, len(preferences))
for _, pref := range preferences {
id, ok := curveStringMap[strings.TrimSpace(strings.ToLower(pref))]
if !ok {
log.Warn("Unknown curve: %s", pref)
}
if id != 0 {
ids = append(ids, id)
}
}
return ids
}
var cipherStringMap = map[string]uint16{
"rsa_with_rc4_128_sha": tls.TLS_RSA_WITH_RC4_128_SHA,
"rsa_with_3des_ede_cbc_sha": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
"rsa_with_aes_128_cbc_sha": tls.TLS_RSA_WITH_AES_128_CBC_SHA,
"rsa_with_aes_256_cbc_sha": tls.TLS_RSA_WITH_AES_256_CBC_SHA,
"rsa_with_aes_128_cbc_sha256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
"rsa_with_aes_128_gcm_sha256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
"rsa_with_aes_256_gcm_sha384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
"ecdhe_ecdsa_with_rc4_128_sha": tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
"ecdhe_ecdsa_with_aes_128_cbc_sha": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
"ecdhe_ecdsa_with_aes_256_cbc_sha": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
"ecdhe_rsa_with_rc4_128_sha": tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
"ecdhe_rsa_with_3des_ede_cbc_sha": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
"ecdhe_rsa_with_aes_128_cbc_sha": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
"ecdhe_rsa_with_aes_256_cbc_sha": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
"ecdhe_ecdsa_with_aes_128_cbc_sha256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
"ecdhe_rsa_with_aes_128_cbc_sha256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
"ecdhe_rsa_with_aes_128_gcm_sha256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
"ecdhe_ecdsa_with_aes_128_gcm_sha256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"ecdhe_rsa_with_aes_256_gcm_sha384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ecdhe_ecdsa_with_aes_256_gcm_sha384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"ecdhe_rsa_with_chacha20_poly1305_sha256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
"ecdhe_ecdsa_with_chacha20_poly1305_sha256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
"ecdhe_rsa_with_chacha20_poly1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
"ecdhe_ecdsa_with_chacha20_poly1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
"aes_128_gcm_sha256": tls.TLS_AES_128_GCM_SHA256,
"aes_256_gcm_sha384": tls.TLS_AES_256_GCM_SHA384,
"chacha20_poly1305_sha256": tls.TLS_CHACHA20_POLY1305_SHA256,
}
func toTLSCiphers(cipherStrings []string) []uint16 {
ciphers := make([]uint16, 0, len(cipherStrings))
for _, cipherString := range cipherStrings {
cipher, ok := cipherStringMap[strings.TrimSpace(strings.ToLower(cipherString))]
if !ok {
log.Warn("Unknown cipher: %s", cipherString)
}
if cipher != 0 {
ciphers = append(ciphers, cipher)
}
}
return ciphers
}
// defaultCiphers uses hardware support to check if AES is specifically
// supported by the CPU.
//
// If AES is supported AES ciphers will be preferred over ChaCha based ciphers
// (This code is directly inspired by the certmagic code.)
func defaultCiphers() []uint16 {
if cpuid.CPU.Supports(cpuid.AESNI) {
return defaultCiphersAESfirst
}
return defaultCiphersChaChaFirst
}
var (
defaultCiphersAES = []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
}
defaultCiphersChaCha = []uint16{
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
}
defaultCiphersAESfirst = append(defaultCiphersAES, defaultCiphersChaCha...)
defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
)
// runHTTPs listens on the provided network address and then calls
// Serve to handle requests on incoming TLS connections.
//
// Filenames containing a certificate and matching private key for the server must
// be provided. If the certificate is signed by a certificate authority, the
// certFile should be the concatenation of the server's certificate followed by the
// CA's certificate.
func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
tlsConfig := &tls.Config{}
if tlsConfig.NextProtos == nil {
tlsConfig.NextProtos = []string{"h2", "http/1.1"}
}
if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
tlsConfig.MinVersion = version
}
if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
tlsConfig.MaxVersion = version
}
// Set curve preferences
tlsConfig.CurvePreferences = []tls.CurveID{
tls.X25519,
tls.CurveP256,
}
if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
tlsConfig.CurvePreferences = curves
}
// Set cipher suites
tlsConfig.CipherSuites = defaultCiphers()
if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
tlsConfig.CipherSuites = ciphers
}
tlsConfig.Certificates = make([]tls.Certificate, 1)
certPEMBlock, err := os.ReadFile(certFile)
if err != nil {
log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, network, listenAddr, err)
return err
}
keyPEMBlock, err := os.ReadFile(keyFile)
if err != nil {
log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, network, listenAddr, err)
return err
}
tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
if err != nil {
log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, network, listenAddr, err)
return err
}
return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
}
func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
}

82
cmd/web_letsencrypt.go
View file

@ -1,82 +0,0 @@
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package cmd
import (
"net/http"
"strconv"
"strings"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"github.com/caddyserver/certmagic"
context2 "github.com/gorilla/context"
)
func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
// Due to docker port mapping this can't be checked programatically
// TODO: these are placeholders until we add options for each in settings with appropriate warning
enableHTTPChallenge := true
enableTLSALPNChallenge := true
altHTTPPort := 0
altTLSALPNPort := 0
if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
altHTTPPort = p
}
if p, err := strconv.Atoi(setting.HTTPPort); err == nil {
altTLSALPNPort = p
}
magic := certmagic.NewDefault()
magic.Storage = &certmagic.FileStorage{Path: directory}
myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
Email: email,
Agreed: setting.LetsEncryptTOS,
DisableHTTPChallenge: !enableHTTPChallenge,
DisableTLSALPNChallenge: !enableTLSALPNChallenge,
ListenHost: setting.HTTPAddr,
AltTLSALPNPort: altTLSALPNPort,
AltHTTPPort: altHTTPPort,
})
magic.Issuers = []certmagic.Issuer{myACME}
// this obtains certificates or renews them if necessary
err := magic.ManageSync([]string{domain})
if err != nil {
return err
}
tlsConfig := magic.TLSConfig()
if enableHTTPChallenge {
go func() {
log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
if err != nil {
log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
}
}()
}
return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, context2.ClearHandler(m))
}
func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" && r.Method != "HEAD" {
http.Error(w, "Use HTTPS", http.StatusBadRequest)
return
}
// Remove the trailing slash at the end of setting.AppURL, the request
// URI always contains a leading slash, which would result in a double
// slash
target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
http.Redirect(w, r, target, http.StatusFound)
}

2
contrib/environment-to-ini/environment-to-ini.go
View file

@ -156,6 +156,7 @@ func runEnvironmentToIni(c *cli.Context) error {
destination = setting.CustomConf
}
if destination != setting.CustomConf || changed {
log.Info("Settings saved to: %q", destination)
err = cfg.SaveTo(destination)
if err != nil {
return err
@ -224,7 +225,6 @@ func DecodeSectionKey(encoded string) (string, string) {
if !inKey {
if splitter := strings.Index(remaining, "__"); splitter > -1 {
section += remaining[:splitter]
inKey = true
key += remaining[splitter+2:]
} else {
section += remaining

14
contrib/fhs-compliant-script/gitea
View file

@ -1,8 +1,8 @@
#!/bin/bash
########################################################################
# This script some defaults for gitea to run in a FHS compliant manner #
########################################################################
#############################################################################
# This script sets some defaults for gitea to run in a FHS compliant manner #
#############################################################################
# It assumes that you place this script as gitea in /usr/bin
#
@ -33,10 +33,8 @@ for i in "$@"; do
done
if [ -z "$APP_INI_SET" ]; then
CONF_ARG="-c \"$APP_INI\""
CONF_ARG=("-c" "${GITEA_APP_INI:-$APP_INI}")
fi
# Provide FHS compliant defaults to
GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" "$GITEA" $CONF_ARG "$@"
# Provide FHS compliant defaults
GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" exec -a "$0" "$GITEA" "${CONF_ARG[@]}" "$@"

10
contrib/fixtures/fixture_generation.go
View file

@ -6,11 +6,11 @@ package main
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/unittest"
)
// To generate derivative fixtures, execute the following from Gitea's repository base dir:
@ -31,11 +31,13 @@ var (
func main() {
pathToGiteaRoot := "."
fixturesDir = filepath.Join(pathToGiteaRoot, "models", "fixtures")
if err := models.CreateTestEngine(fixturesDir); err != nil {
if err := unittest.CreateTestEngine(unittest.FixturesOptions{
Dir: fixturesDir,
}); err != nil {
fmt.Printf("CreateTestEngine: %+v", err)
os.Exit(1)
}
if err := models.PrepareTestDatabase(); err != nil {
if err := unittest.PrepareTestDatabase(); err != nil {
fmt.Printf("PrepareTestDatabase: %+v\n", err)
os.Exit(1)
}
@ -64,7 +66,7 @@ func generate(name string) error {
return err
}
path := filepath.Join(fixturesDir, name+".yml")
if err := ioutil.WriteFile(path, []byte(data), 0644); err != nil {
if err := os.WriteFile(path, []byte(data), 0o644); err != nil {
return fmt.Errorf("%s: %+v", path, err)
}
fmt.Printf("%s created.\n", path)

2
contrib/gitea-monitoring-mixin/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
dashboards_out
vendor

31
contrib/gitea-monitoring-mixin/Makefile Normal file
View file

@ -0,0 +1,31 @@
JSONNET_FMT := jsonnetfmt -n 2 --max-blank-lines 1 --string-style s --comment-style s
.PHONY: all
all: build dashboards_out
vendor: jsonnetfile.json
jb install
.PHONY: build
build: vendor
.PHONY: fmt
fmt:
find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
xargs -n 1 -- $(JSONNET_FMT) -i
.PHONY: lint
lint: build
find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
while read f; do \
$(JSONNET_FMT) "$$f" | diff -u "$$f" -; \
done
mixtool lint mixin.libsonnet
dashboards_out: mixin.libsonnet config.libsonnet $(wildcard dashboards/*)
@mkdir -p dashboards_out
jsonnet -J vendor -m dashboards_out lib/dashboards.jsonnet
.PHONY: clean
clean:
rm -rf dashboards_out

33
contrib/gitea-monitoring-mixin/README.md Normal file
View file

@ -0,0 +1,33 @@
# Gitea Mixin
Gitea Mixin is a set of configurable Grafana dashboards based on the metrics exported by the Gitea built-in metrics endpoint.
## Generate config files
You can manually generate dashboards, but first you should install some tools:
```bash
go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
go install github.com/google/go-jsonnet/cmd/jsonnet@latest
# or in brew: brew install go-jsonnet
```
For linting and formatting, you would also need `mixtool` and `jsonnetfmt` installed. If you
have a working Go development environment, it's easiest to run the following:
```bash
go install github.com/monitoring-mixins/mixtool/cmd/mixtool@latest
go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
```
The files in `dashboards_out` need to be imported
into your Grafana server. The exact details will be depending on your environment.
Edit `config.libsonnet` if required and then build JSON dashboard files for Grafana:
```bash
make
```
For more advanced uses of mixins, see
https://github.com/monitoring-mixins/docs.

99
contrib/gitea-monitoring-mixin/config.libsonnet Normal file
View file

@ -0,0 +1,99 @@
{
_config+:: {
local c = self,
dashboardNamePrefix: 'Gitea',
dashboardTags: ['gitea'],
dashboardPeriod: 'now-1h',
dashboardTimezone: 'default',
dashboardRefresh: '1m',
// please see https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics
// Show issue by repository metrics with format gitea_issues_by_repository{repository="org/repo"} 5.
// Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_REPOSITORY set to true.
showIssuesByRepository: true,
// Show graphs for issue by label metrics with format gitea_issues_by_label{label="bug"} 2.
// Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_LABEL set to true.
showIssuesByLabel: true,
// Requires Gitea 1.16.0.
showIssuesOpenClose: true,
// add or remove metrics from dashboard
giteaStatMetrics:
[
{
name: 'gitea_organizations',
description: 'Organizations',
},
{
name: 'gitea_teams',
description: 'Teams',
},
{
name: 'gitea_users',
description: 'Users',
},
{
name: 'gitea_repositories',
description: 'Repositories',
},
{
name: 'gitea_milestones',
description: 'Milestones',
},
{
name: 'gitea_stars',
description: 'Stars',
},
{
name: 'gitea_releases',
description: 'Releases',
},
]
+
if c.showIssuesOpenClose then
[
{
name: 'gitea_issues_open',
description: 'Issues opened',
},
{
name: 'gitea_issues_closed',
description: 'Issues closed',
},
] else
[
{
name: 'gitea_issues',
description: 'Issues',
},
],
//set this for using label colors on graphs
issueLabels: [
{
label: 'bug',
color: '#ee0701',
},
{
label: 'duplicate',
color: '#cccccc',
},
{
label: 'invalid',
color: '#e6e6e6',
},
{
label: 'enhancement',
color: '#84b6eb',
},
{
label: 'help wanted',
color: '#128a0c',
},
{
label: 'question',
color: '#cc317c',
},
],
},
}

1
contrib/gitea-monitoring-mixin/dashboards/dashboards.libsonnet Normal file
View file

@ -0,0 +1 @@
(import 'overview.libsonnet')

461
contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet Normal file
View file

@ -0,0 +1,461 @@
local grafana = import 'github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet';
local prometheus = grafana.prometheus;
local addIssueLabelsOverrides(labels) =
{
fieldConfig+: {
overrides+: [
{
matcher: {
id: 'byRegexp',
options: label.label,
},
properties: [
{
id: 'color',
value: {
fixedColor: label.color,
mode: 'fixed',
},
},
],
}
for label in labels
],
},
};
{
grafanaDashboards+:: {
local giteaSelector = 'job="$job", instance="$instance"',
local giteaStatsPanel =
grafana.statPanel.new(
'Gitea stats',
datasource='$datasource',
reducerFunction='lastNotNull',
graphMode='none',
colorMode='value',
)
.addTargets(
[
prometheus.target(expr='%s{%s}' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=10)
for metric in $._config.giteaStatMetrics
]
)
+ {
fieldConfig+: {
defaults+: {
color: {
fixedColor: 'blue',
mode: 'fixed',
},
},
},
},
local giteaUptimePanel =
grafana.statPanel.new(
'Uptime',
datasource='$datasource',
reducerFunction='last',
graphMode='area',
colorMode='value',
)
.addTarget(prometheus.target(expr='time()-process_start_time_seconds{%s}' % giteaSelector, intervalFactor=1))
+ {
fieldConfig+: {
defaults+: {
color: {
fixedColor: 'blue',
mode: 'fixed',
},
unit: 's',
},
},
},
local giteaMemoryPanel =
grafana.graphPanel.new(
'Memory usage',
datasource='$datasource'
)
.addTarget(prometheus.target(expr='process_resident_memory_bytes{%s}' % giteaSelector, intervalFactor=2))
+ {
type: 'timeseries',
options+: {
tooltip: {
mode: 'multi',
},
legend+: {
displayMode: 'hidden',
},
},
fieldConfig+: {
defaults+: {
custom+: {
lineInterpolation: 'smooth',
fillOpacity: 15,
},
color: {
fixedColor: 'green',
mode: 'fixed',
},
unit: 'decbytes',
},
},
},
local giteaCpuPanel =
grafana.graphPanel.new(
'CPU usage',
datasource='$datasource'
)
.addTarget(prometheus.target(expr='rate(process_cpu_seconds_total{%s}[$__rate_interval])*100' % giteaSelector, intervalFactor=2))
+ {
type: 'timeseries',
options+: {
tooltip: {
mode: 'multi',
},
legend+: {
displayMode: 'hidden',
},
},
fieldConfig+: {
defaults+: {
custom+: {
lineInterpolation: 'smooth',
gradientMode: 'scheme',
fillOpacity: 15,
axisSoftMin: 0,
axisSoftMax: 0,
},
color: {
mode: 'continuous-GrYlRd', // from green to red (100%)
},
unit: 'percent',
},
overrides: [
{
matcher: {
id: 'byRegexp',
options: '.+',
},
properties: [
{
id: 'max',
value: 100,
},
{
id: 'min',
value: 0,
},
],
},
],
},
},
local giteaFileDescriptorsPanel =
grafana.graphPanel.new(
'File descriptors usage',
datasource='$datasource',
)
.addTarget(prometheus.target(expr='process_open_fds{%s}' % giteaSelector, intervalFactor=2))
.addTarget(prometheus.target(expr='process_max_fds{%s}' % giteaSelector, intervalFactor=2))
.addSeriesOverride(
{
alias: '/process_max_fds.+/',
color: '#F2495C', // red
dashes: true,
fill: 0,
},
)
+ {
type: 'timeseries',
options+: {
tooltip: {
mode: 'multi',
},
legend+: {
displayMode: 'hidden',
},
},
fieldConfig+: {
defaults+: {
custom+: {
lineInterpolation: 'smooth',
gradientMode: 'scheme',
fillOpacity: 0,
},
color: {
fixedColor: 'green',
mode: 'fixed',
},
unit: '',
},
overrides: [
{
matcher: {
id: 'byFrameRefID',
options: 'B',
},
properties: [
{
id: 'custom.lineStyle',
value: {
fill: 'dash',
dash: [
10,
10,
],
},
},
{
id: 'color',
value: {
mode: 'fixed',
fixedColor: 'red',
},
},
],
},
],
},
},
local giteaChangesPanelPrototype =
grafana.graphPanel.new(
'',
datasource='$datasource',
interval='$agg_interval',
maxDataPoints=10000,
)
+ {
type: 'timeseries',
options+: {
tooltip: {
mode: 'multi',
},
legend+: {
calcs+: [
'sum',
],
},
},
fieldConfig+: {
defaults+: {
noValue: '0',
custom+: {
drawStyle: 'bars',
barAlignment: -1,
fillOpacity: 50,
gradientMode: 'hue',
pointSize: 1,
lineWidth: 0,
stacking: {
group: 'A',
mode: 'normal',
},
},
},
},
},
local giteaChangesPanelAll =
giteaChangesPanelPrototype
.addTarget(prometheus.target(expr='changes(process_start_time_seconds{%s}[$__interval]) > 0' % [giteaSelector], legendFormat='Restarts', intervalFactor=1))
.addTargets(
[
prometheus.target(expr='floor(delta(%s{%s}[$__interval])) > 0' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=1)
for metric in $._config.giteaStatMetrics
]
) + { id: 200 }, // some unique number, beyond the maximum number of panels in the dashboard,
local giteaChangesPanelTotal =
grafana.statPanel.new(
'Changes',
datasource='-- Dashboard --',
reducerFunction='sum',
graphMode='none',
textMode='value_and_name',
colorMode='value',
)
+ {
targets+: [
{
panelId: giteaChangesPanelAll.id,
refId: 'A',
},
],
}
+ {
fieldConfig+: {
defaults+: {
color: {
mode: 'palette-classic',
},
},
},
},
local giteaChangesByRepositories =
giteaChangesPanelPrototype
.addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_repository{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ repository }}', intervalFactor=1))
+ { id: 210 }, // some unique number, beyond the maximum number of panels in the dashboard,
local giteaChangesByRepositoriesTotal =
grafana.statPanel.new(
'Issues by repository',
datasource='-- Dashboard --',
reducerFunction='sum',
graphMode='none',
textMode='value_and_name',
colorMode='value',
)
+ {
id: 211,
targets+: [
{
panelId: giteaChangesByRepositories.id,
refId: 'A',
},
],
}
+ {
fieldConfig+: {
defaults+: {
color: {
mode: 'palette-classic',
},
},
},
},
local giteaChangesByLabel =
giteaChangesPanelPrototype
.addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_label{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ label }}', intervalFactor=1))
+ addIssueLabelsOverrides($._config.issueLabels)
+ { id: 220 }, // some unique number, beyond the maximum number of panels in the dashboard,
local giteaChangesByLabelTotal =
grafana.statPanel.new(
'Issues by labels',
datasource='-- Dashboard --',
reducerFunction='sum',
graphMode='none',
textMode='value_and_name',
colorMode='value',
)
+ addIssueLabelsOverrides($._config.issueLabels)
+ {
id: 221,
targets+: [
{
panelId: giteaChangesByLabel.id,
refId: 'A',
},
],
}
+ {
fieldConfig+: {
defaults+: {
color: {
mode: 'palette-classic',
},
},
},
},
'gitea-overview.json':
grafana.dashboard.new(
'%s Overview' % $._config.dashboardNamePrefix,
time_from='%s' % $._config.dashboardPeriod,
editable=false,
tags=($._config.dashboardTags),
timezone='%s' % $._config.dashboardTimezone,
refresh='%s' % $._config.dashboardRefresh,
graphTooltip='shared_crosshair',
uid='gitea-overview'
)
.addTemplate(
{
current: {
text: 'Prometheus',
value: 'Prometheus',
},
hide: 0,
label: 'Data Source',
name: 'datasource',
options: [],
query: 'prometheus',
refresh: 1,
regex: '',
type: 'datasource',
},
)
.addTemplate(
{
hide: 0,
label: null,
name: 'job',
options: [],
query: 'label_values(gitea_organizations, job)',
refresh: 1,
regex: '',
type: 'query',
},
)
.addTemplate(
{
hide: 0,
label: null,
name: 'instance',
options: [],
query: 'label_values(gitea_organizations{job="$job"}, instance)',
refresh: 1,
regex: '',
type: 'query',
},
)
.addTemplate(
{
hide: 0,
label: 'aggregation interval',
name: 'agg_interval',
auto_min: '1m',
auto: true,
query: '1m,10m,1h,1d,7d',
type: 'interval',
},
)
.addPanel(grafana.row.new(title='General'), gridPos={ x: 0, y: 0, w: 0, h: 0 },)
.addPanel(giteaStatsPanel, gridPos={ x: 0, y: 0, w: 16, h: 4 })
.addPanel(giteaUptimePanel, gridPos={ x: 16, y: 0, w: 8, h: 4 })
.addPanel(giteaMemoryPanel, gridPos={ x: 0, y: 4, w: 8, h: 6 })
.addPanel(giteaCpuPanel, gridPos={ x: 8, y: 4, w: 8, h: 6 })
.addPanel(giteaFileDescriptorsPanel, gridPos={ x: 16, y: 4, w: 8, h: 6 })
.addPanel(grafana.row.new(title='Changes', collapse=false), gridPos={ x: 0, y: 10, w: 24, h: 8 })
.addPanel(giteaChangesPanelTotal, gridPos={ x: 0, y: 12, w: 6, h: 8 })
+ // use patching instead of .addPanel() to keep static ids
{
panels+: std.flattenArrays([
[
giteaChangesPanelAll { gridPos: { x: 6, y: 12, w: 18, h: 8 } },
],
if $._config.showIssuesByRepository then
[
giteaChangesByRepositoriesTotal { gridPos: { x: 0, y: 20, w: 6, h: 8 } },
giteaChangesByRepositories { gridPos: { x: 6, y: 20, w: 18, h: 8 } },
] else [],
if $._config.showIssuesByLabel then
[
giteaChangesByLabelTotal { gridPos: { x: 0, y: 28, w: 6, h: 8 } },
giteaChangesByLabel { gridPos: { x: 6, y: 28, w: 18, h: 8 } },
] else [],
]),
},
},
}

15
contrib/gitea-monitoring-mixin/jsonnetfile.json Normal file
View file

@ -0,0 +1,15 @@
{
"version": 1,
"dependencies": [
{
"source": {
"git": {
"remote": "https://github.com/grafana/grafonnet-lib.git",
"subdir": "grafonnet"
}
},
"version": "master"
}
],
"legacyImports": false
}

16
contrib/gitea-monitoring-mixin/jsonnetfile.lock.json Normal file
View file

@ -0,0 +1,16 @@
{
"version": 1,
"dependencies": [
{
"source": {
"git": {
"remote": "https://github.com/grafana/grafonnet-lib.git",
"subdir": "grafonnet"
}
},
"version": "3626fc4dc2326931c530861ac5bebe39444f6cbf",
"sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
}
],
"legacyImports": false
}

1
contrib/gitea-monitoring-mixin/lib/alerts.jsonnet Normal file
View file

@ -0,0 +1 @@
std.manifestYamlDoc((import '../mixin.libsonnet').prometheusAlerts)

6
contrib/gitea-monitoring-mixin/lib/dashboards.jsonnet Normal file
View file

@ -0,0 +1,6 @@
local dashboards = (import '../mixin.libsonnet').grafanaDashboards;
{
[name]: dashboards[name]
for name in std.objectFields(dashboards)
}

1
contrib/gitea-monitoring-mixin/lib/rules.jsonnet Normal file
View file

@ -0,0 +1 @@
std.manifestYamlDoc((import '../mixin.libsonnet').prometheusRules)

2
contrib/gitea-monitoring-mixin/mixin.libsonnet Normal file
View file

@ -0,0 +1,2 @@
(import 'dashboards/dashboards.libsonnet') +
(import 'config.libsonnet')

12
contrib/ide/vscode/launch.json
View file

@ -7,10 +7,10 @@
"request": "launch",
"mode": "debug",
"buildFlags": "",
"port": 2345,
"host": "127.0.0.1",
"program": "${workspaceRoot}/main.go",
"env": {},
"env": {
"GITEA_WORK_DIR": "${workspaceRoot}",
},
"args": ["web"],
"showLog": true
},
@ -20,10 +20,10 @@
"request": "launch",
"mode": "debug",
"buildFlags": "-tags='sqlite sqlite_unlock_notify'",
"port": 2345,
"host": "127.0.0.1",
"program": "${workspaceRoot}/main.go",
"env": {},
"env": {
"GITEA_WORK_DIR": "${workspaceRoot}",
},
"args": ["web"],
"showLog": true
}

43
contrib/pr/checkout.go
View file

@ -12,7 +12,6 @@ import (
"context"
"flag"
"fmt"
"io/ioutil"
"log"
"net/http"
"net/url"
@ -26,6 +25,8 @@ import (
"time"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/unittest"
gitea_git "code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/markup"
"code.gitea.io/gitea/modules/markup/external"
@ -36,7 +37,6 @@ import (
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/config"
"github.com/go-git/go-git/v5/plumbing"
context2 "github.com/gorilla/context"
"xorm.io/xorm"
)
@ -49,13 +49,13 @@ func runPR() {
log.Fatal(err)
}
setting.SetCustomPathAndConf("", "", "")
setting.NewContext()
setting.LoadAllowEmpty()
setting.RepoRootPath, err = ioutil.TempDir(os.TempDir(), "repos")
setting.RepoRootPath, err = os.MkdirTemp(os.TempDir(), "repos")
if err != nil {
log.Fatalf("TempDir: %v\n", err)
}
setting.AppDataPath, err = ioutil.TempDir(os.TempDir(), "appdata")
setting.AppDataPath, err = os.MkdirTemp(os.TempDir(), "appdata")
if err != nil {
log.Fatalf("TempDir: %v\n", err)
}
@ -87,27 +87,29 @@ func runPR() {
setting.Database.Path = ":memory:"
setting.Database.Timeout = 500
*/
db := setting.Cfg.Section("database")
db.NewKey("DB_TYPE", "sqlite3")
db.NewKey("PATH", ":memory:")
dbCfg := setting.Cfg.Section("database")
dbCfg.NewKey("DB_TYPE", "sqlite3")
dbCfg.NewKey("PATH", ":memory:")
routers.NewServices()
routers.InitGitServices()
setting.Database.LogSQL = true
// x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
models.NewEngine(context.Background(), func(_ *xorm.Engine) error {
db.InitEngineWithMigration(context.Background(), func(_ *xorm.Engine) error {
return nil
})
models.HasEngine = true
db.HasEngine = true
// x.ShowSQL(true)
err = models.InitFixtures(
path.Join(curDir, "models/fixtures/"),
err = unittest.InitFixtures(
unittest.FixturesOptions{
Dir: path.Join(curDir, "models/fixtures/"),
},
)
if err != nil {
fmt.Printf("Error initializing test database: %v\n", err)
os.Exit(1)
}
models.LoadFixtures()
unittest.LoadFixtures()
util.RemoveAll(setting.RepoRootPath)
util.RemoveAll(models.LocalCopyPath())
util.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
@ -136,7 +138,7 @@ func runPR() {
*/
// Start the server
http.ListenAndServe(":8080", context2.ClearHandler(c))
http.ListenAndServe(":8080", c)
log.Printf("[PR] Cleaning up ...\n")
/*
@ -158,7 +160,7 @@ func runPR() {
}
func main() {
var runPRFlag = flag.Bool("run", false, "Run the PR code")
runPRFlag := flag.Bool("run", false, "Run the PR code")
flag.Parse()
if *runPRFlag {
runPR()
@ -180,7 +182,7 @@ func main() {
codeFilePath = filepath.FromSlash(codeFilePath) // Convert to running OS
// Copy this file if it will not exist in the PR branch
dat, err := ioutil.ReadFile(codeFilePath)
dat, err := os.ReadFile(codeFilePath)
if err != nil {
log.Fatalf("Failed to cache this code file : %v", err)
}
@ -213,7 +215,7 @@ func main() {
// Use git cli command for windows
runCmd("git", "fetch", remoteUpstream, fmt.Sprintf("pull/%s/head:%s", pr, branch))
} else {
ref := fmt.Sprintf("refs/pull/%s/head:%s", pr, branchRef)
ref := fmt.Sprintf("%s%s/head:%s", gitea_git.PullPrefix, pr, branchRef)
err = repo.Fetch(&git.FetchOptions{
RemoteName: remoteUpstream,
RefSpecs: []config.RefSpec{
@ -240,11 +242,11 @@ func main() {
// Copy this file if not exist
if _, err := os.Stat(codeFilePath); os.IsNotExist(err) {
err = os.MkdirAll(filepath.Dir(codeFilePath), 0755)
err = os.MkdirAll(filepath.Dir(codeFilePath), 0o755)
if err != nil {
log.Fatalf("Failed to duplicate this code file in PR : %v", err)
}
err = ioutil.WriteFile(codeFilePath, dat, 0644)
err = os.WriteFile(codeFilePath, dat, 0o644)
if err != nil {
log.Fatalf("Failed to duplicate this code file in PR : %v", err)
}
@ -254,6 +256,7 @@ func main() {
// Start with integration test
runCmd("go", "run", "-mod", "vendor", "-tags", "sqlite sqlite_unlock_notify", codeFilePath, "-run")
}
func runCmd(cmd ...string) {
log.Printf("Executing : %s ...\n", cmd)
c := exec.Command(cmd[0], cmd[1:]...)

8
contrib/update_dependencies.sh Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env bash
grep 'git' go.mod | grep '\.com' | grep -v indirect | grep -v replace | cut -f 2 | cut -d ' ' -f 1 | while read line; do
go get -u "$line"
make vendor
git add .
git commit -S -m "update $line"
done

83
contrib/upgrade.sh Executable file
View file

@ -0,0 +1,83 @@
#!/usr/bin/env bash
set -euo pipefail
# This is an update script for gitea installed via the binary distribution
# from dl.gitea.io on linux as systemd service. It performs a backup and updates
# Gitea in place.
# NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring.
# Depends on: bash, curl, xz, sha256sum, gpg. optionally jq.
# Usage: [environment vars] upgrade.sh [version]
# See section below for available environment vars.
# When no version is specified, updates to the latest release.
# Examples:
# upgrade.sh 1.15.10
# giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh
# apply variables from environment
: "${giteabin:="/usr/local/bin/gitea"}"
: "${giteahome:="/var/lib/gitea"}"
: "${giteaconf:="/etc/gitea/app.ini"}"
: "${giteauser:="git"}"
: "${sudocmd:="sudo"}"
: "${arch:="linux-amd64"}"
: "${backupopts:=""}" # see `gitea dump --help` for available options
function giteacmd {
"$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
}
function require {
for exe in "$@"; do
command -v "$exe" &>/dev/null || (echo "missing dependency '$exe'"; exit 1)
done
}
require systemctl curl xz sha256sum gpg "$sudocmd"
# select version to install
if [[ -z "${1:-}" ]]; then
require jq
giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.io/gitea/version.json | jq -r .latest.version)
else
giteaversion="$1"
fi
# confirm update
current=$(giteacmd --version | cut --delimiter=' ' --fields=3)
[[ "$current" == "$giteaversion" ]] && echo "$current is already installed, stopping." && exit 1
echo "Make sure to read the changelog first: https://github.com/go-gitea/gitea/blob/main/CHANGELOG.md"
echo "Are you ready to update Gitea from ${current} to ${giteaversion}? (y/N)"
read -r confirm
[[ "$confirm" == "y" ]] || [[ "$confirm" == "Y" ]] || exit 1
pushd "$(pwd)" &>/dev/null
cd "$giteahome" # needed for gitea dump later
# download new binary
binname="gitea-${giteaversion}-${arch}"
binurl="https://dl.gitea.io/gitea/${giteaversion}/${binname}.xz"
echo "Downloading $binurl..."
curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}"
# validate checksum & gpg signature (exit script if error)
sha256sum --check "${binname}.xz.sha256"
gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
gpg --verify "${binname}.xz.asc" "${binname}.xz" || { echo 'Signature does not match'; exit 1; }
rm "${binname}".xz.{sha256,asc}
# unpack binary + make executable
xz --decompress "${binname}.xz"
chown "$giteauser" "$binname"
chmod +x "$binname"
# stop gitea, create backup, replace binary, restart gitea
echo "Stopping gitea at $(date)"
giteacmd manager flush-queues
$sudocmd systemctl stop gitea
echo "Creating backup in $giteahome"
giteacmd dump $backupopts
echo "Updating binary at $giteabin"
mv --force --backup "$binname" "$giteabin"
$sudocmd systemctl start gitea
$sudocmd systemctl status gitea
popd

229
custom/conf/app.example.ini
View file

@ -51,6 +51,16 @@ RUN_MODE = ; prod
;REDIRECT_OTHER_PORT = false
;PORT_TO_REDIRECT = 80
;;
;; Minimum and maximum supported TLS versions
;SSL_MIN_VERSION=TLSv1.2
;SSL_MAX_VERSION=
;;
;; SSL Curve Preferences
;SSL_CURVE_PREFERENCES=X25519,P256
;;
;; SSL Cipher Suites
;SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first.
;;
;; Timeout for any write to the connection. (Set to 0 to disable all timeouts.)
;PER_WRITE_TIMEOUT = 30s
;;
@ -72,12 +82,15 @@ RUN_MODE = ; prod
;; Whether to use the builtin SSH server or not.
;START_SSH_SERVER = false
;;
;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
;BUILTIN_SSH_SERVER_USER =
;; Username to use for the builtin SSH server.
;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
;;
;; Domain name to be exposed in clone URL
;SSH_DOMAIN = %(DOMAIN)s
;;
;; SSH username displayed in clone URLs.
;SSH_USER = %(BUILTIN_SSH_SERVER_USER)s
;;
;; The network interface the builtin SSH server should listen on
;SSH_LISTEN_HOST =
;;
@ -100,15 +113,15 @@ RUN_MODE = ; prod
;;
;; For the built-in SSH server, choose the ciphers to support for SSH connections,
;; for system SSH this setting has no effect
;SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
;SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
;;
;; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
;; for system SSH this setting has no effect
;SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
;SSH_SERVER_KEY_EXCHANGES = curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha1
;;
;; For the built-in SSH server, choose the MACs to support for SSH connections,
;; for system SSH this setting has no effect
;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
;;
;; For the built-in SSH server, choose the keypair to offer as the host key
;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
@ -165,6 +178,36 @@ RUN_MODE = ; prod
;OFFLINE_MODE = false
;DISABLE_ROUTER_LOG = false
;;
;; TLS Settings: Either ACME or manual
;; (Other common TLS configuration are found before)
;ENABLE_ACME = false
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; ACME automatic TLS settings
;;
;; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory)
;; Leave empty to default to LetsEncrypt's (production) URL
;ACME_URL =
;;
;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
;ACME_ACCEPTTOS = false
;;
;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
;ACME_CA_ROOT =
;;
;; Email used for the ACME registration service
;; Can be left blank to initialize at first run and use the cached value
;ACME_EMAIL =
;;
;; ACME live directory (not to be confused with ACME directory URL: ACME_URL)
;; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic)
;ACME_DIRECTORY = https
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Manual TLS settings: (Only applicable if ENABLE_ACME=false)
;;
;; Generate steps:
;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
;;
@ -201,8 +244,6 @@ RUN_MODE = ; prod
;; Enables git-lfs support. true or false, default is false.
;LFS_START_SERVER = false
;;
;; Where your lfs files reside, default is data/lfs.
;LFS_CONTENT_PATH = data/lfs
;;
;; LFS authentication secret, change this yourself
LFS_JWT_SECRET =
@ -378,6 +419,10 @@ INTERNAL_TOKEN=
;;
;; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
;PASSWORD_CHECK_PWN = false
;;
;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -388,7 +433,7 @@ INTERNAL_TOKEN=
;; Enables OAuth2 provider
ENABLE = true
;;
;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512
;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
;JWT_SIGNING_ALGORITHM = RS256
;;
;; Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH.
@ -421,9 +466,10 @@ ENABLE = true
;; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
;; Two Factor authentication with security keys
;; https://developers.yubico.com/U2F/App_ID.html
;;
;; DEPRECATED - this only applies to previously registered security keys using the U2F standard
APP_ID = ; e.g. http://localhost:3000/
;; Comma separated list of trusted facets
TRUSTED_FACETS = ; e.g. http://localhost:3000/
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -440,26 +486,35 @@ TRUSTED_FACETS = ; e.g. http://localhost:3000/
;; Use comma to separate multiple modes, e.g. "console, file"
MODE = console
;;
;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical" or "None", default is "Info"
LEVEL = Info
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Router Logger
;;
;; Switch off the router log
;DISABLE_ROUTER_LOG= ; false
;DISABLE_ROUTER_LOG=false
;;
;; Set the log "modes" for the router log (if file is set the log file will default to router.log)
ROUTER = console
;;
;; The level at which the router logs
;ROUTER_LOG_LEVEL = Info
;; The router will log different things at different levels.
;;
;; * started messages will be logged at TRACE level
;; * polling/completed routers will be logged at INFO
;; * slow routers will be logged at WARN
;; * failed routers will be logged at WARN
;;
;; The routing level will default to that of the system but individual router level can be set in
;; [log.<mode>.router] LEVEL
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Access Logger (Creates log in NCSA common log format)
;;
;ENABLE_ACCESS_LOG = false
;;
;; Set the log "modes" for the access log (if file is set the log file will default to access.log)
;ACCESS = file
;;
@ -573,6 +628,13 @@ PATH =
;;
;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
;PULL_REQUEST_PUSH_MESSAGE = true
;;
;; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.)
;LARGE_OBJECT_THRESHOLD = 1048576
;; Set to true to forcibly set core.protectNTFS=false
;DISABLE_CORE_PROTECT_NTFS=false
;; Disable the usage of using partial clones for git.
;DISABLE_PARTIAL_CLONE = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -649,6 +711,9 @@ PATH =
;; Default value for AllowCreateOrganization
;; Every new user will have rights set to create organizations depending on this setting
;DEFAULT_ALLOW_CREATE_ORGANIZATION = true
;; Default value for IsRestricted
;; Every new user will have restricted permissions depending on this setting
;DEFAULT_USER_IS_RESTRICTED = false
;;
;; Either "public", "limited" or "private", default is "public"
;; Limited is for users visible only to signed users
@ -656,6 +721,9 @@ PATH =
;; Public is for users visible for everyone
;DEFAULT_USER_VISIBILITY = public
;;
;; Set which visibility modes a user can have
;ALLOWED_USER_VISIBILITY_MODES = public,limited,private
;;
;; Either "public", "limited" or "private", default is "public"
;; Limited is for organizations visible only to signed users
;; Private is for organizations visible only to members of the organization
@ -754,18 +822,18 @@ PATH =
;; Global limit of repositories per user, applied at creation time. -1 means no limit
;MAX_CREATION_LIMIT = -1
;;
;; Mirror sync queue length, increase if mirror syncing starts hanging
;; Mirror sync queue length, increase if mirror syncing starts hanging (DEPRECATED: please use [queue.mirror] LENGTH instead)
;MIRROR_QUEUE_LENGTH = 1000
;;
;; Patch test queue length, increase if pull request patch testing starts hanging
;; Patch test queue length, increase if pull request patch testing starts hanging (DEPRECATED: please use [queue.pr_patch_checker] LENGTH instead)
;PULL_REQUEST_QUEUE_LENGTH = 1000
;;
;; Preferred Licenses to place at the top of the List
;; The name here must match the filename in conf/license or custom/conf/license
;; The name here must match the filename in options/license or custom/options/license
;PREFERRED_LICENSES = Apache License 2.0,MIT License
;;
;; Disable the ability to interact with repositories using the HTTP protocol
;;DISABLE_HTTP_GIT = false
;DISABLE_HTTP_GIT = false
;;
;; Value for Access-Control-Allow-Origin header, default is not to present
;; WARNING: This may be harmful to your website if you do not give it a right value.
@ -787,9 +855,6 @@ PATH =
;; Prefix archive files by placing them in a directory named after the repository
;PREFIX_ARCHIVE_FILES = true
;;
;; Disable the creation of new mirrors. Pre-existing mirrors remain valid.
;DISABLE_MIRRORS = false
;;
;; Disable migrating feature.
;DISABLE_MIGRATIONS = false
;;
@ -878,6 +943,9 @@ PATH =
;;
;; In default merge messages only include approvers who are official
;DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = true
;;
;; Add co-authored-by and co-committed-by trailers if committer does not match author
;ADD_CO_COMMITTER_TRAILERS = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -894,6 +962,7 @@ PATH =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
;ALLOWED_TYPES =
;DEFAULT_PAGING_NUM = 10
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -984,6 +1053,9 @@ PATH =
;;
;; allow request with credentials
;ALLOW_CREDENTIALS = false
;;
;; set X-FRAME-OPTIONS header
;X_FRAME_OPTIONS = SAMEORIGIN
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1021,16 +1093,21 @@ PATH =
;SHOW_USER_EMAIL = true
;;
;; Set the default theme for the Gitea install
;DEFAULT_THEME = gitea
;DEFAULT_THEME = auto
;;
;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
;THEMES = gitea,arc-green
;THEMES = auto,gitea,arc-green
;;
;; All available reactions users can choose on issues/prs and comments.
;; Values can be emoji alias (:smile:) or a unicode emoji.
;;For custom reactions, add a tightly cropped square image to public/emoji/img/reaction_name.png
;; For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png
;REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
;;
;; Additional Emojis not defined in the utf8 standard
;; By default we support gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and add it to this config.
;; Dont mistake it for Reactions.
;CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs
;;
;; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
;DEFAULT_SHOW_FULL_NAME = false
;;
@ -1375,6 +1452,13 @@ PATH =
;; Deliver timeout in seconds
;DELIVER_TIMEOUT = 5
;;
;; Webhook can only call allowed hosts for security reasons. Comma separated list, eg: external, 192.168.1.0/24, *.mydomain.com
;; Built-in: loopback (for localhost), private (for LAN/intranet), external (for public hosts on internet), * (for all hosts)
;; CIDR list: 1.2.3.0/8, 2001:db8::/32
;; Wildcard hosts: *.mydomain.com, 192.168.100.*
;; Since 1.15.7. Default to * for 1.15.x, external for 1.16 and later
;ALLOWED_HOST_LIST = external
;;
;; Allow insecure certification
;SKIP_TLS_VERIFY = false
;;
@ -1429,6 +1513,9 @@ PATH =
;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
;FROM =
;;
;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
;ENVELOPE_FROM =
;;
;; Mailer user name and password
;; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
;USER =
@ -1450,6 +1537,9 @@ PATH =
;;
;; Timeout for Sendmail
;SENDMAIL_TIMEOUT = 5m
;;
;; convert \r\n to \n for Sendmail
;SENDMAIL_CONVERT_CRLF = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1460,7 +1550,7 @@ PATH =
;; if the cache enabled
;ENABLED = true
;;
;; Either "memory", "redis", or "memcache", default is "memory"
;; Either "memory", "redis", "memcache", or "twoqueue". default is "memory"
;ADAPTER = memory
;;
;; For "memory" only, GC interval in seconds, default is 60
@ -1469,6 +1559,7 @@ PATH =
;; For "redis" and "memcache", connection host address
;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
;; memcache: `127.0.0.1:11211`
;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
;HOST =
;;
;; Time to keep items in cache if not used, default is 16 hours.
@ -1542,6 +1633,10 @@ PATH =
;AVATAR_MAX_WIDTH = 4096
;AVATAR_MAX_HEIGHT = 3072
;;
;; The multiplication factor for rendered avatar images.
;; Larger values result in finer rendering on HiDPI devices.
;AVATAR_RENDERED_SIZE_FACTOR = 3
;;
;; Maximum allowed file size for uploaded avatars.
;; This is to limit the amount of RAM used when resizing the image.
;AVATAR_MAX_FILE_SIZE = 1048576
@ -1568,7 +1663,7 @@ PATH =
;ENABLED = true
;;
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
;ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
;ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.mp4,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
;;
;; Max size of each file. Defaults to 4MB
;MAX_SIZE = 4
@ -1659,7 +1754,7 @@ PATH =
;; Notice if not success
;NO_SUCCESS_NOTICE = false
;; Time interval for job to run
;SCHEDULE = @every 24h
;SCHEDULE = @midnight
;; Archives created more than OLDER_THAN ago are subject to deletion
;OLDER_THAN = 24h
@ -1677,6 +1772,12 @@ PATH =
;RUN_AT_START = false
;; Notice if not success
;NO_SUCCESS_NOTICE = true
;; Limit the number of mirrors added to the queue to this number
;; (negative values mean no limit, 0 will result in no result in no mirrors being queued effectively disabling pull mirror updating.)
;PULL_LIMIT=50
;; Limit the number of mirrors added to the queue to this number
;; (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating)
;PUSH_LIMIT=50
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1685,7 +1786,7 @@ PATH =
;[cron.repo_health_check]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;SCHEDULE = @every 24h
;SCHEDULE = @midnight
;; Enable running Repository health check task periodically.
;ENABLED = true
;; Run Repository health check task when Gitea starts.
@ -1710,7 +1811,7 @@ PATH =
;RUN_AT_START = true
;; Notice if not success
;NO_SUCCESS_NOTICE = false
;SCHEDULE = @every 24h
;SCHEDULE = @midnight
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1724,7 +1825,7 @@ PATH =
;; Notice if not success
;NO_SUCCESS_NOTICE = false
;; Interval as a duration between each synchronization. (default every 24h)
;SCHEDULE = @every 24h
;SCHEDULE = @midnight
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1739,7 +1840,7 @@ PATH =
;; Notice if not success
;NO_SUCCESS_NOTICE = false
;; Interval as a duration between each synchronization (default every 24h)
;SCHEDULE = @every 24h
;SCHEDULE = @midnight
;; Create new users, update existing user data and disable users that are not in external source anymore (default)
;; or only create new users if UPDATE_EXISTING is set to false
;UPDATE_EXISTING = true
@ -1757,7 +1858,7 @@ PATH =
;; Notice if not success
;NO_SUCCESS_NOTICE = false
;; Interval as a duration between each synchronization (default every 24h)
;SCHEDULE = @every 24h
;SCHEDULE = @midnight
;; deleted branches than OLDER_THAN ago are subject to deletion
;OLDER_THAN = 24h
@ -1773,7 +1874,7 @@ PATH =
;; Whether to always run at start up time (if ENABLED)
;RUN_AT_START = false
;; Time interval for job to run
;SCHEDULE = @every 24h
;SCHEDULE = @midnight
;; OlderThan or PerWebhook. How the records are removed, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
;CLEANUP_TYPE = OlderThan
;; If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
@ -1863,7 +1964,7 @@ PATH =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
;NO_SUCCESS_NOTICE = f;alse
;NO_SUCCESS_NOTICE = false
;SCHEDULE = @every 72h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1887,7 +1988,7 @@ PATH =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
;NO_SUCCESS_NOTICE = f;alse
;NO_SUCCESS_NOTICE = false
;SCHEDULE = @every 72h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1903,6 +2004,19 @@ PATH =
;SCHEDULE = @every 168h
;OLDER_THAN = 8760h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Check for new Gitea versions
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.update_checker]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
;ENABLE_SUCCESS_NOTICE = false
;SCHEDULE = @every 168h
;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Git Operation timeout in seconds
@ -1922,6 +2036,12 @@ PATH =
;[mirror]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Enables the mirror functionality. Set to **false** to disable all mirrors.
;ENABLED = true
;; Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
;DISABLE_NEW_PULL = false
;; Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
;DISABLE_NEW_PUSH = false
;; Default interval as a duration between each check
;DEFAULT_INTERVAL = 8h
;; Min interval as a duration must be > 1m
@ -1948,8 +2068,8 @@ PATH =
;[i18n]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
;NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
;NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1970,6 +2090,15 @@ PATH =
;; Show template execution time in the footer
;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[markup]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
;MERMAID_MAX_SOURCE_CHARACTERS = 5000
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[markup.sanitizer.1]
@ -2006,6 +2135,10 @@ PATH =
;ENABLED = false
;; If you want to add authorization, specify a token here
;TOKEN =
;; Enable issue by label metrics; default is false
;ENABLED_ISSUE_BY_LABEL = false
;; Enable issue by repository metrics; default is false
;ENABLED_ISSUE_BY_REPOSITORY = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2040,12 +2173,21 @@ PATH =
;ALLOWED_DOMAINS =
;;
;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
;; When ALLOWED_DOMAINS is not blank, this option will be ignored.
;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
;BLOCKED_DOMAINS =
;;
;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
;ALLOW_LOCALNETWORKS = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[federation]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Enable/Disable federation capabilities
; ENABLED = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; default storage for attachments, lfs and avatars
@ -2072,6 +2214,9 @@ PATH =
;;
;[lfs]
;STORAGE_TYPE = local
;;
;; Where your lfs files reside, default is data/lfs.
;PATH = data/lfs
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2096,3 +2241,11 @@ PATH =
;;
;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
;MINIO_USE_SSL = false
;[proxy]
;; Enable the proxy, all requests to external via HTTP will be affected
;PROXY_ENABLED = false
;; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy/no_proxy
;PROXY_URL =
;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
;PROXY_HOSTS =

7
docker/manifest.rootless.tmpl
View file

@ -1,18 +1,19 @@
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-rootless
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
{{#if build.tags}}
tags:
{{#each build.tags}}
- {{this}}-rootless
{{/each}}
- "latest-rootless"
{{/if}}
manifests:
-
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64-rootless
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64-rootless
platform:
architecture: amd64
os: linux
-
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-rootless
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64-rootless
platform:
architecture: arm64
os: linux

7
docker/manifest.tmpl
View file

@ -1,18 +1,19 @@
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
- {{this}}
{{/each}}
- "latest"
{{/if}}
manifests:
-
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64
platform:
architecture: amd64
os: linux
-
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64
platform:
architecture: arm64
os: linux

2
docker/root/etc/s6/gitea/run
View file

@ -2,5 +2,5 @@
[[ -f ./setup ]] && source ./setup
pushd /app/gitea >/dev/null
exec su-exec $USER /app/gitea/gitea web
exec su-exec $USER /usr/local/bin/gitea web
popd

2
docker/root/etc/s6/gitea/setup
View file

@ -23,7 +23,7 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
INSTALL_LOCK=true
fi
# Substitude the environment variables in the template
# Substitute the environment variables in the template
APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
RUN_MODE=${RUN_MODE:-"prod"} \
DOMAIN=${DOMAIN:-"localhost"} \

4
docker/root/etc/templates/app.ini
View file

@ -20,7 +20,6 @@ DISABLE_SSH = $DISABLE_SSH
SSH_PORT = $SSH_PORT
SSH_LISTEN_PORT = $SSH_LISTEN_PORT
LFS_START_SERVER = $LFS_START_SERVER
LFS_CONTENT_PATH = /data/git/lfs
[database]
PATH = /data/gitea/gitea.db
@ -59,3 +58,6 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
[service]
DISABLE_REGISTRATION = $DISABLE_REGISTRATION
REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW
[lfs]
PATH = /data/git/lfs

6
docker/root/usr/bin/entrypoint
View file

@ -1,5 +1,11 @@
#!/bin/sh
# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
if [ ! -x /bin/sh ]; then
echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
exit 1;
fi
if [ "${USER}" != "git" ]; then
# rename user
sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd

17
docker/root/usr/local/bin/gitea Normal file
View file

@ -0,0 +1,17 @@
#!/bin/bash
###############################################################
# This script sets defaults for gitea to run in the container #
###############################################################
# It assumes that you place this script as gitea in /usr/local/bin
#
# And place the original in /usr/lib/gitea with working files in /data/gitea
GITEA="/app/gitea/gitea"
WORK_DIR="/app/gitea"
CUSTOM_PATH="/data/gitea"
# Provide docker defaults
GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" GITEA_CUSTOM="${GITEA_CUSTOM:-$CUSTOM_PATH}" exec -a "$0" "$GITEA" $CONF_ARG "$@"

4
docker/rootless/etc/templates/app.ini
View file

@ -23,7 +23,6 @@ SSH_PORT = $SSH_PORT
SSH_LISTEN_PORT = $SSH_LISTEN_PORT
BUILTIN_SSH_SERVER_USER = $RUN_USER
LFS_START_SERVER = $LFS_START_SERVER
LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs
[database]
PATH = $GITEA_WORK_DIR/data/gitea.db
@ -55,3 +54,6 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
[service]
DISABLE_REGISTRATION = $DISABLE_REGISTRATION
REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW
[lfs]
PATH = $GITEA_WORK_DIR/git/lfs

6
docker/rootless/usr/local/bin/docker-entrypoint.sh
View file

@ -1,5 +1,11 @@
#!/bin/sh
# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
if [ ! -x /bin/sh ]; then
echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
exit 1;
fi
if [ -x /usr/local/bin/docker-setup.sh ]; then
/usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; }
fi

2
docker/rootless/usr/local/bin/docker-setup.sh
View file

@ -25,7 +25,7 @@ if [ ! -f ${GITEA_APP_INI} ]; then
INSTALL_LOCK=true
fi
# Substitude the environment variables in the template
# Substitute the environment variables in the template
APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
RUN_MODE=${RUN_MODE:-"prod"} \
RUN_USER=${USER:-"git"} \

40
docker/rootless/usr/local/bin/gitea Normal file
View file

@ -0,0 +1,40 @@
#!/bin/bash
###############################################################
# This script sets defaults for gitea to run in the container #
###############################################################
# It assumes that you place this script as gitea in /usr/local/bin
#
# And place the original in /usr/lib/gitea with working files in /data/gitea
GITEA="/app/gitea/gitea"
WORK_DIR="/var/lib/gitea"
APP_INI="/etc/gitea/app.ini"
APP_INI_SET=""
for i in "$@"; do
case "$i" in
"-c")
APP_INI_SET=1
;;
"-c="*)
APP_INI_SET=1
;;
"--config")
APP_INI_SET=1
;;
"--config="*)
APP_INI_SET=1
;;
*)
;;
esac
done
if [ -z "$APP_INI_SET" ]; then
CONF_ARG=("-c" "${GITEA_APP_INI:-$APP_INI}")
fi
# Provide docker defaults
GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" exec -a "$0" "$GITEA" "${CONF_ARG[@]}" "$@"

26
docs/assets/js/search.js
View file

@ -15,7 +15,7 @@ const fuseOptions = {
shouldSort: true,
includeMatches: true,
matchAllTokens: true,
threshold: 0.0, // for parsing diacritics
threshold: 0, // for parsing diacritics
tokenize: true,
location: 0,
distance: 100,
@ -52,7 +52,7 @@ function doSearch() {
executeSearch(searchQuery);
} else {
const para = document.createElement('P');
para.innerText = 'Please enter a word or phrase above';
para.textContent = 'Please enter a word or phrase above';
document.getElementById('search-results').appendChild(para);
}
}
@ -60,17 +60,17 @@ function doSearch() {
function getJSON(url, fn) {
const request = new XMLHttpRequest();
request.open('GET', url, true);
request.onload = function () {
request.addEventListener('load', () => {
if (request.status >= 200 && request.status < 400) {
const data = JSON.parse(request.responseText);
fn(data);
} else {
console.error(`Target reached on ${url} with error ${request.status}`);
}
};
request.onerror = function () {
});
request.addEventListener('error', () => {
console.error(`Connection error ${request.status}`);
};
});
request.send();
}
@ -84,20 +84,20 @@ function executeSearch(searchQuery) {
populateResults(result);
} else {
const para = document.createElement('P');
para.innerText = 'No matches found';
para.textContent = 'No matches found';
document.getElementById('search-results').appendChild(para);
}
});
}
function populateResults(result) {
result.forEach((value, key) => {
for (const [key, value] of result.entries()) {
const content = value.item.contents;
let snippet = '';
const snippetHighlights = [];
if (fuseOptions.tokenize) {
snippetHighlights.push(searchQuery);
value.matches.forEach((mvalue) => {
for (const mvalue of value.matches) {
if (mvalue.key === 'tags' || mvalue.key === 'categories') {
snippetHighlights.push(mvalue.value);
} else if (mvalue.key === 'contents') {
@ -111,7 +111,7 @@ function populateResults(result) {
snippetHighlights.push(mvalue.value.substring(mvalue.indices[0][0], mvalue.indices[0][1] - mvalue.indices[0][0] + 1));
}
}
});
}
}
if (snippet.length < 1) {
@ -130,10 +130,10 @@ function populateResults(result) {
});
document.getElementById('search-results').appendChild(htmlToElement(output));
snippetHighlights.forEach((snipvalue) => {
for (const snipvalue of snippetHighlights) {
new Mark(document.getElementById(`summary-${key}`)).mark(snipvalue);
});
});
}
}
}
function render(templateString, data) {

6
docs/config.yaml
View file

@ -18,9 +18,9 @@ params:
description: Git with a cup of tea
author: The Gitea Authors
website: https://docs.gitea.io
version: 1.14.2
minGoVersion: 1.14
goVersion: 1.16
version: 1.16.0
minGoVersion: 1.16
goVersion: 1.17
minNodeVersion: 12.17
outputs:

6
docs/content/doc/advanced/adding-legal-pages.en-us.md
View file

@ -20,19 +20,19 @@ Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Poli
Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/`. For example, to add Privacy Policy:
```
wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/master/contrib/legal/privacy.html.sample
wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
```
Now you need to edit the page to meet your requirements. In particular you must change the email addresses, web addresses and references to "Your Gitea Instance" to match your situation.
You absolutely must not place a general ToS or privacy statement that implies that the gitea project is responsible for your server.
You absolutely must not place a general ToS or privacy statement that implies that the Gitea project is responsible for your server.
## Make it Visible
Create or append to `/path/to/custom/templates/custom/extra_links_footer.tmpl`:
```go
<a class="item" href="{{AppSubUrl}}/privacy.html">Privacy Policy</a>
<a class="item" href="{{AppSubUrl}}/assets/privacy.html">Privacy Policy</a>
```
Restart Gitea to see the changes.

33
docs/content/doc/advanced/clone-filter.en-us.md
View file

@ -27,39 +27,12 @@ on the client is at least the same as on the server (or later). Login to
Gitea server as admin and head to Site Administration -> Configuration to
see Git version of the server.
By default, clone filters are disabled, which cause the server to ignore
`--filter` option.
By default, clone filters are enabled, unless `DISABLE_PARTIAL_CLONE` under
`[git]` is set to `true`.
To enable clone filters on per-repo basis, edit the repo's `config` on
repository location. Consult `ROOT` option on `repository` section of
Gitea configuration (`app.ini`) for the exact location. For example, to
enable clone filters for `some-repo`, edit
`/var/gitea/data/gitea-repositories/some-user/some-repo.git/config` and add:
```ini
[uploadpack]
allowfilter = true
```
To enable clone filters globally, add that config above to `~/.gitconfig`
of user that run Gitea (for example `git`).
Alternatively, you can use `git config` to set the option.
To enable for a specific repo:
```bash
cd /var/gitea/data/gitea-repositories/some-user/some-repo.git
git config --local uploadpack.allowfilter true
```
To enable globally, login as user that run Gitea and:
```bash
git config --global uploadpack.allowfilter true
```
See [GitHub blog post: Get up to speed with partial clone](https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/)
for common use cases of clone filters (blobless and treeless clones), and
[Gitlab docs for partial clone](https://docs.gitlab.com/ee/topics/git/partial_clone.html)
[GitLab docs for partial clone](https://docs.gitlab.com/ee/topics/git/partial_clone.html)
for more advanced use cases (such as filter by file size and remove
filters to turn partial clone into full clone).

Some files were not shown because too many files have changed in this diff Show more