(cherry picked from commit 6d910daafb28b79402b8190fa749f4ff18991505)
(cherry picked from commit d447861cc911aa89539cbbcdbbf0e68d0bc23e53)
(cherry picked from commit dc6e9d87990f72d870100934be32a5fc1dc119ad)
(cherry picked from commit ef232fa20c99c6c52599025967a5af2f5839bdce)
(cherry picked from commit 290c55517a84f6e8b80459372b9b63ec19cadcb4)
(cherry picked from commit db48af1784e94851c066845324c3e680e79ab7c3)
(cherry picked from commit 85f33237a2f5da88ec2fcab76ea91ee3cec56065)
(cherry picked from commit 76899ee33e8196c66f882fca5facf5268c8fabf8)
(cherry picked from commit 148b3ee9cb03aa614b59ab98d2d8c11f343d38d1)
(cherry picked from commit 1f6ad8f465819cc6adb8061845822398a33e14e1)
(cherry picked from commit c330afdba3354ff59591bd07046b6993bfeea777)
(cherry picked from commit b1f87075a79c8e0d1a8626958f90bfee4d003de1)
(cherry picked from commit 7da40992cc82d719094a748339c385fbc1251afe)
(cherry picked from commit 7ab19ff5e528b9e1ef53e95639022facca70466e)
(cherry picked from commit e61e44921bbabc7ba12da51afde1c6fe8203679b)
(cherry picked from commit 83646119fb8af975a114601ee7bbaf7c5d25f93f)
(cherry picked from commit 20cf748e61f35378745629dcb38b459818c8ad52)
(cherry picked from commit 0a99919cec90dc1374c67199a0bbb90e7f8c7525)
(cherry picked from commit 21215222a6d036551dca0b54a09c388845c3565f)
(cherry picked from commit 0f6c5658d77fe47d4c67b327190f88af829905da)
(cherry picked from commit 1752e43d3c0d71533680d2dcbcbb056d0c91371e)
(cherry picked from commit 2332080929c9eb65d512956773bf7ac821fa6736)
(cherry picked from commit 590aabf2a2a47f4a5a53a9d0b8b12486f5998400)
(cherry picked from commit 87d8b7b315c3e25bd3fcf9dc9c1d359bcd107281)
(cherry picked from commit ff37de38be04b8c1ca6f04b4ef5566c9f9a125ad)
(cherry picked from commit cee32c9e7ab58af6cb07109df4b88420c30c6156)
(cherry picked from commit 39faade524215d5527c5d24e90a9be62aa40f422)
(cherry picked from commit 0e5ca477b6e7ae926cd32454a6ed372b83626b34)
(cherry picked from commit 70e2730f7b2efe4c2ee9ef047583bf9ee5eed409)
(cherry picked from commit 2ad4003944e0d32d1e45b9276316e189f9b5b176)
(cherry picked from commit 2429de9e87e3fdbfa2df8741c9400e9f056ef124)
(cherry picked from commit c133915fc1a4eb8aa1e4766e720e47de14db0d61)
(cherry picked from commit c607dcaf9f01e454921e07b758bdde1c4dba5504)
(cherry picked from commit 00f006637f659bd617d05d1017be7bd4b78e618b)
(cherry picked from commit 0de6646475195e0cf210781c98b8fcede010b94d)
(cherry picked from commit b05e83bb1e45e67d96f0b4b138ffe2df8329e01d)
(cherry picked from commit cb71f139f081c14d17ee904931ab64ccd2199c20)
(cherry picked from commit 2a8b08ee4fdbceb5b8196a89c017405546ec0f79)
(cherry picked from commit 3ebab73c4eee7b43ab0a30ad1f32c23ac969cbac)
(cherry picked from commit 07626c088c2e9927bf200803178530be515831e8)
(cherry picked from commit 844e9bc9999f2b94e2fc0f727dec06d128042b8e)
(cherry picked from commit c315e247514fee9b2fcd3a91e16237b8986b78f0)
(cherry picked from commit f5f2b41f3cdfc6258191859a7c1914b52b868c09)
(cherry picked from commit 09134424a8c3c5136373c7760cf3d3dd26382610)
(cherry picked from commit 6fc63d48c4b2a568ddafb92d566e607977cc1b1b)
(cherry picked from commit a0be5c783e145601ca80eadfff7e104c980d1f32)
(cherry picked from commit 124bad8230535626187165341c369668bb71c4f2)
(cherry picked from commit 57069811d1d4d89bee498d8cbd9e23e212e48b7b)
(cherry picked from commit 8871d1aac7fa64a97fbc740f548151e239257de5)
- The watch/unwatch button and star/unstar get their own template
- The backend returns HTML instead of redirect
---------
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Resolves https://github.com/go-gitea/gitea/issues/28704
Example of an entry in the generated `APKINDEX` file:
```
C:Q1xCO3H9LTTEbhKt9G1alSC87I56c=
P:hello
V:2.12-r1
A:x86_64
T:The GNU Hello program produces a familiar, friendly greeting
U:https://www.gnu.org/software/hello/
L:GPL-3.0-or-later
S:15403
I:36864
o:hello
m:
t:1705934118
D:so:libc.musl-x86_64.so.1
p:cmd:hello=2.12-r1
i:foobar=1.0 !baz
k:42
```
the `i:` and `k:` entries are new.
---------
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api
This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.
After that PR is merged, the user creation should be next.
Follow #28654
The `comments` might be empty, so the templates shouldn't (and couldn't)
use it to render. When there is no comment, the UI should also be
updated to empty, so returning an empty body is good enough.
This PR adds a new `must-change-password` parameter to the
`change-password` cli command.
We already have the `must-change-password` command but it feels natural
to have this integrated into the `change-password` cli command.
---------
Co-authored-by: 6543 <6543@obermui.de>
Emails from Gitea comments do not contain the username of the commenter
anywhere, only their display name, so it is not possible to verify who
made a comment from the email itself:
From: "Alice" <email@gitea>
X-Gitea-Sender: Alice
X-Gitea-Recipient: Bob
X-GitHub-Sender: Alice
X-GitHub-Recipient: Bob
This comment looks like it's from @alice.
The X-Gitea/X-GitHub headers also use display names, which is not very
reliable for filtering, and inconsistent with GitHub's behavior:
X-GitHub-Sender: lunny
X-GitHub-Recipient: gwymor
This change includes both the display name and username in the From
header, and switches the other headers from display name to username:
From: "Alice (@fakealice)" <email@gitea>
X-Gitea-Sender: fakealice
X-Gitea-Recipient: bob
X-GitHub-Sender: fakealice
X-GitHub-Recipient: bob
This comment looks like it's from @alice.
This change allows act_runner / actions_runner to use jwt tokens for
`ACTIONS_RUNTIME_TOKEN` that are compatible with
actions/upload-artifact@v4.
The official Artifact actions are now validating and extracting the jwt
claim scp to get the runid and jobid, the old artifact backend also
needs to accept the same token jwt.
---
Related to #28853
I'm not familar with the auth system, maybe you know how to improve this
I have tested
- the jwt token is a valid token for artifact uploading
- the jwt token can be parsed by actions/upload-artifact@v4 and passes
their scp claim validation
Next steps would be a new artifacts@v4 backend.
~~I'm linking the act_runner change soonish.~~
act_runner change to make the change effective and use jwt tokens
<https://gitea.com/gitea/act_runner/pulls/471>
Behaviour now matches GH. Safeguard added in the for loop because
`textContent` may be null in which case it does not make sense to render
the copy button.
To make sure we don't abuse it.
---------
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
In #28691, schedule plans will be deleted when a repo's actions unit is
disabled. But when the unit is enabled, the schedule plans won't be
created again.
This PR fixes the bug. The schedule plans will be created again when the
actions unit is re-enabled
- Closes https://github.com/go-gitea/gitea/issues/28880
This change introduces htmx with the hope we could use it to make Gitea
more reactive while keeping our "HTML rendered on the server" approach.
- Add `htmx.js` that imports `htmx.org` and initializes error toasts
- Place `hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}'` on the
`<body>` tag so every request that htmx sends is authenticated
- Place `hx-swap="outerHTML"` on the `<body>` tag so the response of
each htmx request replaces the tag it targets (as opposed to its inner
content)
- Place `hx-push-url="false"` on the `<body>` tag so no changes to the
URL happen in `<form>` tags
- Add the `is-loading` class during request
### Error toasts in action
## Don't do a full page load when clicking the subscribe button
- Refactor the form around the subscribe button into its own template
- Use htmx to perform the form submission
- `hx-boost="true"` to prevent the default form submission behavior of a
full page load
- `hx-sync="this:replace"` to replace the current request (in case the
button is clicked again before the response is returned)
- `hx-target="this"` to replace the form tag with the new form tag
- Change the backend response to return a `<form>` tag instead of a
redirect to the issue page
### Before
### After
## Don't do a full page load when clicking the follow button
- Use htmx to perform the button request
- `hx-post="{{.ContextUser.HomeLink}}?action=follow"` to send a POST
request to follow the user
- `hx-target="#profile-avatar-card"` to target the card div for
replacement
- `hx-indicator="#profile-avatar-card"` to place the loading indicator
on the card
- Change the backend response to return a `<div>` tag (the card) instead
of a redirect to the user page
### Before
### After
---------
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Renames it to `ENABLED` to be consistent with other settings and
deprecates it.
I believe this change is necessary because other setting groups such as
`attachment`, `cors`, `mailer`, etc. have an `ENABLED` setting, but
`oauth2` is the only one with an `ENABLE` setting, which could cause
confusion for users.
This is no longer a breaking change because `ENABLE` has been set as
deprecated and as an alias to `ENABLED`.
## Purpose
This is a refactor toward building an abstraction over managing git
repositories.
Afterwards, it does not matter anymore if they are stored on the local
disk or somewhere remote.
## What this PR changes
We used `git.OpenRepository` everywhere previously.
Now, we should split them into two distinct functions:
Firstly, there are temporary repositories which do not change:
```go
git.OpenRepository(ctx, diskPath)
```
Gitea managed repositories having a record in the database in the
`repository` table are moved into the new package `gitrepo`:
```go
gitrepo.OpenRepository(ctx, repo_model.Repo)
```
Why is `repo_model.Repository` the second parameter instead of file
path?
Because then we can easily adapt our repository storage strategy.
The repositories can be stored locally, however, they could just as well
be stored on a remote server.
## Further changes in other PRs
- A Git Command wrapper on package `gitrepo` could be created. i.e.
`NewCommand(ctx, repo_model.Repository, commands...)`. `git.RunOpts{Dir:
repo.RepoPath()}`, the directory should be empty before invoking this
method and it can be filled in the function only. #28940
- Remove the `RepoPath()`/`WikiPath()` functions to reduce the
possibility of mistakes.
---------
Co-authored-by: delvh <dev.lh@web.de>
The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:
- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.
Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.
