Backport #35604 by silverwind
The test calls out to a web service which may be down or unreachable as
seen in the linked issue. It's better for tests to not have such
external dependencies to make them absolutely stable.
Fixes: https://github.com/go-gitea/gitea/issues/35571
Co-authored-by: silverwind <me@silverwind.io>
Backport #35610 by @surya-purohit
Updates the swagger documentation for the `diffpatch` API endpoint.
The request body is corrected from the outdated `UpdateFileOptions` to
the current `ApplyDiffPatchOptions` to match the code implementation.
Closes [issue#35602](https://github.com/go-gitea/gitea/issues/35602)
---------
Co-authored-by: Surya Purohit <suryaprakash.sharma@sourcefuse.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #35584 by @shashank-netapp
# Summary
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.
Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.
Fixes: #35530
Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This pull request updates the handling of issue label events in
workflows to distinguish between label additions and deletions,
introduces corresponding test cases, and extends the `IssuePayload`
structure to support this functionality.
### Enhancements to issue label event handling:
* Updated `matchIssuesEvent` in `modules/actions/workflows.go` to
differentiate between "labeled" and "unlabeled" events based on whether
labels were added or removed.
* Added a new field, `RemovedLabels`, to the `IssuePayload` struct in
`modules/structs/hook.go` to track labels that were removed during an
issue event.
### Testing improvements:
* Added `TestMatchIssuesEvent` in `modules/actions/workflows_test.go` to
cover scenarios such as label addition, label deletion, and label
clearing, ensuring the correct event type is triggered.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Commit 6a97ab0af4031dd1e8fb0b272218e146b5556ac6 reworked team permission
application. The introduced logic overrode the unitModes for *every*
team a user is in, max(...) the current value and the team value
together.
The logic completely fails in case the team does not have a unit for the
specific unit type defined, in which case the logic inserted the
minimumVisibility, overriding any previous aggregation of access modes
for the unit.
This is resolved by simply always merging the unit access mode of the
team as it will simply default to None in case the team does not have a
permission defined for the unit, which will be swallowed by the max(..)
call in favour of the previous aggregated permission.
Enable the [same paste
features](https://github.com/github/paste-markdown#paste-markdown-objects)
that GitHub has, notably the ability to paste text containing HTML links
and have them automatically turn into Markdown links. As far as I can
tell, previous paste features all work as expected.
---------
Signed-off-by: silverwind <me@silverwind.io>
Time Estimate field is not included in the issue modification webhooks
or issue API endpoints.
This PR fixes the field for the API.
---------
Signed-off-by: Gnanakeethan Balasubramaniam <gnanakeethan@users.noreply.github.com>
Signed-off-by: Gnanakeethan Balasubramaniam <gnanakeethan@cloudparallax.com>
- `type-fest` is replaced by our own types
- `@stylistic/eslint-plugin-js` is no longer in use, it was replaced
with `@stylistic/eslint-plugin`
- `@types/license-checker-webpack-plugin` does not apply to our forked
version and has a type stub
Update eslint and all plugins. Many plugins still do not ship type
definitions so I had to add stubs. Also, I had to put a few typescript
error expectations because if some unknown error in the types.
`eslint-plugin-no-jquery` is disabled because it's not compatible with
eslint 9 flat config
(https://github.com/wikimedia/eslint-plugin-no-jquery/issues/311).
Given that this bundler is almost a drop-in replacement to webpack, it
might be worth switching. So far it seems everything is working, but
more testing is needed, so I'm setting draft.
- Dev build time is reduced from 10s to 5s
- Prod build time is reduced from 16s to 10s
- JS output size is reduced from 21.3MB to 19.8MB
- CSS output size is increased from 778kB to 818kB
When running `gitea dump`, don't store the contents of
`data/repo-archive` in the output.
These archives can easily be regenerated from the repository data, and
does not need to be backed up.
Fixes#35450
---
<s>Added a `--skip-repo-archive` flag to the `gitea dump` command.
Enabling this flag will exclude the contents of `data/repo-archive` from
the dump. The implementation is similar to the other `--skip-*` flags
that excludes directories from `data`.</s>
Signed-off-by: h7x4 <h7x4@nani.wtf>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
See https://github.com/actions/setup-node/releases/tag/v5.0.0
Caching is now enabled by default when `packageManager` is present in
package.json, and we have that. `cache-dependency-path` is unneccesary
because the action will automatically detect it.
Extend the maximum length of comment.treepath from 255 to 4000
characters.
All databases supported by Gitea allow VARCHAR fields of 4000, so
compatibility is ensured. Git itself does not impose a strict limit on
path length. On Windows, the `core.longpaths` setting has already been
enabled to handle long file paths.
Fix#33716
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
fixes#30565
When using git with a gitea hosted repository, the HTTP-Transport did
honor the user and repository redirects, which are created when renaming
a user or repo and also when transferring ownership of a repo to a
different organization. This is extremely helpful, as repo URLs remain
stable and do not have to be migrated on each client's worktree and
other places, e.g. CI at once.
The SSH transport - which I favor - did not know of these redirections
and I implemented a lookup during the `serv` command.
gofumpt now
[supports](https://github.com/mvdan/gofumpt/releases/tag/v0.9.0) the
[ignore](https://tip.golang.org/ref/mod#go-mod-file-ignore) directive
added in go 1.25, make use of it which speeds up `make fmt` by around
30%. Likely this also has similar speed gains in other go-related
commands which use the `./...` pattern.
The change in `build/code-batch-process.go` was introduced by `gofumpt`
because of this change:
> A new rule is introduced to "clothe" naked returns for the sake of
clarity. While there is nothing wrong with naming results in function
signatures, using lone return statements can be confusing to the reader.
