Commit Graph

19599 Commits

Author SHA1 Message Date
wxiaoguang
4fc626daa1 Refactor editor (#34780)
A complete rewrite
2025-06-21 19:20:51 +08:00
wxiaoguang
81adb01713 Improve img lazy loading (#34804)
Related #32051 and #13526
2025-06-21 14:53:22 +08:00
GiteaBot
0990eb44ce [skip ci] Updated translations via Crowdin 2025-06-21 00:37:09 +00:00
Snowball_233
40dec17b5c Fix Feishu webhook signature verification (#34788)
# Fix Feishu Webhook Signature Verification

This PR implements proper signature verification for Feishu (Lark)
webhooks according to the [official
documentation](https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot).

## Changes

- Implemented the `GenSign` function based on Feishu's official Go
sample code
- Modified the webhook request creation to include timestamp and
signature in the payload when a secret is configured
- Fixed the signature generation algorithm to properly use HMAC-SHA256
with the correct string format

## Implementation Details

The signature verification works as follows:
1. When a webhook secret is provided, a timestamp is generated
2. The signature string is created using `timestamp + "\n" + secret`
3. The HMAC-SHA256 algorithm is applied to an empty string using the
signature string as the key
4. The result is Base64 encoded to produce the final signature
5. Both timestamp and signature are added to the payload

According to Feishu's documentation, the timestamp must be within 1 hour
(3600 seconds) of the current time to be considered valid.

## Security Note

Feishu emphasizes the importance of keeping webhook URLs secure. Do not
disclose them on GitHub, blogs, or any public sites to prevent
unauthorized use.

## References

- [Feishu Custom Bot
Documentation](https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot)

---------

Co-authored-by: hiifong <i@hiif.ong>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-20 13:09:03 -07:00
Lunny Xiao
90eb831418 Upgrade chi to v5.2.2 (#34798) 2025-06-20 18:23:46 +00:00
Kerwin Bryant
1c28c470f8 Fix the issue of abnormal interface when there is no issue-item on the project page (#34791) 2025-06-20 10:27:56 -07:00
wxiaoguang
e0f3b30895 Fix container range bug (#34795)
Fix #34792 and add new tests
2025-06-21 01:13:34 +08:00
wxiaoguang
719b151058 Fix OCI manifest parser (#34797)
Do not parse the media type we don't know.
2025-06-21 00:27:35 +08:00
yp05327
4f32d32812 Bump poetry feature to new url for dev container (#34787) 2025-06-20 12:33:12 +00:00
ChristopherHX
cda90eca31 Add workflow_run api + webhook (#33964)
Implements 
- https://docs.github.com/en/rest/actions/workflow-jobs?apiVersion=2022-11-28#list-jobs-for-a-workflow-run--code-samples
- https://docs.github.com/en/rest/actions/workflow-jobs?apiVersion=2022-11-28#get-a-job-for-a-workflow-run--code-samples
- https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository
- https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#get-a-workflow-run
  - `/actions/runs` for global + user + org (Gitea only)
  - `/actions/jobs` for global + user + org + repository (Gitea only)
  - workflow_run webhook + action trigger
    - limitations
- workflow id is assigned to a string, this may result into problems in
strongly typed clients

Fixes
- workflow_job webhook url to no longer contain the `runs/<run>` part to
align with api
- workflow instance does now use it's name inside the file instead of
filename if set

Refactoring
- Moved a lot of logic from workflows/workflow_job into a shared module
used by both webhook and api

TODO
- [x] Verify Keda Compatibility
- [x] Edit Webhook API bug is resolved
 
Closes https://github.com/go-gitea/gitea/issues/23670
Closes https://github.com/go-gitea/gitea/issues/23796
Closes https://github.com/go-gitea/gitea/issues/24898
Replaces https://github.com/go-gitea/gitea/pull/28047 and is much more
complete

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-20 20:14:00 +08:00
GiteaBot
d462ce149d [skip ci] Updated translations via Crowdin 2025-06-20 00:37:18 +00:00
Dan Čermák
b8c9a0c323 Add ff_only parameter to POST /repos/{owner}/{repo}/merge-upstream (#34770)
The merge-upstream route was so far performing any kind of merge, even
those that would create merge commits and thus make your branch diverge
from upstream, requiring manual intervention via the git cli to undo the
damage.

With the new optional parameter ff_only, we can instruct gitea to error
out, if a non-fast-forward merge would be performed.
2025-06-19 12:29:10 -07:00
bytedream
7346ae7cd4 Add repo file tree item link behavior (#34730)
Converts the repo file tree items into `<a>` elements to have default
link behavior. Dynamic content load is still done when no special key is
pressed while clicking on an item.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-20 02:28:19 +08:00
wxiaoguang
0ea958dc58 Fix tag target (#34781)
Fix #34779
2025-06-19 10:33:30 -07:00
GiteaBot
67083437cd [skip ci] Updated translations via Crowdin 2025-06-19 00:37:30 +00:00
silverwind
b18c047d62 Upgrade gopls to v0.19.0, add make fix (#34772)
Upgrade to
[v0.19.0](https://github.com/golang/tools/releases/tag/gopls%2Fv0.19.0)
and fix issues. Runs with new `warning` serverity setting. This likely
does less checks than before. Additionally, add `make fix` which runs
modernize. This is also verified on CI.

For the record, here are the issues discoverd when running with `info`
severity, in case we want to fix these:

```
tests/integration/repo_test.go:95:5-14: could use tagged switch on i
tests/integration/api_packages_generic_test.go:149:4-64: could use tagged switch on setting.Packages.Storage.Type
services/webhook/msteams_test.go:33:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:59:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:85:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:111:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:138:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:161:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:187:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:213:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:239:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:266:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:407:4-33: could use tagged switch on fact.Name
tests/integration/api_packages_conan_test.go:350:6-33: could use tagged switch on pf.Name
models/issues/tracked_time_test.go:98:3-18: could use tagged switch on user.ID
tests/integration/api_token_test.go:505:5-43: could use tagged switch on minRequiredLevel
services/gitdiff/gitdiff.go:220:33-46: method "getLineLegacy" is unused
```

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-06-18 19:30:40 +00:00
wxiaoguang
8efc4ca334 Refactor packages (func name & UI) (#34773)
1. Use `OpenXxx` instead of `GetXxx` because the returned readers should
be correctly closed, and clarify the behaviors of the functions: they
increase the download counter
2. Use `packages-content` styles instead of `issue-content`
2025-06-18 19:04:24 +00:00
silverwind
46a1d52235 Fix remaining issues after gopls modernize formatting (#34771)
Followup https://github.com/go-gitea/gitea/pull/34751, fix all remaining
marked issues.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-06-18 11:37:49 -07:00
wxiaoguang
a2ae7c69da Fix some package registry problems (#34759)
1. Fix #33787
2. Fix container image display
2025-06-19 00:32:43 +08:00
wxiaoguang
7954f25290 Fix incorrect cli default values and default command (#34765) 2025-06-18 23:25:11 +08:00
Kemal Zebari
416ff1fd31 Support annotated tags when using create release API (#31840)
This adds a new field, "tag_message", that represents the message of the
annotated tag.

Resolves #31835.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-18 05:12:38 +00:00
anthony-zh
0e6c1224e5 when using rules to delete packages, remove unclean bugs (#34632)
By default, the code extracts 200 package versions. If too many packages
are generated every day or if rule cleaning is enabled later, which
means there are more than 200 versions corresponding to the library
package, it may not be cleaned up completely, resulting in residue

Fix #31961

---------

Co-authored-by: yeyuanjie <yecao100@126.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-18 04:47:49 +00:00
wxiaoguang
b38813878c Fix readme path and markdown link paste (#34755) 2025-06-18 04:19:54 +00:00
Philip Peterson
08c634b7b7 Remove unused param doer (#34545) 2025-06-18 03:12:16 +00:00
silverwind
dfea75371c Improve alignment of commit status icon on commit page (#34750)
Before, icon vertically misaligned:

<img width="243" alt="Screenshot 2025-06-17 at 18 14 26"
src="https://github.com/user-attachments/assets/ac515c6d-25bd-44da-88be-a1d93c137ed0"
/>

After, icon correctly vertically centered:

<img width="244" alt="Screenshot 2025-06-17 at 18 14 40"
src="https://github.com/user-attachments/assets/41556d52-aa15-4bfb-82e2-91ed774cf2b0"
/>

I think it's fine to single out this one case and not alter
`flex-text-inline` because that class seems to work well in other
places.
2025-06-18 02:14:11 +00:00
silverwind
1f35435b81 Run gopls modernize on codebase (#34751)
Recent modernize fixes:
https://github.com/golang/tools/commits/master/gopls/internal/analysis/modernize
2025-06-18 01:48:09 +00:00
wxiaoguang
71e4740946 Refactor some file edit related code (#34744)
Follow up #34350

---------

Co-authored-by: delvh <dev.lh@web.de>
2025-06-18 01:18:07 +00:00
GiteaBot
ecc6685c20 [skip ci] Updated translations via Crowdin 2025-06-18 00:37:12 +00:00
Lunny Xiao
a14db5c5e3 Fix ghost user in feeds when pushing in an actions, it should be gitea-actions (#34703) 2025-06-17 23:44:35 +00:00
Lunny Xiao
ee334886f3 upgrade orgmode to v1.8.0 (#34721) 2025-06-17 19:30:43 +00:00
endo0911engineer
1376cf7481 Support title and body query parameters for new PRs (#34537)
Currently, Gitea supports title and body query parameters when creating
new issues, allowing pre-filling those fields via URL parameters.
However, similar support for pull requests (PRs) does not exist.

This feature adds support for the title, body, and quick_pull query
parameters in the new pull request creation page. These parameters work
similarly to GitHub’s behavior, allowing users to pre-populate the PR
title and body, and optionally expand the PR creation form
automatically.

By supporting these query parameters, it improves the usability and
automation capabilities when creating pull requests via direct URLs,
aligning Gitea more closely with GitHub’s user experience.

---------

Co-authored-by: root <root@DESKTOP-UPANUTP>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-17 12:05:10 -07:00
wxiaoguang
f214bb40a3 Improve nuget/rubygems package registries (#34741)
1. Add some missing (optional) fields for nuget v2, and sort the fields
to make it easier to maintain
2. Add missing "platform" for rubygems: `VERSION-PLATFORM` and
`VERSION_PLATFORM`

Co-authored-by: Giteabot <teabot@gitea.io>
2025-06-17 19:42:00 +02:00
Lunny Xiao
224aa64cd9 Replace update repository function in some places (#34566)
`UpdateAllCols` is dangerous, the columns should be updated when
necessary.

This PR replaces some `updateRepository` invokes to reduce possible
problems and wrongly updated time. Some parts have been fixed in #34388,
but some are hidden in the function `updateRepository`. Alternatively,
using `UpdateRepositoryColsNoAutoTime` to update the changed columns.

Some `UpdateRepoSize` invokes are duplicated, so they will be removed
when extracting from `updateRepository`.
2025-06-17 09:54:25 -07:00
Lunny Xiao
1e644e39f9 remove unnecessary duplicate code (#34733) 2025-06-17 12:23:56 -04:00
MaxWebZ
037f72bdb3 fix: prevent double markdown link brackets when pasting URL (#34745)
When adding a link using the "Add a link" button in comment editor,
pasting a URL resulted in incorrect Markdown formatting (double
brackets) instead of replacing the placeholder text.

This fix adds a context check to prevent creating a new markdown link
when we're already inside an existing one.

Fixes #34740

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-17 21:33:50 +08:00
wxiaoguang
4cbb482554 Fix JS error for "select" dropdown (#34743)
Regression of recent dropdown filter change.
2025-06-17 19:19:08 +08:00
GiteaBot
439ebe7031 [skip ci] Updated translations via Crowdin 2025-06-17 00:37:42 +00:00
bytedream
3a37d63d61 Allow renaming/moving binary/LFS files in the UI (#34350)
Adds the ability to rename/move binary files like binary blobs or images
and files that are too large in the web ui.
This was purposed in #24722, along with the ability edit images via an
upload of a new image, which I didn't implement here (could be done in a
separate PR).

Binary file content:

![binary](https://github.com/user-attachments/assets/61d9ff71-25d3-4832-9288-452cdefc7283)

File too large:

![toolarge](https://github.com/user-attachments/assets/3b42dbd0-e76a-4c3c-92d2-52ebffedea64)

GitHub does the same (I've copied the text from there):

![gh](https://github.com/user-attachments/assets/e1499813-fb71-4544-9d58-086046a5f13e)
2025-06-16 17:15:07 -07:00
wxiaoguang
24ce2058e8 Clean bindata (#34728)
Follow #34692
2025-06-16 12:03:51 +00:00
wxiaoguang
6b8b580218 Refactor container and UI (#34736) 2025-06-16 16:27:01 +08:00
Kerwin Bryant
bbee652e29 Prevent duplicate form submissions when creating forks (#34714)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-06-16 04:19:16 +00:00
wxiaoguang
637070e07b Fix container range bug (#34725)
Fix #34724
2025-06-15 21:55:11 +03:00
GiteaBot
0d3e9956cd [skip ci] Updated translations via Crowdin 2025-06-15 00:41:44 +00:00
GiteaBot
28debdbe00 [skip ci] Updated translations via Crowdin 2025-06-14 00:35:48 +00:00
silverwind
dcc9206a59 Raise minimum Node.js version to 20, test on 24 (#34713)
- Node.js 18 is now EOL, so raise minimum version to current LTS v20
- Test on 24
- Change devcontainers to use LTS version (currently 22),
[ref](https://github.com/devcontainers/features/tree/main/src/node)
2025-06-13 13:40:39 -04:00
GiteaBot
bc28654b49 [skip ci] Updated translations via Crowdin 2025-06-13 00:37:13 +00:00
Lunny Xiao
d21ce9fa07 Improve the performance when detecting the file editable (#34653)
Noticed the SQL will be executed 4 times when visit the file render view
page. For a repository which have many pull requests, it maybe slow.
```SQL
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 2.004167ms
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 1.03975ms
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 881.583µs
2025/06/08 15:24:44 models/issues/pull_list.go:69:GetUnmergedPullRequestsByHeadInfo() [I] [SQL] SELECT * FROM `pull_request` INNER JOIN `issue` ON issue.id = pull_request.issue_id WHERE (head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?) [393 main false false 0] - 935.084µs
```

This PR did a refactor to query it once only.
2025-06-12 18:12:45 +00:00
wxiaoguang
8fed27bf6a Fix various problems (#34708)
* Fix #34707
* Fix dropdown filter handling
* Fix #27014
2025-06-12 09:19:24 -07:00
wxiaoguang
65986f423f Refactor embedded assets and drop unnecessary dependencies (#34692)
Benefits:

1. smaller binary size (reduces more than 1MB)
2. better control of the assets details
3. fewer unmaintained dependencies
4. faster startup if the assets are not needed
5. won't hang up editors when open "bindata.go" by accident
2025-06-12 03:59:33 +00:00
silverwind
18bafcc378 Bump minimum go version to 1.24.4 (#34699)
Fixes 3 open govulncheck issues.
2025-06-12 03:33:36 +00:00