Commit graph

1336 commits

Author SHA1 Message Date
silverwind ae8e8f055e
Use fetch helpers instead of fetch (#27026)
WIP because:

- [x] Some calls set a `content-type` but send no body, can likely
remove the header
- [x] Need to check whether `charset=utf-8` has any significance on the
webauthn calls, I assume not as it is the default for json content.
- [x] Maybe `no-restricted-globals` is better for eslint, but will
require a lot of duplication in the yaml or moving eslint config to a
`.js` extension.
- [x] Maybe export `request` as `fetch`, shadowing the global.
2023-09-19 00:50:30 +00:00
KN4CK3R ed64f1c2b8
Support .git-blame-ignore-revs file (#26395)
Closes #26329

This PR adds the ability to ignore revisions specified in the
`.git-blame-ignore-revs` file in the root of the repository.


![grafik](https://github.com/go-gitea/gitea/assets/1666336/9e91be0c-6e9c-431c-bbe9-5f80154251c8)

The banner is displayed in this case. I intentionally did not add a UI
way to bypass the ignore file (same behaviour as Github) but you can add
`?bypass-blame-ignore=true` to the url manually.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-16 17:42:34 +00:00
Lunny Xiao e5ec57cd60
Actions are no longer experimental, so enable them by default (#27054)
This PR makes the actions enabled by default, so people will find it
easier to enable actions in repository setting.
2023-09-15 06:43:39 +00:00
Lunny Xiao 3cd719a63d
Update brew installation documentation since gitea moved to brew core package (#27070)
ref: https://gitea.com/gitea/homebrew-gitea/pulls/178
2023-09-15 06:14:24 +00:00
merlleu e6a059a3d0
add sparse url in cargo package guide (#26937)
Hello,

The current package guide for cargo gives you only the git index, with
the HTTP Index stabilized being used as default for crates.io and being
better for most use-cases.

However, it's not documented that gitea supports the sparse spec, and it
does not require the _crates-index git repo for the sparse api.

I personally think we should push users to use the sparse instead of the
git repository. (Even let users disable crates-index repos if they only
want to use sparse)
2023-09-13 12:14:10 +08:00
wxiaoguang 998cea5888
Use secure cookie for HTTPS sites (#26999)
If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.

![image](https://github.com/go-gitea/gitea/assets/2114189/7bc9a859-dcc1-467d-bc7c-1dd6a10389e3)
2023-09-11 17:03:51 +08:00
silverwind 6d96f0b0d1
Add fetch wrappers, ignore network errors in actions view (#26985)
1. Introduce lightweight `fetch` wrapper functions that automatically
sets csfr token, content-type and use it in `RepoActionView.vue`.
2. Fix a specific issue on `RepoActionView.vue` where a fetch network
error is shortly visible during page reload sometimes. It can be
reproduced by F5-in in quick succession on the actions view page and was
also producing a red error box on the page.

Once approved, we can replace all current `fetch` uses in UI with this
in another PR.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-11 10:25:10 +02:00
Infinoid de68953bac
Correct the database.LOG_SQL default value in config cheat sheet (#26997)
The default is false, fix the docs to reflect that.

Fixes: #26989
2023-09-10 15:45:06 +00:00
Lunny Xiao e97e883ad5
Add reverseproxy auth for API back with default disabled (#26703)
This feature was removed by #22219 to avoid possible CSRF attack.

This PR takes reverseproxy auth for API back but with default disabled.

To prevent possbile CSRF attack, the responsibility will be the
reverseproxy but not Gitea itself.

For those want to enable this `ENABLE_REVERSE_PROXY_AUTHENTICATION_API`,
they should know what they are doing.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-07 08:31:46 +00:00
silverwind e596806217
Update nginx recommendations (#26924)
- `Connection` and `Upgrade` [needed for
websockets](https://www.nginx.com/blog/websocket-nginx/)
- ~~`X-Real-IP` unnecessary and duplicate with `X-Forwarded-For`. [chi
checks both
headers](https://github.com/go-chi/chi/blob/master/middleware/realip.go),
but XFF is definitely the more "standard" one.~~
2023-09-06 17:49:45 +00:00
Panagiotis "Ivory" Vasilopoulos d1353ad55a
docs: Update Profile README information (#26947)
Follow-up of https://github.com/go-gitea/gitea/pull/26295
2023-09-06 10:22:50 -04:00
KazzmanK b3d88ada01
Add a documentation note for Windows Service (#26938)
Service may fail to start at boot time with timeout
Resolves #26934

Co-authored-by: Nikolay Kobzarev <n.kobzarev@aeronavigator.ru>
2023-09-06 11:14:12 +00:00
FuXiaoHei 460a2b0edf
Artifacts retention and auto clean up (#26131)
Currently, Artifact does not have an expiration and automatic cleanup
mechanism, and this feature needs to be added. It contains the following
key points:

- [x] add global artifact retention days option in config file. Default
value is 90 days.
- [x] add cron task to clean up expired artifacts. It should run once a
day.
- [x] support custom retention period from `retention-days: 5` in
`upload-artifact@v3`.
- [x] artifacts link in actions view should be non-clickable text when
expired.
2023-09-06 07:41:06 +00:00
Sven Seeberg 5f7fa27a44
Improve LDAP group config documentation, fixes #21159 (#21227)
Improve the wording of the LDAP group attributes documentation and
expand the examples.
2023-09-05 13:18:53 -04:00
JonRB 1859c5b636
Update backup instructions to align with archive structure (#26902)
Signed-off-by: JonRB <jon.roadleybattin@gmail.com>
fixes https://github.com/go-gitea/gitea/issues/25878
2023-09-05 09:26:12 +08:00
Lunny Xiao 1bfb3f78f6
Update documents to fix some links (#26885) 2023-09-03 18:45:20 +00:00
JonRB 99a5595408
clarify aspects of the dump command (#26887)
clarify aspects of the dump command

Possibly closes #26862

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-09-03 14:44:01 -04:00
CaiCandong 7477c93d62
Update docs about attachment path (#26883)
This change was caused by #26271, for configuration as below:
```
[attachment]
ENABLE = true
PATH = data/attachments
MAX_SIZE = 100
MAX_FILES = 5
```
Before #26271, the resolved path is ${AppWorkPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/attachments`)
After #26271, the resolved path is ${AppDataPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/data/attachments`)


Fix  https://github.com/go-gitea/gitea/issues/26864
Follow https://github.com/go-gitea/gitea/pull/26271
2023-09-03 11:40:10 +02:00
wxiaoguang 83208b4991
Improve the "bug report" template and "support options" document (#26753)
* `/help/support` is a better document than
`/administration/logging-config` for bug reporting
* Improve `support.en-us.md`
    * Move/add detailed contents into `Advanced Bug Report Tips` section
    * Merge `Chinese Support` section into `Support Options`
2023-08-28 22:37:39 +00:00
mainboarder c533991519
Expanded minimum RSA Keylength to 3072 (#26604)
German Federal Office for Information Security requests in its technical
guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits
starting 2024, in the year 2023 3000bits as a recommendation. Gitea
should request longer RSA Keys by default in favor of security and drop
old clients which do not support longer keys.


https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9
- Page 19, Table 1.2

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-28 00:53:16 +00:00
Lunny Xiao 476b9d1589
Use docs.gitea.com instead of docs.gitea.io (#26739) 2023-08-27 11:59:12 +00:00
Thomas McWork 083b0b4770
Prefer variables over subprocesses (#26690)
… because it doesn't require a separate shell, spawning a process which
cost unnecessary resources and takes time.
2023-08-23 07:43:05 -05:00
Lunny Xiao 3b91b2d6b1
add mfa doc (#26654)
copy and modified from #14572 

> Whilst debating enforcing MFA within our team, I realised there isn't
a lot of context to the side effects of enabling it. Most of us use Git
over HTTP and would need to add a token.

I plan to add another PR that adds a sentence to the UI about needing to
generate a token when enabling MFA if HTTP is to be used.

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
2023-08-22 21:56:11 -04:00
techknowlogick b3f7137174
Update minimum password length requirements (#25946) 2023-08-21 19:27:50 +00:00
lonix1 8f936488f7
docs: template variables (#26547)
Explanation for using gitea's variables in `.tmpl` files.

Thanks to @wxiaoguang for advising me on
[discord](https://discord.com/channels/322538954119184384/561007778139734027/1141217820441587722).
2023-08-19 00:24:27 +00:00
CaiCandong db7b0a1a4e
Update zh-cn documentation (#26406) 2023-08-14 01:35:49 -04:00
delvh e10ba5e5e0
Rename Sync2 -> Sync (#26479)
The xorm `Sync2` has already been deprecated in favor of `Sync`,
so let's do the same inside the Gitea codebase.

Command used to replace everything:
```sh
for i in $(ag Sync2 --files-with-matches); do vim $i -c ':%sno/Sync2/Sync/g' -c ':wq'; done
```
2023-08-13 21:17:21 +02:00
John Olheiser 2eb456dde2
Add matrix to support (#26382)
This PR adds our matrix space to the support options and alphabetizes
the list.

I also considered adding our Mastodon, however that isn't as suitable as
the other options because it's just whoever has access to the account vs
a community chat/forum.

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-08-12 16:54:50 +02:00
CaiCandong b937adc54d
Update index doc (#26455)
In the previous feature description, numerous functionalities of Gitea
were listed, which appeared redundant and failed to highlight the unique
characteristics of Gitea. Therefore, I have rewritten this section based
on the description provided on the official Gitea website
2023-08-12 00:49:23 +00:00
Lunny Xiao 7e382a5555
Update upgrade documentation to add a check for deprecated configurations (#26451)
fix
https://github.com/go-gitea/gitea/issues/25995#issuecomment-1674096710

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-08-11 13:53:23 +08:00
Denys Konovalov 63ab92d797
Pre-register OAuth2 applications for git credential helpers (#26291)
This PR is an extended implementation of #25189 and builds upon the
proposal by @hickford in #25653, utilizing some ideas proposed
internally by @wxiaoguang.

Mainly, this PR consists of a mechanism to pre-register OAuth2
applications on startup, which can be enabled or disabled by modifying
the `[oauth2].DEFAULT_APPLICATIONS` parameter in app.ini. The OAuth2
applications registered this way are being marked as "locked" and
neither be deleted nor edited over UI to prevent confusing/unexpected
behavior. Instead, they're being removed if no longer enabled in config.


![grafik](https://github.com/go-gitea/gitea/assets/47871822/81a78b1c-4b68-40a7-9e99-c272ebb8f62e)

The implemented mechanism can also be used to pre-register other OAuth2
applications in the future, if wanted.

Co-authored-by: hickford <mirth.hickford@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

---------

Co-authored-by: M Hickford <mirth.hickford@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-09 14:24:07 +02:00
Track3 c1c83dbaec
[docs] Add missing backtick in quickstart.zh-cn.md (#26349)
Added missing backtick in quickstart.zh-cn.md docs so inline code can
render properly.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-08-06 00:28:25 +08:00
Lunny Xiao ecb04cc324
Remove backslashed newlines on markdown (#26344)
Fix https://gitea.com/gitea/gitea-docusaurus/issues/56
2023-08-05 12:48:46 +00:00
sillyguodong 68c652d8f3
Fix typos and grammer problems for actions documentation (#26328)
follow #26317
fix typos and adjust grammer problems.
2023-08-04 10:04:37 +00:00
sillyguodong 0da8ebc95b
Update documentation for 1.21 actions (#26317)
As title.
Close #26309
Related to #24724, #24806
2023-08-04 09:06:02 +00:00
Bård Aase 8ba54a2e16
Update Gmail example (#26302)
The `IS_TLS_ENABLED` option in the `mailer` section is deprecated. This
is specified by setting `PROTOCOL=smtps`
2023-08-03 18:20:40 +08:00
wxiaoguang 54c28fddd8
Clarify the logger's MODE config option (#26267)
1. Fix the wrong document (add the missing `MODE=`)
2. Add a more friendly log message to tell users to add `MODE=` in their
config

Co-authored-by: Giteabot <teabot@gitea.io>
2023-08-01 18:28:23 +00:00
minijaws ab0e588217
Update Arch linux URL from community to extra (#26273)
Arch linux package link has changed from the community repo to the extra repo.
The link has been updated.
2023-08-01 15:28:20 +00:00
Denys Konovalov fc6c3d626e
Mention devtest in frontend contributing guidelines (#26249)
Our `devtest` page contains some good UI examples which should be taken
as example when working on Gitea UI. Mention it in our frontend
contributing guidelines to for new contributors to know about it.
2023-07-31 12:49:21 +02:00
Panagiotis "Ivory" Vasilopoulos d58c542579
Add 'Show on a map' button to Location in profile, fix layout (#26214)
Not too important, but I think that it'd be a pretty neat touch.

Also fixes some layout bugs introduced by a previous PR.

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-31 08:44:45 +00:00
wxiaoguang 8baa42c8d7
Calculate MAX_WORKERS default value by CPU number (#26177)
To avoid consuming user's 100% CPU, limit the default value of
MAX_WORKERS

Fix #26063 (the CPU 100% problem mentioned in it)
2023-07-27 16:40:35 +08:00
John Olheiser 79995a8194
Re-add static images to docs (#26167)
https://github.com/go-gitea/gitea/pull/26051 I accidentally rebased
locally without my re-addition for these files, so they were missed in
the merge, but only for `main`.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-07-26 14:25:39 +00:00
Felix Victor 0533187f28
Update email-setup.en-us.md (#26068)
The setting `MAILER_TYPE` is deprecated.
According to the config cheat sheet, it should be `PROTOCOL`.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-26 21:50:15 +08:00
Upstream8022 df9afe3aa8
Update Chinese documents (#26139)
Update part of the documents, translate English to Chinese.
2023-07-26 07:28:44 +00:00
John Olheiser bd4c7ce578
Docusaurus-ify (#26051)
This PR cleans up the docs in a way to make them simpler to ingest by
our [docs repo](https://gitea.com/gitea/gitea-docusaurus).

1. It includes all of the sed invocations our ingestion did, removing
the need to do it at build time.
2. It replaces the shortcode variable replacement method with
`@variable@` style, simply for easier sed invocations when required.
3. It removes unused files and moves the docs up a level as cleanup.

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-07-26 04:53:13 +00:00
wxiaoguang 915cdf8f87
Remove "misc" scope check from public API endpoints (#26134)
Fix #26035
2023-07-26 02:53:31 +00:00
thigg 5446d65b0a
added ssh mirror workaround description (#26096)
related #1635 #18159

This will probably be obsolete at some point, but it should not break
anything and it may help some users
2023-07-25 16:06:35 +00:00
wxiaoguang 1ce51a55e3
Improve "gitea doctor" sub-command and fix "help" commands (#26072)
Replace #21790

And close #25965 by the way (it needs a separate fix for 1.20)

Major changes:

1. Move "gitea convert" to "gitea doctor conver". The old "gitea doctor"
still works as a hidden sub-command (to avoid breaking)
2. Do not write "doctor.log" by default, it's not useful in most cases
and causes bugs like 25965
3. Improve documents
4. Fix the "help" commands. Before, the "./gitea doctor" can't show the
sub-command help correctly (regression of the last cli/v2 refactoring)

After this PR:

```
./gitea help # show all sub-commands for the app
./gitea doctor # show the sub-commands for the "doctor"
./gitea doctor help # show the sub-commands for the "doctor", as above
```
2023-07-25 14:38:27 +00:00
caicandong af1ffbcd63
doc sync authentication.md to zh-cn (#26117)
as title
2023-07-25 07:52:55 +00:00
caicandong ebb98d7246
doc guide the user to create the appropriate level runner (#26091)
close #26045
2023-07-24 22:39:10 +08:00
JonRB acc74c2fc6
Update secrets.en-us.md (#26057)
Present documentation does not capture that secrets are only visible if
ACTIONS are enabled for a repository. This PR adds a short note
2023-07-22 09:34:01 +00:00
wxiaoguang 52fb936773
Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
Replace #25892

Close  #21942
Close  #25464

Major changes:

1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files

```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-21 12:14:20 +00:00
wxiaoguang d0dbe52e76
Refactor to use urfave/cli/v2 (#25959)
Replace #10912

And there are many new tests to cover the CLI behavior

There were some concerns about the "option order in hook scripts"
(https://github.com/go-gitea/gitea/pull/10912#issuecomment-1137543314),
it's not a problem now. Because the hook script uses `/gitea hook
--config=/app.ini pre-receive` format. The "config" is a global option,
it can appear anywhere.

----

## ⚠️ BREAKING ⚠️

This PR does it best to avoid breaking anything. The major changes are:

* `gitea` itself won't accept web's options: `--install-port` / `--pid`
/ `--port` / `--quiet` / `--verbose` .... They are `web` sub-command's
options.
    * Use `./gitea web --pid ....` instead
* `./gitea` can still run the `web` sub-command as shorthand, with
default options
* The sub-command's options must follow the sub-command
* Before: `./gitea --sub-opt subcmd` might equal to `./gitea subcmd
--sub-opt` (well, might not ...)
    * After: only `./gitea subcmd --sub-opt` could be used
    * The global options like `--config` are not affected
2023-07-21 17:28:19 +08:00
Pavel e89adec2a5
Update README.md to fix the broken link of Hugo (#26008)
Fix gohugo installiation link
2023-07-21 04:47:47 +00:00
Dominik Heidler 2e128dd1fc
RPM Registry: Show zypper commands for SUSE based distros as well (#25981)
After RPM is supported with https://github.com/go-gitea/gitea/pull/23380
let's show the user
how to add the repo and install the RPM via all common package managers.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-20 17:37:31 +02:00
John Olheiser 0ef2919bb6
Correctly refer to dev tags as nightly in the docker docs (#26004)
As title, `dev` tags are no longer used since we switched to `nightly`

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-07-20 17:26:02 +08:00
wxiaoguang 50e14699d3
Update path related documents (#25417)
Update WorkPath/WORK_PATH related documents, remove out-dated
information.

Remove "StaticRootPath" on the admin config display page, because few
end user really need it, it only causes misconfiguration.


![image](https://github.com/go-gitea/gitea/assets/2114189/8095afa4-da76-436b-9e89-2a92c229c01d)

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-19 11:22:57 +02:00
wxiaoguang faa28b5a44
Move public asset files to the proper directory (#25907)
Move `public/*` to `public/assets/*`

Some old PRs (like #15219) introduced inconsistent directory system.

For example: why the local directory "public" is accessed by
`http://site/assets`? How to serve the ".well-known" files properly in
the public directory?

For convention rules, the "public" directory is widely used for the
website's root directory. It shouldn't be an exception for Gitea.

So, this PR makes the things consistent:

* `http://site/assets/foo` means `{CustomPath}/public/assets/foo`.
* `{CustomPath}/public/.well-known` and `{CustomPath}/public/robots.txt`
can be used in the future.

This PR is also a prerequisite for a clear solution for:
* #21942
* #25892 
* discourse.gitea.io: [.well-known path serving custom files behind
proxy?](https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445/1)

This PR is breaking for users who have custom "public" files (CSS/JS).
After getting approvals, I will update the documents.

----

## ⚠️ BREAKING ⚠️

If you have files in your "custom/public/" folder, please move them to
"custom/public/assets/".

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-18 18:06:43 +02:00
HesterG b137a03297
Update blog links (#25843)
As title. Permalinks for lastest version of blog has changed, update the
blog links.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-12 11:35:07 +00:00
wxiaoguang fa0b5b14c2
Make "install page" respect environment config (#25648)
Replace #25580

Fix #19453

The problem was: when users set "GITEA__XXX__YYY" , the "install page"
doesn't respect it.

So, to make the result consistent and avoid surprising end users, now
the "install page" also writes the environment variables to the config
file.

And, to make things clear, there are enough messages on the UI to tell
users what will happen.

There are some necessary/related changes to `environment-to-ini.go`:

* The "--clear" flag is removed and it was incorrectly written there.
The "clear" operation should be done if INSTALL_LOCK=true
* The "--prefix" flag is removed because it's never used, never
documented and it only causes inconsistent behavior.


![image](https://github.com/go-gitea/gitea/assets/2114189/12778ee4-3fb5-4664-a73a-41ebbd77cd5b)
2023-07-09 22:43:37 +00:00
leavesster 52b3052757
docs: rootless docker ssh's default port is 2222 (#25771) 2023-07-08 11:38:35 -04:00
wxiaoguang cea9401634
Following-up improvments for various PRs (#25620)
For:

* #22743
* #25408
* #25412
* #25588
2023-07-01 14:00:10 -04:00
Jason Song 67bd9d4f1e
Restrict [actions].DEFAULT_ACTIONS_URL to only github or self (#25581)
Resolve #24789

## ⚠️ BREAKING ⚠️

Before this, `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like
`https://gitea.com` or `http://your-git-server,https://gitea.com`, and
the default value was `https://gitea.com`.

But now, `DEFAULT_ACTIONS_URL` supports only
`github`(`https://github.com`) or `self`(the root url of current Gitea
instance), and the default value is `github`.

If it has configured with a URL, an error log will be displayed and it
will fallback to `github`.

Actually, what we really want to do is always make it
`https://github.com`, however, this may not be acceptable for some
instances of internal use, so there's extra support for `self`, but no
more, even `https://gitea.com`.

Please note that `uses: https://xxx/yyy/zzz` always works and it does
exactly what it is supposed to do.

Although it's breaking, I belive it should be backported to `v1.20` due
to some security issues.

Follow-up on the runner side:

- https://gitea.com/gitea/act_runner/pulls/262
- https://gitea.com/gitea/act/pulls/70
2023-06-30 07:26:36 +00:00
Zettat123 72b3af74be
Add documentation about supported workflow trigger events (#25582)
Right now Gitea doesn't support all [Events that trigger
workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows).
This PR lists the supported events to help users write workflow files.
2023-06-29 19:45:53 +08:00
techknowlogick 50dc2d5f5f
Document creating an API key from the CLI (#25504) (#25510)
Frontport of #25504

Credit to @lonix1

Co-authored-by: lonix1 <40320097+lonix1@users.noreply.github.com>
Co-authored-by: delvh <dev.lh@web.de>
2023-06-26 05:13:20 +00:00
Lunny Xiao 9c62ca5689
Fix default value for LocalURL (#25426)
Fix #23769
2023-06-24 11:56:29 +08:00
Jason Song 375fd15fbf
Refactor indexer (#25174)
Refactor `modules/indexer` to make it more maintainable. And it can be
easier to support more features. I'm trying to solve some of issue
searching, this is a precursor to making functional changes.

Current supported engines and the index versions:

| engines | issues | code |
| - | - | - |
| db | Just a wrapper for database queries, doesn't need version | - |
| bleve | The version of index is **2** | The version of index is **6**
|
| elasticsearch | The old index has no version, will be treated as
version **0** in this PR | The version of index is **1** |
| meilisearch | The old index has no version, will be treated as version
**0** in this PR | - |


## Changes

### Split

Splited it into mutiple packages

```text
indexer
├── internal
│   ├── bleve
│   ├── db
│   ├── elasticsearch
│   └── meilisearch
├── code
│   ├── bleve
│   ├── elasticsearch
│   └── internal
└── issues
    ├── bleve
    ├── db
    ├── elasticsearch
    ├── internal
    └── meilisearch
```

- `indexer/interanal`: Internal shared package for indexer.
- `indexer/interanal/[engine]`: Internal shared package for each engine
(bleve/db/elasticsearch/meilisearch).
- `indexer/code`: Implementations for code indexer.
- `indexer/code/internal`: Internal shared package for code indexer.
- `indexer/code/[engine]`: Implementation via each engine for code
indexer.
- `indexer/issues`: Implementations for issues indexer.

### Deduplication

- Combine `Init/Ping/Close` for code indexer and issues indexer.
- ~Combine `issues.indexerHolder` and `code.wrappedIndexer` to
`internal.IndexHolder`.~ Remove it, use dummy indexer instead when the
indexer is not ready.
- Duplicate two copies of creating ES clients.
- Duplicate two copies of `indexerID()`.


### Enhancement

- [x] Support index version for elasticsearch issues indexer, the old
index without version will be treated as version 0.
- [x] Fix spell of `elastic_search/ElasticSearch`, it should be
`Elasticsearch`.
- [x] Improve versioning of ES index. We don't need `Aliases`:
- Gitea does't need aliases for "Zero Downtime" because it never delete
old indexes.
- The old code of issues indexer uses the orignal name to create issue
index, so it's tricky to convert it to an alias.
- [x] Support index version for meilisearch issues indexer, the old
index without version will be treated as version 0.
- [x] Do "ping" only when `Ping` has been called, don't ping
periodically and cache the status.
- [x] Support the context parameter whenever possible.
- [x] Fix outdated example config.
- [x] Give up the requeue logic of issues indexer: When indexing fails,
call Ping to check if it was caused by the engine being unavailable, and
only requeue the task if the engine is unavailable.
- It is fragile and tricky, could cause data losing (It did happen when
I was doing some tests for this PR). And it works for ES only.
- Just always requeue the failed task, if it caused by bad data, it's a
bug of Gitea which should be fixed.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-06-23 12:37:56 +00:00
wxiaoguang ce46834b93
Remove "CHARSET" config option for MySQL, always use "utf8mb4" (#25413)
In modern days, there is no reason to make users set "charset" anymore.

Close #25378

## ⚠️ BREAKING

The key `[database].CHARSET` was removed completely as every newer
(>10years) MySQL database supports `utf8mb4` already.
There is a (deliberately) undocumented new fallback option if anyone
still needs to use it, but we don't recommend using it as it simply
causes problems.
2023-06-21 10:49:25 +00:00
Lunny Xiao e79ff50560
Use the new download domain replace the old (#25405)
As title.
2023-06-21 03:11:17 +00:00
Kyle D 8220e50b56
Substitute variables in path names of template repos too (#25294)
### Summary

Extend the template variable substitution to replace file paths. This
can be helpful for setting up log files & directories that should match
the repository name.

### PR Changes

 - Move files matching glob pattern when setting up repos from template
- For security, added ~escaping~ sanitization for cross-platform support
and to prevent directory traversal (thanks @silverwind for the
reference)
 - Added unit testing for escaping function 
- Fixed the integration tests for repo template generation by passing
the repo_template_id
- Updated the integration testfiles to add some variable substitution &
assert the outputs

I had to fix the existing repo template integration test and extend it
to add a check for variable substitutions.

Example:

![image](https://github.com/go-gitea/gitea/assets/12700993/621feb09-0ef3-460e-afa8-da74cd84fa4e)
2023-06-20 21:14:47 +00:00
Philip Miglinci 1d92d0cf0f
Add Exoscale to installation on cloud provider docs (#25342)
We created a Gitea application for the [Exoscale
Marketplace](https://www.exoscale.com/marketplace/listing/glasskube-gitea/)
for easier installation on the European cloud provider.

The installation is managed via the [Glasskube Kubernetes
Operator](https://github.com/glasskube/operator).

Signed-off-by: Philip Miglinci <pmig@glasskube.eu>
2023-06-18 15:00:33 +02:00
techknowlogick 20c712ed7e
Add link to support page for commercial support (#25293) 2023-06-16 12:08:08 +08:00
Zisu Zhang e00f3c7742
Docs about how to generate config for act runner with docker and setup it with docker-compose (#25256)
In this pull request, the following changes are addressed:

- State user should create `config.yaml` before start container to avoid
errors.
- Provided instructions to deploy runners using docker compose.
2023-06-16 11:46:59 +08:00
silverwind e24f651c86
Add template linting via djlint (#25212)
So I found this [linter](https://github.com/Riverside-Healthcare/djlint)
which features a mode for go templates, so I gave it a try and it did
find a number of valid issue, like unbalanced tags etc. It also has a
number of bugs, I had to disable/workaround many issues.

Given that this linter is written in python, this does add a dependency
on `python` >= 3.8 and `poetry` to the development environment to be
able to run this linter locally.

- `e.g.` prefixes on placeholders are removed because the linter had a
false-positive on `placeholder="e.g. cn=Search"` for the `attr=value`
syntax and it's not ideal anyways to write `e.g.` into a placeholder
because a placeholder is meant to hold a sample value.
- In `templates/repo/settings/options.tmpl` I simplified the logic to
not conditionally create opening tags without closing tags because this
stuff confuses the linter (and possibly the reader as well).
2023-06-14 18:17:58 +00:00
Lunny Xiao d6dd6d641b
Fix all possible setting error related storages and added some tests (#23911)
Follow up #22405

Fix #20703 

This PR rewrites storage configuration read sequences with some breaks
and tests. It becomes more strict than before and also fixed some
inherit problems.

- Move storage's MinioConfig struct into setting, so after the
configuration loading, the values will be stored into the struct but not
still on some section.
- All storages configurations should be stored on one section,
configuration items cannot be overrided by multiple sections. The
prioioty of configuration is `[attachment]` > `[storage.attachments]` |
`[storage.customized]` > `[storage]` > `default`
- For extra override configuration items, currently are `SERVE_DIRECT`,
`MINIO_BASE_PATH`, `MINIO_BUCKET`, which could be configured in another
section. The prioioty of the override configuration is `[attachment]` >
`[storage.attachments]` > `default`.
- Add more tests for storages configurations.
- Update the storage documentations.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-14 11:42:38 +08:00
editfund-founder 139704f499
Update from-source.zh-cn.md & from-source.en-us.md - Cross Compile Using Zig (#25194)
## Compile & Cross Compile Gitea With CGO Dependencies Using Zig

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-13 10:53:51 +08:00
wxiaoguang 34498e62c3
Improve some documents: release version, logging, NFS lock (#25202)
Close #23654
Close #24684

@techknowlogick I still think we need to rename
https://dl.gitea.com/gitea/1.20/ to
https://dl.gitea.com/gitea/1.20-nightly/

`/gitea/1.20/` is quite confusing, it needs these words to explain why.
If we call it `1.20-nightly`, the FAQ can be simplified a lot.
2023-06-12 17:05:49 +08:00
Vladimir Buyanov 3bdd48016f
Add codeowners feature (#24910)
Hello.
This PR adds a github like configuration for the CODEOWNERS file.

Resolves: #10161
2023-06-08 16:56:05 +08:00
HesterG 206d3fbae9
Change branch name from master to main in some documents' links (#25126)
As title. And needs to backport to 1.19
2023-06-08 07:35:55 +00:00
silverwind c09f747b51
Enable all webpack sourcemaps in dev build, disable all in prod build (#25089)
- Enable all source maps in dev build
- Disable all source maps in prod build
- Provide `ENABLE_SOURCEMAP` env var to override it.

I think the strange error seen in
https://github.com/go-gitea/gitea/issues/24784 is sourcemap related, so
if we enable/disable them all, it might go away. But it's most
definitely a Safari bug.

With all sourcemaps disabled, binary size goes down by around 1-2 MB,
with all enabled it goes up by around 12MB. If +12MB is acceptable, we
could also always enable them by default as fully source maps do have
some debugging benefits.
2023-06-06 12:57:08 +08:00
techknowlogick 7c778d6b5e
change placeholders in actions docs 2023-06-05 11:32:56 -04:00
techknowlogick d302a5ee65
change placeholders in actions docs 2023-06-05 11:28:51 -04:00
sillyguodong 1a5f478ae1
Introduce how to configure cache when starting a Runner with Docker (#25077)
If a user starts a runner using a Docker image without making additional
configurations, the [cache action](https://github.com/actions/cache)
will not work properly.
Therefore, add a section in the documentation that explains how to
configure the cache correctly.
2023-06-05 14:12:55 +00:00
Lunny Xiao d851bd9a6b
improve permission documentation (#23942) 2023-06-05 15:43:17 +08:00
Jack Hay 18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
Denys Konovalov 7d855efb1f
Allow for PKCE flow without client secret + add docs (#25033)
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since #5378 (v1.8.0), however without being
able to omit client secret.
Since #21316 Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since #21316, in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes #17107
Closes #25047
2023-06-03 05:59:28 +02:00
kodermho 7fca4056c4
Fix link to customizing-gitea (#25056)
The link to customizing-gitea in the label documentation is broken. This
PR should adjust the relative path to fix the link
2023-06-03 04:27:40 +02:00
sillyguodong 3a6a6342ea
Add chinese documentations for cran package registry (#25012)
As title.
2023-05-31 14:14:31 +08:00
silverwind 50bd7d0b24
Remove the service worker (#25010)
It's been disabled by default since 1.17
(https://github.com/go-gitea/gitea/pull/18914), and it never really
delivered any benefit except being another cache layer that has its own
unsolved invalidation issues. HTTP cache works, we don't need two cache
layers at the browser for assets.

## ⚠️ BREAKING

You can remove the config `[ui].USE_SERVICE_WORKER` from your `app.ini`
now.
2023-05-31 02:07:04 +00:00
John Olheiser 3dd3b1b456
Fix markdown link to awesome gitea (#25009)
Fixes the markdown link and uses title case like the other
translations.
2023-05-30 13:10:51 -05:00
JakobDev 1b115296d3
Followup to pinned Issues (#24945)
This addressees some things from #24406 that came up after the PR was
merged. Mostly from @delvh.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-05-30 15:26:51 +00:00
Lunny Xiao e64c2faf85
Remove unnecessary content on docs (#24976) 2023-05-30 09:30:56 +08:00
HesterG 0018b0a15e
Unify doc links to use paths relative to doc folder (#24979)
Changes:

1. Use uniform links types relative to doc folder (start with `doc/`)
2. According to [docusaurus
links](https://docusaurus.io/docs/markdown-features/links), if `<a>` is
used, the `href` is resolved as URL location, but not file location. So
need to use `[text]({{< relref "path" >}})` instead.
2023-05-29 13:27:16 +00:00
epk 355a078192
Update from-binary.en-us.md (#24975)
Fixed link to the creating a systemd service in Ubuntu document.
2023-05-29 15:46:38 +08:00
silverwind c7612d178c
Remove meta tags theme-color and default-theme (#24960)
As discussed in
https://github.com/go-gitea/gitea/pull/24953#issuecomment-1565630156.

## ⚠️ BREAKING ⚠️

1. The `ui.THEME_COLOR_META_TAG` setting has been removed. If you still
need to set the `theme-color` meta tag, add it via
`$GITEA_CUSTOM/templates/custom/header.tmpl` instead.

2. The non-standard `default-theme` meta-tag added in
https://github.com/go-gitea/gitea/pull/13809 has been removed. Third
party code that needs to obtain the currently loaded theme should use
the `theme-<name>` class on the `<html>` node instead, which reflect the
currently active theme.
2023-05-28 22:33:17 +00:00
Jon Keim 1fa50f323a
simple docs fixes: 'pull request' page (en-us & zh-tw) link path to 'issue-pull-request-templates' (#24961)
Co-authored-by: silverwind <me@silverwind.io>
2023-05-28 10:47:05 +02:00
techknowlogick fe67390da5
Remove reference to caddy v1 in docs (#24962)
caddy v1 is loong eol. v2 should be used.
2023-05-28 08:39:16 +00:00
wxiaoguang 2f149c5c9d
Use [git.config] for reflog cleaning up (#24958)
Follow
https://github.com/go-gitea/gitea/pull/24860#discussion_r1200589651

Use `[git.config]` for reflog cleaning up, the new options are more
flexible.

*
https://git-scm.com/docs/git-config#Documentation/git-config.txt-corelogAllRefUpdates
*
https://git-scm.com/docs/git-config#Documentation/git-config.txt-gcreflogExpire

## ⚠️ BREAKING

The section `[git.reflog]` is now obsolete and its keys have been moved
to the following replacements:
- `[git.reflog].ENABLED` → `[git.config].core.logAllRefUpdates`
- `[git.reflog].EXPIRATION` → `[git.config].gc.reflogExpire`
2023-05-28 01:07:14 +00:00
谈笑风生间 d6cbf7f315
docs: remove an extraneous whitespace (#24949) 2023-05-26 14:16:48 -04:00
Lunny Xiao 694f70b57e
Fix documentation ref (#24934)
Fix documentation ref
2023-05-26 00:19:13 +08:00
HesterG aa2b317e08
Add Chinese docs for help, contribution and development (#24925) 2023-05-25 16:01:01 +00:00
Lunny Xiao 19722cf12c
Merge two translation contributing documents (#23939)
This PR also adjusts the weights.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-05-25 15:49:54 +00:00
JakobDev aaa1094663
Add the ability to pin Issues (#24406)
This adds the ability to pin important Issues and Pull Requests. You can
also move pinned Issues around to change their Position. Resolves #2175.

## Screenshots

![grafik](https://user-images.githubusercontent.com/15185051/235123207-0aa39869-bb48-45c3-abe2-ba1e836046ec.png)

![grafik](https://user-images.githubusercontent.com/15185051/235123297-152a16ea-a857-451d-9a42-61f2cd54dd75.png)

![grafik](https://user-images.githubusercontent.com/15185051/235640782-cbfe25ec-6254-479a-a3de-133e585d7a2d.png)

The Design was mostly copied from the Projects Board.

## Implementation
This uses a new `pin_order` Column in the `issue` table. If the value is
set to 0, the Issue is not pinned. If it's set to a bigger value, the
value is the Position. 1 means it's the first pinned Issue, 2 means it's
the second one etc. This is dived into Issues and Pull requests for each
Repo.

## TODO
- [x] You can currently pin as many Issues as you want. Maybe we should
add a Limit, which is configurable. GitHub uses 3, but I prefer 6, as
this is better for bigger Projects, but I'm open for suggestions.
- [x] Pin and Unpin events need to be added to the Issue history.
- [x] Tests
- [x] Migration

**The feature itself is currently fully working, so tester who may find
weird edge cases are very welcome!**

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-25 15:17:19 +02:00
techknowlogick 033d92997f
Allow skipping forks and mirrors from being indexed (#23187)
This PR adds two new options to disable repo/code search indexing of
both forks and mirrors.

Related: #22842
2023-05-25 16:13:47 +08:00
HesterG cff4e37d43
Add Chinese documentations for Actions (#24902) 2023-05-25 13:52:12 +08:00
Zettat123 69eb92a6e1
zh-cn translation for usage docs (#24897) 2023-05-25 04:33:38 +00:00
sillyguodong 9858d3b6df
Add chinese documentations for installation (#24904) 2023-05-25 04:32:39 +00:00
wxiaoguang 5f39285d6d
Improve RunMode / dev mode (#24886)
1. non-dev mode is treated as prod mode, to protect users from
accidentally running in dev mode if there is a typo in this value.
2. in dev mode, do not need to really exit if there are template errors,
because the template errors could be fixed by developer soon and the
templates get reloaded, help:
* https://github.com/go-gitea/gitea/issues/24845#issuecomment-1557615382
3. Fine tune the mail template loading message.
2023-05-25 03:47:30 +00:00
sillyguodong 694b38b880
Add chinese documentations for Packages (#24914) 2023-05-25 03:22:45 +00:00
Mike Rochefort d7e669c371
Update Asciidoc markup example with safe defaults (#24920)
The cheat sheet uses the `asciidoc` markup language to demonstrate how
to set up third party markup renderers. The current example has the
following issues:

- It promotes a legacy tool that does not handle modern AsciiDoc
specifications
- It does not account for embedded preview renders
- It has no safety restrictions

By switching to `asciidoctor`, uses are suggested to utilize de
facto/standard tooling for AsciiDoc.

The `--embedded` parameter will strip out HTML tags that contain the
document (such as `<html></html>`) which aren't necessary for the
render, and actually end up as text in the document if left in.

The `--safe-mode` parameter (of which there are several profiles)
imposes [certain
policies](https://docs.asciidoctor.org/asciidoctor/latest/safe-modes/)
on the files it ingests and what the resulting output looks like. GitHub
itself uses the `secure` profile (the highest), which can be a good
starting point for those who are uncertain of what to do. By default, if
no mode is specified when `asciidoctor` runs it defaults to `unsafe`,
i.e. no safety guidelines at all.
2023-05-25 01:24:05 +00:00
HesterG 9ad5cadc07
Fix <empty> in administration/config-cheat-sheet.en-us.md (#24905)
Before

<img width="206" alt="Screen Shot 2023-05-24 at 15 54 02"
src="https://github.com/go-gitea/gitea/assets/17645053/3493180e-e7a8-466d-b418-641c39d7788c">

<img width="272" alt="Screen Shot 2023-05-24 at 15 50 05"
src="https://github.com/go-gitea/gitea/assets/17645053/b1c80313-5b2c-41d8-aad3-4099c912c173">

<img width="264" alt="Screen Shot 2023-05-24 at 15 50 16"
src="https://github.com/go-gitea/gitea/assets/17645053/9a4b4223-ce67-40b3-a44e-03219694a37d">


After

<img width="295" alt="Screen Shot 2023-05-24 at 15 52 53"
src="https://github.com/go-gitea/gitea/assets/17645053/fbc8ef6e-2b9b-44f5-ba4f-6002cf2f19fe">
<img width="334" alt="Screen Shot 2023-05-24 at 15 53 03"
src="https://github.com/go-gitea/gitea/assets/17645053/6ebe45bf-b986-4afc-9b5c-d0c0134650c2">
<img width="282" alt="Screen Shot 2023-05-24 at 15 53 13"
src="https://github.com/go-gitea/gitea/assets/17645053/90ccc1ae-69f5-4730-8191-5e86ed0f6d49">
2023-05-24 16:29:44 +08:00
Lunny Xiao 37895b61c0
Rename docs packages title from xxx Packages Repository -> xxx Package Registry (#24895)
As title.
2023-05-24 06:21:39 +00:00
wxiaoguang c21605951b
Make environment-to-ini support loading key value from file (#24832)
Replace #19857

Close #19856
Close #10311
Close #10123

Major changes:

1. Move a lot of code from `environment-to-ini.go` to `config_env.go` to
make them testable.
2. Add `__FILE` support
3. Update documents
4. Add tests
2023-05-24 11:37:22 +08:00
Zettat123 1aa9107fea
zh-cn translation for administration docs (#24881)
- [x] adding-legal-pages
- [x] cmd-embedded
- [x] command-line
- [x] email-setup
- [x] external-renderers
- [x] git-lfs-support
- [x] logging-config
- [x] mail-templates
- [x] repo-indexer
- [x] search-engines-indexation
- [x] signing
2023-05-24 10:35:43 +08:00
wxiaoguang 8080ace6fc
Support changing git config through app.ini, use diff.algorithm=histogram by default (#24860)
Close #13454 , Close #23255, Close #14697 (and maybe more related
issues)

Many users have the requirement to customize the git config. This PR
introduces an easy way: put the options in Gitea's app.ini
`[git.config]`, then the config options will be applied to git config.

And it can support more flexible default config values, eg: now
`diff.algorithm=histogram` by default. According to:
https://stackoverflow.com/a/32367597/4754037 , `histogram diff` is
efficient and doesn't like to cause server-side problems.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-23 16:30:19 +00:00
Lunny Xiao cfadb1901f
Remove unnecessary usage prefix from doc titles (#24869)
As title.
2023-05-23 18:14:57 +08:00
wxiaoguang 81ce271f78
Use Go 1.20 for next release (#24859) 2023-05-22 16:29:53 +00:00
wxiaoguang bb9e20e434
Fix document and improve comment (#24844)
* Fix broken doc link:
https://github.com/go-gitea/gitea/actions/runs/5041309438/jobs/9040887385
* Improve comments about how font weight works:
https://github.com/go-gitea/gitea/pull/24827#pullrequestreview-1435584800

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-05-22 08:47:33 +00:00
KN4CK3R cdb088cec2
Add CRAN package registry (#22331)
This PR adds a [CRAN](https://cran.r-project.org/) package registry.

![grafik](https://user-images.githubusercontent.com/1666336/210450039-d6fa6f77-20cd-4741-89a8-1624def267f7.png)
2023-05-22 10:57:49 +08:00
Brecht Van Lommel 2d3ebe889e
Merge message template support for rebase without merge commit (#22669)
Use `default_merge_message/REBASE_TEMPLATE.md` for amending the message
of the last commit in the list of commits that was merged. Previously
this template was mentioned in the documentation but not actually used.

In this template additional variables `CommitTitle` and `CommitBody` are
available, for the title and body of the commit.

Ideally the message of every commit would be updated using the template,
but doing an interactive rebase or merging commits one by one is
complicated, so that is left as a future improvement.
2023-05-22 09:01:46 +08:00
wxiaoguang 2cb66fff60
Support wildcard in email domain allow/block list (#24831)
Replace #20257 (which is stale and incomplete)

Close #20255

Major changes:

* Deprecate the "WHITELIST", use "ALLOWLIST"
* Add wildcard support for EMAIL_DOMAIN_ALLOWLIST/EMAIL_DOMAIN_BLOCKLIST
* Update example config file and document
* Improve tests
2023-05-22 00:05:44 +00:00
wxiaoguang 4647660776
Rewrite logger system (#24726)
## ⚠️ Breaking

The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.

Although many legacy options still work, it's encouraged to upgrade to
the new options.

The SMTP logger is deleted because SMTP is not suitable to collect logs.

If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.

## Description

Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)

Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)

There is a new document (with examples): `logging-config.en-us.md`

This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.

## The old problems

The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.


## The new design

See `logger.go` for documents.


## Screenshot

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)


![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)


![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)

</details>

## TODO

* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
Yarden Shoham f5ce2ed292
Allow all URL schemes in Markdown links by default (#24805)
- Closes #21146
- Closes #16721

## ⚠️ BREAKING ⚠️
This changes the default behavior to now create links for any URL scheme
when the user uses the markdown form for links (`[label](URL)`), this
doesn't affect the rendering of inline links. To opt-out set the
`markdown.CUSTOM_URL_SCHEMES` setting to a list of allowed schemes, all
other schemes (except `http` and `https`) won't be allowed.

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/35fa18ce-7dda-4995-b5b3-3f360f38296d)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/0922216b-0b35-4b77-9919-21a5c21dd5d0)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-19 17:17:07 +02:00
Alejandro Leal 9fb0945a09
Updates to doc (#24757)
## Misspelling fixes to:
- docs/content/doc/administration/config-cheat-sheet.en-us.md
- docs/content/doc/installation/from-source.en-us.md
- docs/content/doc/usage/packages/cargo.en-us.md
- docs/content/doc/usage/packages/storage.en-us.md

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-05-17 05:45:26 +00:00
silverwind 30d9222267
Remove meta charset from HTML5 documents (#24744)
When `<!DOCTYPE html>` is present, the default (and only valid) charset
it `utf-8` so it does not need to be specified.

Also we do serve with HTML with `Content-Type: text/html;
charset=utf-8`, so it is duplicate info anyways.
2023-05-16 05:13:23 +00:00
Jason Song f74bd9dc81
Docs for creating a user to run Gitea on Fedora/RHEL/CentOS (#24725)
The current command doesn't work on Fedora/RHEL/CentOS.

- `--gecos`: use `--comment` instead.
- `--group`: use `--gid` instead, `--group` means "A list of
supplementary groups" on F/R/C.
- `--disabled-password`: leave `--password` empty instead, "The default
is to disable the password".
- `--home`: use `--home-dir` and `--create-home` instead.
2023-05-15 23:03:38 +08:00
Yevhen Pavlov 7bf80ad075
Update packages overview page (#24730)
Add missed Go package reference to packages overview page
2023-05-15 10:53:50 +00:00
Lunny Xiao 9897baf979
Move actions as usage's subdirectory and update comparsion zh-cn version (#24719)
As title.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-15 15:36:20 +08:00
Patrick Schratz 3db3d5d181
Document redis-cluster explicitly in config (#24717)
Co-authored-by: delvh <dev.lh@web.de>
2023-05-15 13:45:48 +08:00
KN4CK3R 5968c63a11
Add Go package registry (#24687)
Fixes #7608

This PR adds a Go package registry usable with the Go proxy protocol.

![grafik](https://github.com/go-gitea/gitea/assets/1666336/328feb5c-3df2-4f9d-8eae-fe3126d14c37)
2023-05-14 23:38:40 +08:00
wxiaoguang 82224c54e0
Improve avatar uploading / resizing / compressing, remove Fomantic card module (#24653)
Fixes: #8972
Fixes: #24263

And I think it also (partially) fix #24263 (no need to convert) ,
because users could upload any supported image format if it isn't larger
than AVATAR_MAX_ORIGIN_SIZE


The main idea: 

* if the uploaded file size is not larger than AVATAR_MAX_ORIGIN_SIZE,
use the origin
* if the resized size is larger than the origin, use the origin

Screenshots:

JPG:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/70e98bb0-ecb9-4c4e-a89f-4a37d4e37f8e)

</details>

APNG:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/9055135b-5e2d-4152-bd72-596fcb7c6671)


![image](https://github.com/go-gitea/gitea/assets/2114189/50364caf-f7f6-4241-a289-e485fe4cd582)

</details>

WebP (animated)

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/f642eb85-498a-49a5-86bf-0a7b04089ae0)

</details>

The only exception: if a WebP image is larger than MaxOriginSize and it
is animated, then current `webp` package can't decode it, so only in
this case it isn't supported. IMO no need to support such case: why a
user would upload a 1MB animated webp as avatar? crazy .....

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-05-13 20:59:11 +02:00
Yarden Shoham 9f1d377b87
Fix docs documenting invalid @every for OLDER_THAN cron settings (#24695)
Looks like a copy-paste leftover

- Fixes #20868

Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-13 15:22:31 +00:00
KN4CK3R 9173e079ae
Add Alpine package registry (#23714)
This PR adds an Alpine package registry. You can follow [this
tutorial](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package)
to build a *.apk package for testing.

This functionality is similar to the Debian registry (#22854) and
therefore shares some methods. I marked this PR as blocked because it
should be merged after #22854.


![grafik](https://user-images.githubusercontent.com/1666336/227779595-b76163aa-eea1-4a79-9583-775c24ad74e8.png)

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-12 17:27:50 +00:00
rune 4b80813341
Support SSH for go get (#24664)
fix #12192 Support SSH for go get

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: mfk <mfk@hengwei.com.cn>
Co-authored-by: silverwind <me@silverwind.io>
2023-05-12 09:44:37 +00:00
Kerwin Bryant 36ed6bdd0c
Fix typo in act-runner file (#24652)
Misspelled instance_url as intence_url
2023-05-11 09:04:42 +08:00
wxiaoguang 54f399c4df
Increase default LFS auth timeout from 20m to 24h (#24628)
According to the discussion with DanielGibson, the default "20m" seems
too short. It would make LFS fail if the file is large / network is
slow.

I think relaxing this timeout doesn't have side affect. So change the
default value to 24h, IMO that should be long enough.

## ⚠️ BREAKING

If admins want the previous timeout, they should set the setting
`[server].LFS_HTTP_AUTH_EXPIRY`.
2023-05-10 22:23:47 +08:00
ericLemanissier 89eebfae52
Fix typo in the swift package documentation (#24637) 2023-05-10 13:43:56 +00:00
Jason Song 84033cee86
Fix broken links in documents (#24630)
Before:

<img width="837" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/90c1c484-2d8d-4a57-8e86-2f4df0e7fbba">

After:

<img width="822" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/e27f6b63-9e7b-4894-b315-7be0cfebe8ca">
2023-05-10 12:34:16 +00:00
Jason Song 35ab5cdedf
Fix typo in Actions demo file (#24631)
Reported by @kerwin612.
2023-05-10 09:51:25 +00:00
wxiaoguang cf1a7b08eb
Improve reverse-proxy document and fix nginx config bug (#24616)
Close #23711, thanks to @ghnp5 !
Close  #24612, thanks to @DanielGibson !

Major changes:

* the default value of nginx's client_max_body_size is too small, so put
a 512M here
* move `Resolving Error: 413 Request Entity Too Large` to a sub-section
of `Nginx` section
* make nginx use unescaped the URI and keep "%2F" as is when using
sub-path
* add details for General sub-path configuration
2023-05-10 05:28:44 +00:00
Nicholas Pease c090f87a8d
Add Gitea Profile Readmes (#23260)
Implements displaying a README.md file present in a users ```.profile```
repository on the users profile page. If no such repository/file is
present, the user's profile page remains unchanged.

Example of user with ```.profile/README.md```

![image](https://user-images.githubusercontent.com/34464552/222757202-5d53ac62-60d9-432f-b9e3-2537ffa91041.png)

Example of user without ```.profile/README.md```

![image](https://user-images.githubusercontent.com/34464552/222759972-576e058b-acd4-47ac-be33-38a7cb58cc81.png)

This pull request closes the feature request in #12233 

Special thanks to @techknowlogick for the help in the Gitea discord!

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-05-09 05:57:24 +00:00
silverwind d5b2bf9044
Update JS dependencies, add new eslint rules (#24597)
- Update all JS dependencies
- Enable new eslint rules, fix issue (some via autofix)
- Fix some missed eslint rule renames from [unicorn
v25](https://github.com/sindresorhus/eslint-plugin-unicorn/releases/tag/v25.0.0)
- Tested Monaco, Katex, Swagger UI

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-09 02:35:49 +00:00
wxiaoguang 6f9c278559
Rewrite queue (#24505)
# ⚠️ Breaking

Many deprecated queue config options are removed (actually, they should
have been removed in 1.18/1.19).

If you see the fatal message when starting Gitea: "Please update your
app.ini to remove deprecated config options", please follow the error
messages to remove these options from your app.ini.

Example:

```
2023/05/06 19:39:22 [E] Removed queue option: `[indexer].ISSUE_INDEXER_QUEUE_TYPE`. Use new options in `[queue.issue_indexer]`
2023/05/06 19:39:22 [E] Removed queue option: `[indexer].UPDATE_BUFFER_LEN`. Use new options in `[queue.issue_indexer]`
2023/05/06 19:39:22 [F] Please update your app.ini to remove deprecated config options
```

Many options in `[queue]` are are dropped, including:
`WRAP_IF_NECESSARY`, `MAX_ATTEMPTS`, `TIMEOUT`, `WORKERS`,
`BLOCK_TIMEOUT`, `BOOST_TIMEOUT`, `BOOST_WORKERS`, they can be removed
from app.ini.

# The problem

The old queue package has some legacy problems:

* complexity: I doubt few people could tell how it works.
* maintainability: Too many channels and mutex/cond are mixed together,
too many different structs/interfaces depends each other.
* stability: due to the complexity & maintainability, sometimes there
are strange bugs and difficult to debug, and some code doesn't have test
(indeed some code is difficult to test because a lot of things are mixed
together).
* general applicability: although it is called "queue", its behavior is
not a well-known queue.
* scalability: it doesn't seem easy to make it work with a cluster
without breaking its behaviors.

It came from some very old code to "avoid breaking", however, its
technical debt is too heavy now. It's a good time to introduce a better
"queue" package.

# The new queue package

It keeps using old config and concept as much as possible.

* It only contains two major kinds of concepts:
    * The "base queue": channel, levelqueue, redis
* They have the same abstraction, the same interface, and they are
tested by the same testing code.
* The "WokerPoolQueue", it uses the "base queue" to provide "worker
pool" function, calls the "handler" to process the data in the base
queue.
* The new code doesn't do "PushBack"
* Think about a queue with many workers, the "PushBack" can't guarantee
the order for re-queued unhandled items, so in new code it just does
"normal push"
* The new code doesn't do "pause/resume"
* The "pause/resume" was designed to handle some handler's failure: eg:
document indexer (elasticsearch) is down
* If a queue is paused for long time, either the producers blocks or the
new items are dropped.
* The new code doesn't do such "pause/resume" trick, it's not a common
queue's behavior and it doesn't help much.
* If there are unhandled items, the "push" function just blocks for a
few seconds and then re-queue them and retry.
* The new code doesn't do "worker booster"
* Gitea's queue's handlers are light functions, the cost is only the
go-routine, so it doesn't make sense to "boost" them.
* The new code only use "max worker number" to limit the concurrent
workers.
* The new "Push" never blocks forever
* Instead of creating more and more blocking goroutines, return an error
is more friendly to the server and to the end user.

There are more details in code comments: eg: the "Flush" problem, the
strange "code.index" hanging problem, the "immediate" queue problem.

Almost ready for review.

TODO:

* [x] add some necessary comments during review
* [x] add some more tests if necessary
* [x] update documents and config options
* [x] test max worker / active worker
* [x] re-run the CI tasks to see whether any test is flaky
* [x] improve the `handleOldLengthConfiguration` to provide more
friendly messages
* [x] fine tune default config values (eg: length?)

## Code coverage:

![image](https://user-images.githubusercontent.com/2114189/236620635-55576955-f95d-4810-b12f-879026a3afdf.png)
2023-05-08 19:49:59 +08:00
Yarden Shoham ef92459e18
Fix docs failing the build on main (#24561)
Regression from https://github.com/go-gitea/gitea/pull/23380

First failing build: https://drone.gitea.io/go-gitea/gitea/74565
https://github.com/go-gitea/gitea/actions/runs/4897332409/jobs/8745242395

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2023-05-06 11:52:44 +00:00
KN4CK3R 05209f0d1d
Add RPM registry (#23380)
Fixes #20751

This PR adds a RPM package registry. You can follow [this
tutorial](https://opensource.com/article/18/9/how-build-rpm-packages) to
build a *.rpm package for testing.

This functionality is similar to the Debian registry (#22854) and
therefore shares some methods. I marked this PR as blocked because it
should be merged after #22854.


![grafik](https://user-images.githubusercontent.com/1666336/223806549-d8784fd9-9d79-46a2-9ae2-f038594f636a.png)
2023-05-05 20:33:37 +00:00
Jason Song 8f314c6793
Docs for Gitea Actions (#24405)
A new documentation section for Gitea Actions.

Some content comes from:

- [Hacking on Gitea
Actions](https://blog.gitea.io/2023/03/hacking-on-gitea-actions/)
- The README of [act_runner](https://gitea.com/gitea/act_runner)
- @ChristopherHX's excellent overview of the differences between Gitea
Actions and GitHub Actions in [this
comment](https://github.com/go-gitea/gitea/issues/13539#issuecomment-1448888850).

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-05-05 20:07:20 +00:00
Gary Moon b8c19e7a11
Update LDAP filters to include both username and email address (#24547)
Since the login form label for user_name unconditionally displays
`Username or Email Address` for the `user_name` field, bring matching
LDAP filters to more prominence in the documentation/placeholders.

Signed-off-by: Gary Moon <gary@garymoon.net>
2023-05-05 14:18:53 -04:00
Benjamin Loison 78fdbaf186
Harmonize title formatting in docs/content/doc/development/api-usage.en-us.md (#24529) 2023-05-05 03:11:54 +00:00
KN4CK3R bf999e4069
Add Debian package registry (#24426)
Co-authored-by: @awkwardbunny

This PR adds a Debian package registry.
You can follow [this
tutorial](https://www.baeldung.com/linux/create-debian-package) to build
a *.deb package for testing.
Source packages are not supported at the moment and I did not find
documentation of the architecture "all" and how these packages should be
treated.


![grafik](https://user-images.githubusercontent.com/1666336/218126879-eb80a866-775c-4c8e-8529-5797203a64e6.png)

Part of #20751.

Revised copy of #22854.

---------

Co-authored-by: Brian Hong <brian@hongs.me>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-02 12:31:35 -04:00
silverwind d6f8238492
Replace N/A with - everywhere (#24474)
Followup to https://github.com/go-gitea/gitea/pull/24427.

Reasoning is that `N/A` is specific to english while `-` is
language-neutral and does not need translation.

Before:
<img width="891" alt="Screenshot 2023-05-01 at 20 58 20"
src="https://user-images.githubusercontent.com/115237/235511592-8a36d0f2-34ff-4dbe-b642-67c0ade644fe.png">

After:
<img width="901" alt="Screenshot 2023-05-01 at 20 59 59"
src="https://user-images.githubusercontent.com/115237/235511594-d49f6d09-92e8-4e99-be7b-2a37f5d24129.png">
2023-05-02 05:54:29 -04:00