summaryrefslogtreecommitdiffstats
path: root/go.sum (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Replace gogs/cron with go-co-op/gocron (#25977)Chongyi Zheng2023-07-241-2/+8
| | | | | | | | Replace `github.com/gogs/cron` with `github.com/go-co-op/gocron` as the former package is not maintained for many years. --------- Co-authored-by: delvh <dev.lh@web.de>
* Refactor to use urfave/cli/v2 (#25959)wxiaoguang2023-07-211-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace #10912 And there are many new tests to cover the CLI behavior There were some concerns about the "option order in hook scripts" (https://github.com/go-gitea/gitea/pull/10912#issuecomment-1137543314), it's not a problem now. Because the hook script uses `/gitea hook --config=/app.ini pre-receive` format. The "config" is a global option, it can appear anywhere. ---- ## ⚠️ BREAKING ⚠️ This PR does it best to avoid breaking anything. The major changes are: * `gitea` itself won't accept web's options: `--install-port` / `--pid` / `--port` / `--quiet` / `--verbose` .... They are `web` sub-command's options. * Use `./gitea web --pid ....` instead * `./gitea` can still run the `web` sub-command as shorthand, with default options * The sub-command's options must follow the sub-command * Before: `./gitea --sub-opt subcmd` might equal to `./gitea subcmd --sub-opt` (well, might not ...) * After: only `./gitea subcmd --sub-opt` could be used * The global options like `--config` are not affected
* Remove nfnt/resize and oliamb/cutter (#25999)harryzcy2023-07-201-4/+0
| | | | | The package `github.com/nfnt/resize` is deprecated and archived by the author. `github.com/oliamb/cutter` is not maintained since 2018. We could use `golang.org/x/image/draw` instead.
* Bump github.com/golang-jwt/jwt to v5 (#25975)harryzcy2023-07-191-2/+4
| | | | | | | | | | | | | | | | Bumping `github.com/golang-jwt/jwt` from v4 to v5. `github.com/golang-jwt/jwt` v5 is bringing some breaking changes: - standard `Valid()` method on claims is removed. It's replaced by `ClaimsValidator` interface implementing `Validator()` method instead, which is called after standard validation. Gitea doesn't seem to be using this logic. - `jwt.Token` has a field `Valid`, so it's checked in `ParseToken` function in `services/auth/source/oauth2/token.go` --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Disallow dangerous url schemes (#25960)KN4CK3R2023-07-181-2/+2
| | | | | | | | | | | | Regression: https://github.com/go-gitea/gitea/pull/24805 Closes: #25945 - Disallow `javascript`, `vbscript` and `data` (data uri images still work) url schemes even if all other schemes are allowed - Fixed older `cbthunderlink` tests --------- Co-authored-by: delvh <dev.lh@web.de>
* Upgrade go dependencies (#25819)harryzcy2023-07-141-261/+226
|
* Fix wrong warn messages in migration steps (#25475)Lunny Xiao2023-06-241-2/+2
| | | | | | | | | | | | | | | | | | | The recent change on xorm for `Sync` is it will not warn when database have columns which is not listed on struct. So we just need this warn logs when `Sync` the whole database but not in the migrations Sync. This PR will remove almost unnecessary warning logs on migrations. Now below logs in CI will disappear. ```log 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column creator_id but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column is_closed but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column board_type but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column type but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column closed_date_unix but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column created_unix but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column updated_unix but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column card_type but struct has not related field ```
* Support changing labels of Actions runner without re-registration (#24806)sillyguodong2023-06-131-2/+2
| | | | | | | | | | | | | | | | | | | close #24540 related: - Protocol: https://gitea.com/gitea/actions-proto-def/pulls/9 - Runner side: https://gitea.com/gitea/act_runner/pulls/201 changes: - Add column of `labels` to table `action_runner`, and combine the value of `agent_labels` and `custom_labels` column to `labels` column. - Store `labels` when registering `act_runner`. - Update `labels` when `act_runner` starting and calling `Declare`. - Users cannot modify the `custom labels` in edit page any more. other changes: - Store `version` when registering `act_runner`. - If runner is latest version, parse version from `Declare`. But older version runner still parse version from request header.
* Update github.com/google/go-github to v53 (#25157)Yevhen Pavlov2023-06-091-2/+2
| | | | | | The new `go-github` version [53](https://github.com/google/go-github/releases/tag/v53.0.0) has been released.
* Update github.com/google/go-github to v52 (#24004)65432023-05-311-8/+10
| | | | | | | | | | based on https://github.com/google/go-github/pull/2743 because of https://github.com/go-gitea/gitea/pull/23946#discussion_r1160317554 --------- Co-authored-by: silverwind <me@silverwind.io>
* Allow all URL schemes in Markdown links by default (#24805)Yarden Shoham2023-05-191-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | - Closes #21146 - Closes #16721 ## :warning: BREAKING :warning: This changes the default behavior to now create links for any URL scheme when the user uses the markdown form for links (`[label](URL)`), this doesn't affect the rendering of inline links. To opt-out set the `markdown.CUSTOM_URL_SCHEMES` setting to a list of allowed schemes, all other schemes (except `http` and `https`) won't be allowed. # Before ![image](https://github.com/go-gitea/gitea/assets/20454870/35fa18ce-7dda-4995-b5b3-3f360f38296d) # After ![image](https://github.com/go-gitea/gitea/assets/20454870/0922216b-0b35-4b77-9919-21a5c21dd5d0) --------- Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: Giteabot <teabot@gitea.io>
* Add RPM registry (#23380)KN4CK3R2023-05-051-0/+8
| | | | | | | | | | | | | | | Fixes #20751 This PR adds a RPM package registry. You can follow [this tutorial](https://opensource.com/article/18/9/how-build-rpm-packages) to build a *.rpm package for testing. This functionality is similar to the Debian registry (#22854) and therefore shares some methods. I marked this PR as blocked because it should be merged after #22854. ![grafik](https://user-images.githubusercontent.com/1666336/223806549-d8784fd9-9d79-46a2-9ae2-f038594f636a.png)
* Bump golang deps (#24533)techknowlogick2023-05-051-190/+183
|
* Add Debian package registry (#24426)KN4CK3R2023-05-021-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: @awkwardbunny This PR adds a Debian package registry. You can follow [this tutorial](https://www.baeldung.com/linux/create-debian-package) to build a *.deb package for testing. Source packages are not supported at the moment and I did not find documentation of the architecture "all" and how these packages should be treated. ![grafik](https://user-images.githubusercontent.com/1666336/218126879-eb80a866-775c-4c8e-8529-5797203a64e6.png) Part of #20751. Revised copy of #22854. --------- Co-authored-by: Brian Hong <brian@hongs.me> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Giteabot <teabot@gitea.io>
* Revert "Add Debian package registry" (#24412)Yarden Shoham2023-04-291-2/+0
| | | Reverts go-gitea/gitea#22854
* Add Debian package registry (#22854)KN4CK3R2023-04-281-0/+2
| | | | | | | | | | | | | | Co-authored-by: @awkwardbunny This PR adds a Debian package registry. You can follow [this tutorial](https://www.baeldung.com/linux/create-debian-package) to build a *.deb package for testing. Source packages are not supported at the moment and I did not find documentation of the architecture "all" and how these packages should be treated. --------- Co-authored-by: Brian Hong <brian@hongs.me> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Upgrade act (#24298)Zettat1232023-04-241-2/+2
|
* Support upload `outputs` and use `needs` context on Actions (#24230)Jason Song2023-04-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See [Defining outputs for jobs](https://docs.github.com/en/actions/using-jobs/defining-outputs-for-jobs) and [Example usage of the needs context](https://docs.github.com/en/actions/learn-github-actions/contexts#example-usage-of-the-needs-context). Related to: - [actions-proto-def #5](https://gitea.com/gitea/actions-proto-def/pulls/5) - [act_runner #133](https://gitea.com/gitea/act_runner/pulls/133) <details> <summary>Tests & screenshots</summary> Test workflow file: ```yaml name: outputs on: push jobs: job1: runs-on: ubuntu-latest outputs: output1: ${{ steps.step1.outputs.output1 }} output2: ${{ steps.step2.outputs.output2 }} steps: - name: step1 id: step1 run: | date -Is > output1 cat output1 echo "output1=$(cat output1)" >> $GITHUB_OUTPUT - name: step2 id: step2 run: | cat /proc/sys/kernel/random/uuid > output2 cat output2 echo "output2=$(cat output2)" >> $GITHUB_OUTPUT job2: needs: job1 runs-on: ubuntu-latest steps: - run: echo ${{ needs.job1.outputs.output1 }} - run: echo ${{ needs.job1.outputs.output2 }} - run: echo ${{ needs.job1.result }} ``` <img width="397" alt="image" src="https://user-images.githubusercontent.com/9418365/233313322-903e7ebf-49a7-48e2-8c17-95a4581b3284.png"> <img width="385" alt="image" src="https://user-images.githubusercontent.com/9418365/233313442-30909135-1711-4b78-a5c6-133fcc79f47c.png"> </details> --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Allow `webp` images as avatars (#24248)JakobDev2023-04-211-2/+8
| | | | | | | | | Users can now upload `webp` images. Browsers supporting webp images then display this as the avatar of this user (every major browser except IE). --------- Co-authored-by: silverwind <me@silverwind.io>
* Update redis library to support redis v7 (#24114)techknowlogick2023-04-141-2/+15
|
* Update github.com/google/go-github to v51 (#23946)harryzcy2023-04-081-10/+10
| | | | `github.com/google/go-github` has new major version releases frequently. It is required to update all import path, in additional to `go.mod`
* Drop "unrolled/render" package (#23965)wxiaoguang2023-04-081-2/+0
| | | | | | | | | | | | None of the features of `unrolled/render` package is used. The Golang builtin "html/template" just works well. Then we can improve our HTML render to resolve the "$.root.locale.Tr" problem as much as possible. Next step: we can have a template render pool (by Clone), then we can inject global functions with dynamic context to every `Execute` calls. Then we can use `{{Locale.Tr ....}}` directly in all templates , no need to pass the `$.root.locale` again and again.
* Do not crash when parsing an invalid workflow file (#23972)Jason Song2023-04-071-2/+2
| | | | | Fix #23658. Related to https://gitea.com/gitea/act/pulls/39
* Fix checks for `needs` in Actions (#23789)Jason Song2023-03-301-2/+2
| | | | | | | | | | | | | | | | | Fix: - https://gitea.com/gitea/act_runner/issues/77 - https://gitea.com/gitea/act_runner/issues/81 Before: <img width="1489" alt="image" src="https://user-images.githubusercontent.com/9418365/228501567-f752cf87-a7ed-42c6-8f3d-ba741795c1fe.png"> Highlights: - Upgrade act to make things doable, related to - https://gitea.com/gitea/act/pulls/32 - https://gitea.com/gitea/act/pulls/33 - https://gitea.com/gitea/act/pulls/35 - Make `needs` works - Sort jobs in the original order in the workflow files
* Add meilisearch support (#23136)techknowlogick2023-03-291-2/+24
| | | | | Add meilisearch support Fixes #20665
* Update act (#23512)Jason Song2023-03-161-10/+8
| | | | | | | | | | | | | | | | | | | | | | Update replace: ```diff - replace github.com/nektos/act => gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744 + replace github.com/nektos/act => gitea.com/gitea/act v0.243.1 ``` Update require: ```diff - github.com/nektos/act v0.0.0 + github.com/nektos/act v0.2.43 ``` Actually, `v0.2.43` doesn't work, it will be replaced by `gitea/act`, so it's OK to put any version here. But `gitea/act` is based on `nektos/act`, so keeping the right upstream version will make security dependabot help. BTW, the [security report](https://github.com/go-gitea/gitea/security/dependabot/20) is false positive, we don't use the artifact server in act, see #22738.
* Update go.mod dependencies (#23126)zeripath2023-02-241-287/+96
| | | | | | | | | | | | | | This PR does a bulk update of a lot of our go deps. I have not included nektos/act and xorm for the following reasons: * Xorm updates can sometimes be complex and I'd rather do that in a separate PR * I think people more update with the actions code should double check that the latest nektos/act library works correctly. --------- Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Bump go.etcd.io/bbolt and blevesearch deps (#23062)WÁNG Xuěruì2023-02-241-13/+10
| | | | | | | | This notably brings support for GOARCH=loong64, among other fixes. --------- Signed-off-by: WANG Xuerui <xen0n@gentoo.org> Co-authored-by: zeripath <art27@cantab.net>
* Remove all package data after tests (#22984)KN4CK3R2023-02-231-2/+2
| | | | | | | | Fixes #21020 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Bump golang.org/x/net from 0.4.0 to 0.7.0 (#22980)dependabot[bot]2023-02-201-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.7.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/8e2b117aee74f6b86c207a808b0255de45c0a18a"><code>8e2b117</code></a> http2/hpack: avoid quadratic complexity in hpack decoding</li> <li><a href="https://github.com/golang/net/commit/547e7edf3873d6f3a9c093d3785f9e2289e00746"><code>547e7ed</code></a> http2: avoid referencing ResponseWrite.Write parameter after returning</li> <li><a href="https://github.com/golang/net/commit/39940adcaaa73e661124cb80fb8dd57ea929dbaf"><code>39940ad</code></a> html: parse comments per HTML spec</li> <li><a href="https://github.com/golang/net/commit/87ce33ecb484cbb6bcfc8e506ce0330ef72e0847"><code>87ce33e</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/415cb6d518e71d202e2dc2f44c475cbff84eee72"><code>415cb6d</code></a> all: fix some comments</li> <li><a href="https://github.com/golang/net/commit/7e3c19ca52e202ae203b1914fc00c8e47a4d72fa"><code>7e3c19c</code></a> all: correct typos in comments</li> <li><a href="https://github.com/golang/net/commit/296f09aa3817abc1ddff7703799bf9babb7bbd16"><code>296f09a</code></a> http2: case insensitive handling for 100-continue</li> <li><a href="https://github.com/golang/net/commit/f8411da775a685be247bbedcb3ed2c998f895cd2"><code>f8411da</code></a> nettest: fix tests on dragonfly and js/wasm</li> <li><a href="https://github.com/golang/net/commit/8e0e7d8d38f2b6d21d742845570dde2902d06a1d"><code>8e0e7d8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/7805fdc37dc2b54b28b9d621030e14dcf1dab67c"><code>7805fdc</code></a> http2: rewrite inbound flow control tracking</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.4.0...v0.7.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.4.0&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: delvh <leon@kske.dev> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Use import of OCI structs (#22765)KN4CK3R2023-02-061-0/+4
| | | | | | Fixes #22758 Otherwise we would need to rewrite the structs in `oci.go`.
* Add more events details supports for actions (#22680)Lunny Xiao2023-02-011-2/+2
| | | | | | | | | | | | | | | #21937 implemented only basic events based on name because of `act`'s limitation. So I sent a PR to parse all possible events details in https://gitea.com/gitea/act/pulls/11 and it merged. The ref documentation is https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows This PR depends on that and make more detail responses for `push` events and `pull_request` events. And it lefts more events there for future PRs. --------- Co-authored-by: Jason Song <i@wolfogre.com>
* Implement actions (#21937)Jason Song2023-01-311-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Close #13539. Co-authored by: @lunny @appleboy @fuxiaohei and others. Related projects: - https://gitea.com/gitea/actions-proto-def - https://gitea.com/gitea/actions-proto-go - https://gitea.com/gitea/act - https://gitea.com/gitea/act_runner ### Summary The target of this PR is to bring a basic implementation of "Actions", an internal CI/CD system of Gitea. That means even though it has been merged, the state of the feature is **EXPERIMENTAL**, and please note that: - It is disabled by default; - It shouldn't be used in a production environment currently; - It shouldn't be used in a public Gitea instance currently; - Breaking changes may be made before it's stable. **Please comment on #13539 if you have any different product design ideas**, all decisions reached there will be adopted here. But in this PR, we don't talk about **naming, feature-creep or alternatives**. ### ⚠️ Breaking `gitea-actions` will become a reserved user name. If a user with the name already exists in the database, it is recommended to rename it. ### Some important reviews - What is `DEFAULT_ACTIONS_URL` in `app.ini` for? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954 - Why the api for runners is not under the normal `/api/v1` prefix? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592 - Why DBFS? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178 - Why ignore events triggered by `gitea-actions` bot? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103 - Why there's no permission control for actions? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868 ### What it looks like <details> #### Manage runners <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png"> #### List runs <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png"> #### View logs <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png"> </details> ### How to try it <details> #### 1. Start Gitea Clone this branch and [install from source](https://docs.gitea.io/en-us/install-from-source). Add additional configurations in `app.ini` to enable Actions: ```ini [actions] ENABLED = true ``` Start it. If all is well, you'll see the management page of runners: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png"> #### 2. Start runner Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow the [README](https://gitea.com/gitea/act_runner/src/branch/main/README.md) to start it. If all is well, you'll see a new runner has been added: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png"> #### 3. Enable actions for a repo Create a new repo or open an existing one, check the `Actions` checkbox in settings and submit. <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png"> <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png"> If all is well, you'll see a new tab "Actions": <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png"> #### 4. Upload workflow files Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can follow the [quickstart](https://docs.github.com/en/actions/quickstart) of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions in most cases, you can use the same demo: ```yaml name: GitHub Actions Demo run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 on: [push] jobs: Explore-GitHub-Actions: runs-on: ubuntu-latest steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!" - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - name: Check out repository code uses: actions/checkout@v3 - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - run: echo "🖥️ The workflow is now ready to test your code on the runner." - name: List files in the repository run: | ls ${{ github.workspace }} - run: echo "🍏 This job's status is ${{ job.status }}." ``` If all is well, you'll see a new run in `Actions` tab: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png"> #### 5. Check the logs of jobs Click a run and you'll see the logs: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png"> #### 6. Go on You can try more examples in [the documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions) of GitHub Actions, then you might find a lot of bugs. Come on, PRs are welcome. </details> See also: [Feature Preview: Gitea Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/) --------- Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: ChristopherHX <christopher.homberger@web.de> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Consume hcaptcha and pwn deps (#22610)John Olheiser2023-01-291-4/+0
| | | | | | | | | | | This PR just consumes the [hcaptcha](https://gitea.com/jolheiser/hcaptcha) and [haveibeenpwned](https://gitea.com/jolheiser/pwn) modules directly into Gitea. Also let this serve as a notice that I'm fine with transferring my license (which was already MIT) from my own name to "The Gitea Authors". Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add support for incoming emails (#22056)KN4CK3R2023-01-141-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | closes #13585 fixes #9067 fixes #2386 ref #6226 ref #6219 fixes #745 This PR adds support to process incoming emails to perform actions. Currently I added handling of replies and unsubscribing from issues/pulls. In contrast to #13585 the IMAP IDLE command is used instead of polling which results (in my opinion 😉) in cleaner code. Procedure: - When sending an issue/pull reply email, a token is generated which is present in the Reply-To and References header. - IMAP IDLE waits until a new email arrives - The token tells which action should be performed A possible signature and/or reply gets stripped from the content. I added a new service to the drone pipeline to test the receiving of incoming mails. If we keep this in, we may test our outgoing emails too in future. Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update golang deps (#22410)techknowlogick2023-01-121-107/+123
| | | | Note, hashicorp's LRU has been updated to v2 which supports generics but this was left out as it is a more involved upgrade.
* Replace deprecated Webauthn library (#22400)techknowlogick2023-01-121-388/+25
| | | | | Fix #22052 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove satori/go.uuid (#22375)Jason Song2023-01-091-1/+0
| | | | `github.com/satori/go.uuid` is no longer used, so the `replace` is not needed now
* Upgrade go-chi to v5.0.8 (#22304)Lunny Xiao2023-01-011-2/+2
|
* Update bleve and zapx to fix unaligned atomic (#22031)zeripath2022-12-221-25/+20
| | | | | | | | | | | | There is an unaligned atomic field in zapx 15.3.5 which should have been fixed in a subsequent patch This bug causes issues on 32bit builds. Update bleve and zapx to account for this. Fix #21957 Signed-off-by: Andrew Thornton <art27@cantab.net>
* verify nodeinfo response by schema (#22137)Meisam2022-12-171-0/+6
| | | | | | ... using [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update xorm (#22094)KN4CK3R2022-12-111-6/+6
|
* Update gitea-vet to check FSFE REUSE (#22004)Jason Song2022-12-021-2/+2
| | | | | | | | | | | | | Related to: - #21840 - https://gitea.com/gitea/gitea-vet/pulls/21 What it looks like when it's working: https://drone.gitea.io/go-gitea/gitea/64040/1/5 All available SPDX license identifiers: [SPDX License List](https://spdx.org/licenses/). Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update chroma to v2.4.0 (#22000)silverwind2022-12-011-2/+4
| | | Did a few cursory tests, seems to work well.
* Upgrade golang.org/x/crypto (#21792)Gusted2022-11-131-9/+9
| | | | | | | | | - Update the crypto dependency to include https://github.com/golang/crypto/commit/6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9 - Resolves #17798 Executed: `go get golang.org/x/crypto@6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9 && rm go.sum && go mod tidy`
* Update binding to fix bugs (#21556)Lunny Xiao2022-10-231-2/+2
| | | Fix #19698
* Bump `golang.org/x/text` (#21412)Gusted2022-10-111-1/+2
| | | | | - Update the `golang.org/x/text` dependency, this fixes [a security issue](https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ).
* Update to go-enry v2.8.3 (#21360)Clark Boylan2022-10-061-2/+2
| | | | | | | | | | | | This fixes an issue with enry's isVendor() method being too greedy. This lead to gitea classifying unvendored code as vendored. The impact of this is fairly minimal, but our Gitea users did notice which led me to fixing this in go-enry. Some files will be tagged with a vendored flag in the UI. I think it also impacts the calculation of language statistics in the repo as vendored files are not incorporated into the stats. For more information on the issue see the go-enry bug: https://github.com/go-enry/go-enry/issues/135
* Update Golang deps (#21304)techknowlogick2022-10-011-68/+78
|
* Update bluemonday (#21281)65432022-09-281-3/+4
| | | | | https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.20 Co-authored-by: Lauris BH <lauris@nix.lv>