Go's semantic import versioning requires v2+ modules to include the
major version in the module path. This enables using proper version
tags (v3.x.x) instead of pseudo-versions.
Updated module path: code.gitcaddy.com/server/v3
Make Debian repository signing key generation use explicit stronger defaults
and embed the creation time in the OpenPGP comment for newly created keys.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Allows users to specify a "force" option in API /contents routes when
modifying files in a new branch. When "force" is true, and the branch
already exists, a force push will occur provided the branch does not
have a branch protection rule that disables force pushing.
This is useful as a way to manage a branch remotely through only the
API. For example in an automated release tool you can pull commits,
analyze, and update a release PR branch all remotely without needing to
clone or perform any local git operations.
Resolve#35538
---------
Co-authored-by: Rob Gonnella <rob.gonnella@papayapay.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Upgrade to
[v0.19.0](https://github.com/golang/tools/releases/tag/gopls%2Fv0.19.0)
and fix issues. Runs with new `warning` serverity setting. This likely
does less checks than before. Additionally, add `make fix` which runs
modernize. This is also verified on CI.
For the record, here are the issues discoverd when running with `info`
severity, in case we want to fix these:
```
tests/integration/repo_test.go:95:5-14: could use tagged switch on i
tests/integration/api_packages_generic_test.go:149:4-64: could use tagged switch on setting.Packages.Storage.Type
services/webhook/msteams_test.go:33:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:59:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:85:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:111:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:138:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:161:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:187:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:213:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:239:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:266:4-33: could use tagged switch on fact.Name
services/webhook/msteams_test.go:407:4-33: could use tagged switch on fact.Name
tests/integration/api_packages_conan_test.go:350:6-33: could use tagged switch on pf.Name
models/issues/tracked_time_test.go:98:3-18: could use tagged switch on user.ID
tests/integration/api_token_test.go:505:5-43: could use tagged switch on minRequiredLevel
services/gitdiff/gitdiff.go:220:33-46: method "getLineLegacy" is unused
```
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
1. Use `OpenXxx` instead of `GetXxx` because the returned readers should
be correctly closed, and clarify the behaviors of the functions: they
increase the download counter
2. Use `packages-content` styles instead of `issue-content`
By default, the code extracts 200 package versions. If too many packages
are generated every day or if rule cleaning is enabled later, which
means there are more than 200 versions corresponding to the library
package, it may not be cleaned up completely, resulting in residue
Fix#31961
---------
Co-authored-by: yeyuanjie <yecao100@126.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Add some missing (optional) fields for nuget v2, and sort the fields
to make it easier to maintain
2. Add missing "platform" for rubygems: `VERSION-PLATFORM` and
`VERSION_PLATFORM`
Co-authored-by: Giteabot <teabot@gitea.io>
Fix#33966
```
;; User must sign in to view anything.
;; It could be set to "expensive" to block anonymous users accessing some pages which consume a lot of resources,
;; for example: block anonymous AI crawlers from accessing repo code pages.
;; The "expensive" mode is experimental and subject to change.
;REQUIRE_SIGNIN_VIEW = false
```
Only show the latest version of the package in the arch repo.
closes#33534
---------
Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#28121
I did some tests and found that the `missing signature key` error is
caused by an incorrect `Content-Type` header. Gitea correctly sets the
`Content-Type` header when serving files.
f8819b702d/routers/api/packages/container/container.go (L712-L717)
However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may
be set to an incorrect value by the storage service. To fix this issue,
we can use query parameters to override response header values.
https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
<img width="600px"
src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555"
/>
In this PR, I introduced a new parameter to the `URL` method to support
additional parameters.
```
URL(path, name string, reqParams url.Values) (*url.URL, error)
```
---
Most S3-like services support specifying the content type when storing
objects. However, Gitea always use `application/octet-stream`.
Therefore, I believe we also need to improve the `Save` method to
support storing objects with the correct content type.
643e8fea0e/modules/storage/minio.go (L214-L221)
close #27031
If the rpm package does not contain a matching gpg signature, the
installation will fail. See (#27031) , now auto-signing rpm uploads.
This option is turned off by default for compatibility.
Fixes#26691
Revert #24972
The alpine package manager expects `noarch` packages in the index of
other architectures too.
---------
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
There is a missing newline when generating the debian apt repo InRelease
file, which results in output like:
```
[...]
Date: Wed, 14 Feb 2024 05:03:01 UTC
Acquire-By-Hash: yesMD5Sum:
51a518dbddcd569ac3e0cebf330c800a 3018 main-dev/binary-amd64/Packages
[...]
```
It appears this would probably result in apt ignoring the
Acquire-By-Hash setting and not using the by-hash functionality,
although I'm not sure how to confirm it.
Resolves https://github.com/go-gitea/gitea/issues/28704
Example of an entry in the generated `APKINDEX` file:
```
C:Q1xCO3H9LTTEbhKt9G1alSC87I56c=
P:hello
V:2.12-r1
A:x86_64
T:The GNU Hello program produces a familiar, friendly greeting
U:https://www.gnu.org/software/hello/
L:GPL-3.0-or-later
S:15403
I:36864
o:hello
m:
t:1705934118
D:so:libc.musl-x86_64.so.1
p:cmd:hello=2.12-r1
i:foobar=1.0 !baz
k:42
```
the `i:` and `k:` entries are new.
---------
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Fixes#22236
---
Error occurring currently while trying to revert commit using read-tree
-m approach:
> 2022/12/26 16:04:43 ...rvices/pull/patch.go:240:AttemptThreeWayMerge()
[E] [63a9c61a] Unable to run read-tree -m! Error: exit status 128 -
fatal: this operation must be run in a work tree
> - fatal: this operation must be run in a work tree
We need to clone a non-bare repository for `git read-tree -m` to work.
bb371aee6e
adds support to create a non-bare cloned temporary upload repository.
After cloning a non-bare temporary upload repository, we [set default
index](https://github.com/go-gitea/gitea/blob/main/services/repository/files/cherry_pick.go#L37)
(`git read-tree HEAD`).
This operation ends up resetting the git index file (see investigation
details below), due to which, we need to call `git update-index
--refresh` afterward.
Here's the diff of the index file before and after we execute
SetDefaultIndex: https://www.diffchecker.com/hyOP3eJy/
Notice the **ctime**, **mtime** are set to 0 after SetDefaultIndex.
You can reproduce the same behavior using these steps:
```bash
$ git clone https://try.gitea.io/me-heer/test.git -s -b main
$ cd test
$ git read-tree HEAD
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
error: Entry '1' not uptodate. Cannot merge.
```
After which, we can fix like this:
```
$ git update-index --refresh
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
```
I noticed the `BuildAllRepositoryFiles` function under the Alpine folder
is unused and I thought it was a bug.
But I'm not sure about this. Was it on purpose?
- Remove `ObjectFormatID`
- Remove function `ObjectFormatFromID`.
- Use `Sha1ObjectFormat` directly but not a pointer because it's an
empty struct.
- Store `ObjectFormatName` in `repository` struct
Refactor Hash interfaces and centralize hash function. This will allow
easier introduction of different hash function later on.
This forms the "no-op" part of the SHA256 enablement patch.
