* use a single function to do Action Tokens Permission checks
* allows easier customization
* add basic tests
* lfs file locks should work now
---------
Signed-off-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#35690
Change the "restricted user" behavior introduced by #6274. Now
restricted user can also access public repositories when sign-in is not
required.
For required sign-in, the behavior isn't changed.
This PR adds a quick approve button on PR page to allow reviewers to
approve all pending checks. Only users with write permission to the
Actions unit can approve.
---------
Signed-off-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fixes#32257
/claim #32257
Implemented commenting on unchanged lines in Pull Request diffs, lines
are accessed by expanding the diff preview. Comments also appear in the
"Files Changed" tab on the unchanged lines where they were placed.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Fix incorrect column in `applySubscribedCondition`, add a test
2. Fix debian version parsing, add more tests fix#35695
3. Fix log level for HTTP errors, fix#35651
4. Fix abused "panic" handler in API `Migrate`
5. Fix the redirection from PR to issue, add a test
6. Fix Actions variable & secret name validation, add more tests
* envNameCIRegexMatch is unnecessary, removed
* validating in "delete" function doesn't make sense, removed
7. Fix incorrect link in release email
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Fix#35649
* Use upstream `git-lfs-transfer`
* The Close should be called when error occurs (bug fix)
* The connection pool should be shared (bug fix)
* Add more tests to cover "LFS over SSH download"
This PR moved the creation of pushing comments before pull request
mergeable checking. So that when the pull request status changed, the
comments should have been created.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Update all JS dependencies
- Enable eslint `no-useless-assignment` and fix 2 discovered issues
- Replace `gitea-vscode` svg with new `octicon-vscode`
- Remove now-unused `@ts-expect-error` comments
- Change Monaco wrapping behaviour to match the wrapping in code view:
no wrapping indent and break on any character.
To prevent potential bugs, the logic in #35543 makes `gitcmd.Command`
panic when attempting to override stdout or stderr. Instead of using
`PrepareCmd`, this PR now uses the WithXXX methods directly to avoid the
panic.
Fix#35603
Use a helper method around the jobparser for parsing a single job
structure from an ActionRunJob
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The test calls out to a web service which may be down or unreachable as
seen in the linked issue. It's better for tests to not have such
external dependencies to make them absolutely stable.
Fixes: https://github.com/go-gitea/gitea/issues/35571
Fix the swagger documentation for the `diffpatch` API endpoint,
and fix the wrong API path caused by a refactoring change.
Closes#35602
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.
Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.
Fixes: #35530
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Refactor Git command functions to use WithXXX methods instead of
exposing RunOpts.
This change simplifies reuse across gitrepo and improves consistency,
encapsulation, and maintainability of command options.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Allows users to specify a "force" option in API /contents routes when
modifying files in a new branch. When "force" is true, and the branch
already exists, a force push will occur provided the branch does not
have a branch protection rule that disables force pushing.
This is useful as a way to manage a branch remotely through only the
API. For example in an automated release tool you can pull commits,
analyze, and update a release PR branch all remotely without needing to
clone or perform any local git operations.
Resolve#35538
---------
Co-authored-by: Rob Gonnella <rob.gonnella@papayapay.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
