diff --git a/.deadcode-out b/.deadcode-out
index f6fc50f15..555797e2e 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -74,10 +74,6 @@ code.gitea.io/gitea/models/project
code.gitea.io/gitea/models/repo
DeleteAttachmentsByIssue
- releaseSorter.Len
- releaseSorter.Less
- releaseSorter.Swap
- SortReleases
FindReposMapByIDs
IsErrTopicNotExist
ErrTopicNotExist.Error
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index d2a48b597..1de672f1d 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2774,7 +2774,9 @@ LEVEL = Info
;ENABLED = true
;; Default address to get action plugins, e.g. the default value means downloading from "https://code.forgejo.org/actions/checkout" for "uses: actions/checkout@v3"
;DEFAULT_ACTIONS_URL = https://code.forgejo.org
-;; Default artifact retention time in days, default is 90 days
+;; Logs retention time in days. Old logs will be deleted after this period.
+;LOG_RETENTION_DAYS = 365
+;; Default artifact retention time in days. Artifacts could have their own retention periods by setting the `retention-days` option in `actions/upload-artifact` step.
;ARTIFACT_RETENTION_DAYS = 90
;; Timeout to stop the task which have running status, but haven't been updated for a long time
;ZOMBIE_TASK_TIMEOUT = 10m
diff --git a/models/actions/runner.go b/models/actions/runner.go
index 3302a930a..175f211c7 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -26,14 +26,25 @@ import (
)
// ActionRunner represents runner machines
+//
+// It can be:
+// 1. global runner, OwnerID is 0 and RepoID is 0
+// 2. org/user level runner, OwnerID is org/user ID and RepoID is 0
+// 3. repo level runner, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find runners belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return runner {OwnerID: 1, RepoID: 1},
+// but it's a repo level runner, not an org/user level runner.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level runners.
type ActionRunner struct {
ID int64
UUID string `xorm:"CHAR(36) UNIQUE"`
Name string `xorm:"VARCHAR(255)"`
Version string `xorm:"VARCHAR(64)"`
- OwnerID int64 `xorm:"index"` // org level runner, 0 means system
+ OwnerID int64 `xorm:"index"`
Owner *user_model.User `xorm:"-"`
- RepoID int64 `xorm:"index"` // repo level runner, if OwnerID also is zero, then it's a global
+ RepoID int64 `xorm:"index"`
Repo *repo_model.Repository `xorm:"-"`
Description string `xorm:"TEXT"`
Base int // 0 native 1 docker 2 virtual machine
@@ -176,7 +187,7 @@ func init() {
type FindRunnerOptions struct {
db.ListOptions
RepoID int64
- OwnerID int64
+ OwnerID int64 // it will be ignored if RepoID is set
Sort string
Filter string
IsOnline optional.Option[bool]
@@ -193,8 +204,7 @@ func (opts FindRunnerOptions) ToConds() builder.Cond {
c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
}
cond = cond.And(c)
- }
- if opts.OwnerID > 0 {
+ } else if opts.OwnerID > 0 { // OwnerID is ignored if RepoID is set
c := builder.NewCond().And(builder.Eq{"owner_id": opts.OwnerID})
if opts.WithAvailable {
c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
@@ -297,6 +307,11 @@ func DeleteRunner(ctx context.Context, id int64) error {
// CreateRunner creates new runner.
func CreateRunner(ctx context.Context, t *ActionRunner) error {
+ if t.OwnerID != 0 && t.RepoID != 0 {
+ // It's trying to create a runner that belongs to a repository, but OwnerID has been set accidentally.
+ // Remove OwnerID to avoid confusion; it's not worth returning an error here.
+ t.OwnerID = 0
+ }
return db.Insert(ctx, t)
}
diff --git a/models/actions/runner_token.go b/models/actions/runner_token.go
index ccd9bbccb..fd6ba7eca 100644
--- a/models/actions/runner_token.go
+++ b/models/actions/runner_token.go
@@ -15,12 +15,23 @@ import (
)
// ActionRunnerToken represents runner tokens
+//
+// It can be:
+// 1. global token, OwnerID is 0 and RepoID is 0
+// 2. org/user level token, OwnerID is org/user ID and RepoID is 0
+// 3. repo level token, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find tokens belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return token {OwnerID: 1, RepoID: 1},
+// but it's a repo level token, not an org/user level token.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level tokens.
type ActionRunnerToken struct {
ID int64
Token string `xorm:"UNIQUE"`
- OwnerID int64 `xorm:"index"` // org level runner, 0 means system
+ OwnerID int64 `xorm:"index"`
Owner *user_model.User `xorm:"-"`
- RepoID int64 `xorm:"index"` // repo level runner, if orgid also is zero, then it's a global
+ RepoID int64 `xorm:"index"`
Repo *repo_model.Repository `xorm:"-"`
IsActive bool // true means it can be used
@@ -58,7 +69,14 @@ func UpdateRunnerToken(ctx context.Context, r *ActionRunnerToken, cols ...string
}
// NewRunnerToken creates a new active runner token and invalidate all old tokens
+// ownerID will be ignored and treated as 0 if repoID is non-zero.
func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
+ if ownerID != 0 && repoID != 0 {
+ // It's trying to create a runner token that belongs to a repository, but OwnerID has been set accidentally.
+ // Remove OwnerID to avoid confusion; it's not worth returning an error here.
+ ownerID = 0
+ }
+
token, err := util.CryptoRandomString(40)
if err != nil {
return nil, err
@@ -84,6 +102,12 @@ func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerTo
// GetLatestRunnerToken returns the latest runner token
func GetLatestRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
+ if ownerID != 0 && repoID != 0 {
+ // It's trying to get a runner token that belongs to a repository, but OwnerID has been set accidentally.
+ // Remove OwnerID to avoid confusion; it's not worth returning an error here.
+ ownerID = 0
+ }
+
var runnerToken ActionRunnerToken
has, err := db.GetEngine(ctx).Where("owner_id=? AND repo_id=?", ownerID, repoID).
OrderBy("id DESC").Get(&runnerToken)
diff --git a/models/actions/schedule.go b/models/actions/schedule.go
index 3646a046a..c751ef51c 100644
--- a/models/actions/schedule.go
+++ b/models/actions/schedule.go
@@ -13,8 +13,6 @@ import (
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/timeutil"
webhook_module "code.gitea.io/gitea/modules/webhook"
-
- "github.com/robfig/cron/v3"
)
// ActionSchedule represents a schedule of a workflow file
@@ -53,8 +51,6 @@ func GetReposMapByIDs(ctx context.Context, ids []int64) (map[int64]*repo_model.R
return repos, db.GetEngine(ctx).In("id", ids).Find(&repos)
}
-var cronParser = cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor)
-
// CreateScheduleTask creates new schedule task.
func CreateScheduleTask(ctx context.Context, rows []*ActionSchedule) error {
// Return early if there are no rows to insert
@@ -80,19 +76,21 @@ func CreateScheduleTask(ctx context.Context, rows []*ActionSchedule) error {
now := time.Now()
for _, spec := range row.Specs {
+ specRow := &ActionScheduleSpec{
+ RepoID: row.RepoID,
+ ScheduleID: row.ID,
+ Spec: spec,
+ }
// Parse the spec and check for errors
- schedule, err := cronParser.Parse(spec)
+ schedule, err := specRow.Parse()
if err != nil {
continue // skip to the next spec if there's an error
}
+ specRow.Next = timeutil.TimeStamp(schedule.Next(now).Unix())
+
// Insert the new schedule spec row
- if err = db.Insert(ctx, &ActionScheduleSpec{
- RepoID: row.RepoID,
- ScheduleID: row.ID,
- Spec: spec,
- Next: timeutil.TimeStamp(schedule.Next(now).Unix()),
- }); err != nil {
+ if err = db.Insert(ctx, specRow); err != nil {
return err
}
}
diff --git a/models/actions/schedule_spec.go b/models/actions/schedule_spec.go
index 91240459a..923e5f780 100644
--- a/models/actions/schedule_spec.go
+++ b/models/actions/schedule_spec.go
@@ -5,6 +5,8 @@ package actions
import (
"context"
+ "strings"
+ "time"
"code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
@@ -32,8 +34,29 @@ type ActionScheduleSpec struct {
Updated timeutil.TimeStamp `xorm:"updated"`
}
+// Parse parses the spec and returns a cron.Schedule
+// Unlike the default cron parser, Parse uses UTC timezone as the default if none is specified.
func (s *ActionScheduleSpec) Parse() (cron.Schedule, error) {
- return cronParser.Parse(s.Spec)
+ parser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor)
+ schedule, err := parser.Parse(s.Spec)
+ if err != nil {
+ return nil, err
+ }
+
+ // If the spec has specified a timezone, use it
+ if strings.HasPrefix(s.Spec, "TZ=") || strings.HasPrefix(s.Spec, "CRON_TZ=") {
+ return schedule, nil
+ }
+
+ specSchedule, ok := schedule.(*cron.SpecSchedule)
+ // If it's not a spec schedule, like "@every 5m", timezone is not relevant
+ if !ok {
+ return schedule, nil
+ }
+
+ // Set the timezone to UTC
+ specSchedule.Location = time.UTC
+ return specSchedule, nil
}
func init() {
diff --git a/models/actions/schedule_spec_test.go b/models/actions/schedule_spec_test.go
new file mode 100644
index 000000000..0c26fce4b
--- /dev/null
+++ b/models/actions/schedule_spec_test.go
@@ -0,0 +1,71 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestActionScheduleSpec_Parse(t *testing.T) {
+ // Mock the local timezone is not UTC
+ local := time.Local
+ tz, err := time.LoadLocation("Asia/Shanghai")
+ require.NoError(t, err)
+ defer func() {
+ time.Local = local
+ }()
+ time.Local = tz
+
+ now, err := time.Parse(time.RFC3339, "2024-07-31T15:47:55+08:00")
+ require.NoError(t, err)
+
+ tests := []struct {
+ name string
+ spec string
+ want string
+ wantErr assert.ErrorAssertionFunc
+ }{
+ {
+ name: "regular",
+ spec: "0 10 * * *",
+ want: "2024-07-31T10:00:00Z",
+ wantErr: assert.NoError,
+ },
+ {
+ name: "invalid",
+ spec: "0 10 * *",
+ want: "",
+ wantErr: assert.Error,
+ },
+ {
+ name: "with timezone",
+ spec: "TZ=America/New_York 0 10 * * *",
+ want: "2024-07-31T14:00:00Z",
+ wantErr: assert.NoError,
+ },
+ {
+ name: "timezone irrelevant",
+ spec: "@every 5m",
+ want: "2024-07-31T07:52:55Z",
+ wantErr: assert.NoError,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := &ActionScheduleSpec{
+ Spec: tt.spec,
+ }
+ got, err := s.Parse()
+ tt.wantErr(t, err)
+
+ if err == nil {
+ assert.Equal(t, tt.want, got.Next(now).UTC().Format(time.RFC3339))
+ }
+ })
+ }
+}
diff --git a/models/actions/task.go b/models/actions/task.go
index 9946cf523..1d6d68309 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -35,7 +35,7 @@ type ActionTask struct {
RunnerID int64 `xorm:"index"`
Status Status `xorm:"index"`
Started timeutil.TimeStamp `xorm:"index"`
- Stopped timeutil.TimeStamp
+ Stopped timeutil.TimeStamp `xorm:"index(stopped_log_expired)"`
RepoID int64 `xorm:"index"`
OwnerID int64 `xorm:"index"`
@@ -51,8 +51,8 @@ type ActionTask struct {
LogInStorage bool // read log from database or from storage
LogLength int64 // lines count
LogSize int64 // blob size
- LogIndexes LogIndexes `xorm:"LONGBLOB"` // line number to offset
- LogExpired bool // files that are too old will be deleted
+ LogIndexes LogIndexes `xorm:"LONGBLOB"` // line number to offset
+ LogExpired bool `xorm:"index(stopped_log_expired)"` // files that are too old will be deleted
Created timeutil.TimeStamp `xorm:"created"`
Updated timeutil.TimeStamp `xorm:"updated index"`
@@ -470,6 +470,16 @@ func StopTask(ctx context.Context, taskID int64, status Status) error {
return nil
}
+func FindOldTasksToExpire(ctx context.Context, olderThan timeutil.TimeStamp, limit int) ([]*ActionTask, error) {
+ e := db.GetEngine(ctx)
+
+ tasks := make([]*ActionTask, 0, limit)
+ // Check "stopped > 0" to avoid deleting tasks that are still running
+ return tasks, e.Where("stopped > 0 AND stopped < ? AND log_expired = ?", olderThan, false).
+ Limit(limit).
+ Find(&tasks)
+}
+
func isSubset(set, subset []string) bool {
m := make(container.Set[string], len(set))
for _, v := range set {
diff --git a/models/actions/variable.go b/models/actions/variable.go
index 8aff84465..d0f917d92 100644
--- a/models/actions/variable.go
+++ b/models/actions/variable.go
@@ -5,7 +5,6 @@ package actions
import (
"context"
- "errors"
"strings"
"code.gitea.io/gitea/models/db"
@@ -15,6 +14,18 @@ import (
"xorm.io/builder"
)
+// ActionVariable represents a variable that can be used in actions
+//
+// It can be:
+// 1. global variable, OwnerID is 0 and RepoID is 0
+// 2. org/user level variable, OwnerID is org/user ID and RepoID is 0
+// 3. repo level variable, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find variables belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return variable {OwnerID: 1, RepoID: 1},
+// but it's a repo level variable, not an org/user level variable.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level variables.
type ActionVariable struct {
ID int64 `xorm:"pk autoincr"`
OwnerID int64 `xorm:"UNIQUE(owner_repo_name)"`
@@ -29,30 +40,26 @@ func init() {
db.RegisterModel(new(ActionVariable))
}
-func (v *ActionVariable) Validate() error {
- if v.OwnerID != 0 && v.RepoID != 0 {
- return errors.New("a variable should not be bound to an owner and a repository at the same time")
- }
- return nil
-}
-
func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*ActionVariable, error) {
+ if ownerID != 0 && repoID != 0 {
+ // It's trying to create a variable that belongs to a repository, but OwnerID has been set accidentally.
+ // Remove OwnerID to avoid confusion; it's not worth returning an error here.
+ ownerID = 0
+ }
+
variable := &ActionVariable{
OwnerID: ownerID,
RepoID: repoID,
Name: strings.ToUpper(name),
Data: data,
}
- if err := variable.Validate(); err != nil {
- return variable, err
- }
return variable, db.Insert(ctx, variable)
}
type FindVariablesOpts struct {
db.ListOptions
- OwnerID int64
RepoID int64
+ OwnerID int64 // it will be ignored if RepoID is set
Name string
}
@@ -60,8 +67,13 @@ func (opts FindVariablesOpts) ToConds() builder.Cond {
cond := builder.NewCond()
// Since we now support instance-level variables,
// there is no need to check for null values for `owner_id` and `repo_id`
- cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
+ if opts.RepoID != 0 { // if RepoID is set
+ // ignore OwnerID and treat it as 0
+ cond = cond.And(builder.Eq{"owner_id": 0})
+ } else {
+ cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
+ }
if opts.Name != "" {
cond = cond.And(builder.Eq{"name": strings.ToUpper(opts.Name)})
diff --git a/models/git/branch.go b/models/git/branch.go
index 7e1c96d76..f004d502a 100644
--- a/models/git/branch.go
+++ b/models/git/branch.go
@@ -385,6 +385,13 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, from, to str
return err
}
+ // 4.1 Update all not merged pull request head branch name
+ if _, err = sess.Table("pull_request").Where("head_repo_id=? AND head_branch=? AND has_merged=?",
+ repo.ID, from, false).
+ Update(map[string]any{"head_branch": to}); err != nil {
+ return err
+ }
+
// 5. insert renamed branch record
renamedBranch := &RenamedBranch{
RepoID: repo.ID,
diff --git a/models/git/commit_status.go b/models/git/commit_status.go
index d975f0572..53d1ddc8c 100644
--- a/models/git/commit_status.go
+++ b/models/git/commit_status.go
@@ -141,13 +141,17 @@ func GetNextCommitStatusIndex(ctx context.Context, repoID int64, sha string) (in
return newIdx, nil
}
-func (status *CommitStatus) loadAttributes(ctx context.Context) (err error) {
+func (status *CommitStatus) loadRepository(ctx context.Context) (err error) {
if status.Repo == nil {
status.Repo, err = repo_model.GetRepositoryByID(ctx, status.RepoID)
if err != nil {
return fmt.Errorf("getRepositoryByID [%d]: %w", status.RepoID, err)
}
}
+ return nil
+}
+
+func (status *CommitStatus) loadCreator(ctx context.Context) (err error) {
if status.Creator == nil && status.CreatorID > 0 {
status.Creator, err = user_model.GetUserByID(ctx, status.CreatorID)
if err != nil {
@@ -157,6 +161,13 @@ func (status *CommitStatus) loadAttributes(ctx context.Context) (err error) {
return nil
}
+func (status *CommitStatus) loadAttributes(ctx context.Context) (err error) {
+ if err := status.loadRepository(ctx); err != nil {
+ return err
+ }
+ return status.loadCreator(ctx)
+}
+
// APIURL returns the absolute APIURL to this commit-status.
func (status *CommitStatus) APIURL(ctx context.Context) string {
_ = status.loadAttributes(ctx)
@@ -168,6 +179,25 @@ func (status *CommitStatus) LocaleString(lang translation.Locale) string {
return lang.TrString("repo.commitstatus." + status.State.String())
}
+// HideActionsURL set `TargetURL` to an empty string if the status comes from Gitea Actions
+func (status *CommitStatus) HideActionsURL(ctx context.Context) {
+ if status.RepoID == 0 {
+ return
+ }
+
+ if status.Repo == nil {
+ if err := status.loadRepository(ctx); err != nil {
+ log.Error("loadRepository: %v", err)
+ return
+ }
+ }
+
+ prefix := fmt.Sprintf("%s/actions", status.Repo.Link())
+ if strings.HasPrefix(status.TargetURL, prefix) {
+ status.TargetURL = ""
+ }
+}
+
// CalcCommitStatus returns commit status state via some status, the commit statues should order by id desc
func CalcCommitStatus(statuses []*CommitStatus) *CommitStatus {
if len(statuses) == 0 {
@@ -471,3 +501,19 @@ func ConvertFromGitCommit(ctx context.Context, commits []*git.Commit, repo *repo
repo,
)
}
+
+// CommitStatusesHideActionsURL hide Gitea Actions urls
+func CommitStatusesHideActionsURL(ctx context.Context, statuses []*CommitStatus) {
+ idToRepos := make(map[int64]*repo_model.Repository)
+ for _, status := range statuses {
+ if status == nil {
+ continue
+ }
+
+ if status.Repo == nil {
+ status.Repo = idToRepos[status.RepoID]
+ }
+ status.HideActionsURL(ctx)
+ idToRepos[status.RepoID] = status.Repo
+ }
+}
diff --git a/models/git/commit_status_test.go b/models/git/commit_status_test.go
index 07b9031c5..1014ee1e1 100644
--- a/models/git/commit_status_test.go
+++ b/models/git/commit_status_test.go
@@ -4,9 +4,11 @@
package git_test
import (
+ "fmt"
"testing"
"time"
+ actions_model "code.gitea.io/gitea/models/actions"
"code.gitea.io/gitea/models/db"
git_model "code.gitea.io/gitea/models/git"
repo_model "code.gitea.io/gitea/models/repo"
@@ -240,3 +242,26 @@ func TestFindRepoRecentCommitStatusContexts(t *testing.T) {
assert.Equal(t, "compliance/lint-backend", contexts[0])
}
}
+
+func TestCommitStatusesHideActionsURL(t *testing.T) {
+ require.NoError(t, unittest.PrepareTestDatabase())
+
+ repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+ run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 791, RepoID: repo.ID})
+ require.NoError(t, run.LoadAttributes(db.DefaultContext))
+
+ statuses := []*git_model.CommitStatus{
+ {
+ RepoID: repo.ID,
+ TargetURL: fmt.Sprintf("%s/jobs/%d", run.Link(), run.Index),
+ },
+ {
+ RepoID: repo.ID,
+ TargetURL: "https://mycicd.org/1",
+ },
+ }
+
+ git_model.CommitStatusesHideActionsURL(db.DefaultContext, statuses)
+ assert.Empty(t, statuses[0].TargetURL)
+ assert.Equal(t, "https://mycicd.org/1", statuses[1].TargetURL)
+}
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index 2e095c05a..d7e951f8b 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -593,6 +593,12 @@ var migrations = []Migration{
// v299 -> v300
NewMigration("Add content version to issue and comment table", v1_23.AddContentVersionToIssueAndComment),
+ // v300 -> v301
+ NewMigration("Add force-push branch protection support", v1_23.AddForcePushBranchProtection),
+ // v301 -> v302
+ NewMigration("Add skip_secondary_authorization option to oauth2 application table", v1_23.AddSkipSecondaryAuthColumnToOAuth2ApplicationTable),
+ // v302 -> v303
+ NewMigration("Add index to action_task stopped log_expired", v1_23.AddIndexToActionTaskStoppedLogExpired),
}
// GetCurrentDBVersion returns the current db version
diff --git a/models/migrations/v1_23/v300.go b/models/migrations/v1_23/v300.go
new file mode 100644
index 000000000..f1f1cccdb
--- /dev/null
+++ b/models/migrations/v1_23/v300.go
@@ -0,0 +1,17 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import "xorm.io/xorm"
+
+func AddForcePushBranchProtection(x *xorm.Engine) error {
+ type ProtectedBranch struct {
+ CanForcePush bool `xorm:"NOT NULL DEFAULT false"`
+ EnableForcePushAllowlist bool `xorm:"NOT NULL DEFAULT false"`
+ ForcePushAllowlistUserIDs []int64 `xorm:"JSON TEXT"`
+ ForcePushAllowlistTeamIDs []int64 `xorm:"JSON TEXT"`
+ ForcePushAllowlistDeployKeys bool `xorm:"NOT NULL DEFAULT false"`
+ }
+ return x.Sync(new(ProtectedBranch))
+}
diff --git a/models/migrations/v1_23/v301.go b/models/migrations/v1_23/v301.go
new file mode 100644
index 000000000..b7797f6c6
--- /dev/null
+++ b/models/migrations/v1_23/v301.go
@@ -0,0 +1,14 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import "xorm.io/xorm"
+
+// AddSkipSeconderyAuthToOAuth2ApplicationTable: add SkipSecondaryAuthorization column, setting existing rows to false
+func AddSkipSecondaryAuthColumnToOAuth2ApplicationTable(x *xorm.Engine) error {
+ type oauth2Application struct {
+ SkipSecondaryAuthorization bool `xorm:"NOT NULL DEFAULT FALSE"`
+ }
+ return x.Sync(new(oauth2Application))
+}
diff --git a/models/migrations/v1_23/v302.go b/models/migrations/v1_23/v302.go
new file mode 100644
index 000000000..d7ea03eb3
--- /dev/null
+++ b/models/migrations/v1_23/v302.go
@@ -0,0 +1,18 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import (
+ "code.gitea.io/gitea/modules/timeutil"
+
+ "xorm.io/xorm"
+)
+
+func AddIndexToActionTaskStoppedLogExpired(x *xorm.Engine) error {
+ type ActionTask struct {
+ Stopped timeutil.TimeStamp `xorm:"index(stopped_log_expired)"`
+ LogExpired bool `xorm:"index(stopped_log_expired)"`
+ }
+ return x.Sync(new(ActionTask))
+}
diff --git a/models/project/project.go b/models/project/project.go
index fe5d408f6..8cebf34b5 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -103,6 +103,13 @@ type Project struct {
ClosedDateUnix timeutil.TimeStamp
}
+// Ghost Project is a project which has been deleted
+const GhostProjectID = -1
+
+func (p *Project) IsGhost() bool {
+ return p.ID == GhostProjectID
+}
+
func (p *Project) LoadOwner(ctx context.Context) (err error) {
if p.Owner != nil {
return nil
diff --git a/models/repo/release.go b/models/repo/release.go
index 075e28717..e2cd7d7ed 100644
--- a/models/repo/release.go
+++ b/models/repo/release.go
@@ -413,32 +413,6 @@ func GetReleaseAttachments(ctx context.Context, rels ...*Release) (err error) {
return err
}
-type releaseSorter struct {
- rels []*Release
-}
-
-func (rs *releaseSorter) Len() int {
- return len(rs.rels)
-}
-
-func (rs *releaseSorter) Less(i, j int) bool {
- diffNum := rs.rels[i].NumCommits - rs.rels[j].NumCommits
- if diffNum != 0 {
- return diffNum > 0
- }
- return rs.rels[i].CreatedUnix > rs.rels[j].CreatedUnix
-}
-
-func (rs *releaseSorter) Swap(i, j int) {
- rs.rels[i], rs.rels[j] = rs.rels[j], rs.rels[i]
-}
-
-// SortReleases sorts releases by number of commits and created time.
-func SortReleases(rels []*Release) {
- sorter := &releaseSorter{rels: rels}
- sort.Sort(sorter)
-}
-
// UpdateReleasesMigrationsByType updates all migrated repositories' releases from gitServiceType to replace originalAuthorID to posterID
func UpdateReleasesMigrationsByType(ctx context.Context, gitServiceType structs.GitServiceType, originalAuthorID string, posterID int64) error {
_, err := db.GetEngine(ctx).Table("release").
diff --git a/models/repo/repo.go b/models/repo/repo.go
index 6db7c3051..cd6be48b9 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -766,17 +766,18 @@ func GetRepositoryByOwnerAndName(ctx context.Context, ownerName, repoName string
// GetRepositoryByName returns the repository by given name under user if exists.
func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repository, error) {
- repo := &Repository{
- OwnerID: ownerID,
- LowerName: strings.ToLower(name),
- }
- has, err := db.GetEngine(ctx).Get(repo)
+ var repo Repository
+ has, err := db.GetEngine(ctx).
+ Where("`owner_id`=?", ownerID).
+ And("`lower_name`=?", strings.ToLower(name)).
+ NoAutoCondition().
+ Get(&repo)
if err != nil {
return nil, err
} else if !has {
return nil, ErrRepoNotExist{0, ownerID, "", name}
}
- return repo, err
+ return &repo, err
}
// getRepositoryURLPathSegments returns segments (owner, reponame) extracted from a url
diff --git a/models/secret/secret.go b/models/secret/secret.go
index 35bed500b..ce0ad65a7 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -5,7 +5,6 @@ package secret
import (
"context"
- "errors"
"fmt"
"strings"
@@ -22,6 +21,19 @@ import (
)
// Secret represents a secret
+//
+// It can be:
+// 1. org/user level secret, OwnerID is org/user ID and RepoID is 0
+// 2. repo level secret, OwnerID is 0 and RepoID is repo ID
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
+// or it will be complicated to find secrets belonging to a specific owner.
+// For example, conditions like `OwnerID = 1` will also return secret {OwnerID: 1, RepoID: 1},
+// but it's a repo level secret, not an org/user level secret.
+// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level secrets.
+//
+// Please note that it's not acceptable to have both OwnerID and RepoID to zero, global secrets are not supported.
+// It's for security reasons, admin may be not aware of that the secrets could be stolen by any user when setting them as global.
type Secret struct {
ID int64
OwnerID int64 `xorm:"INDEX UNIQUE(owner_repo_name) NOT NULL"`
@@ -46,6 +58,15 @@ func (err ErrSecretNotFound) Unwrap() error {
// InsertEncryptedSecret Creates, encrypts, and validates a new secret with yet unencrypted data and insert into database
func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*Secret, error) {
+ if ownerID != 0 && repoID != 0 {
+ // It's trying to create a secret that belongs to a repository, but OwnerID has been set accidentally.
+ // Remove OwnerID to avoid confusion; it's not worth returning an error here.
+ ownerID = 0
+ }
+ if ownerID == 0 && repoID == 0 {
+ return nil, fmt.Errorf("%w: ownerID and repoID cannot be both zero, global secrets are not supported", util.ErrInvalidArgument)
+ }
+
encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
if err != nil {
return nil, err
@@ -56,9 +77,6 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat
Name: strings.ToUpper(name),
Data: encrypted,
}
- if err := secret.Validate(); err != nil {
- return secret, err
- }
return secret, db.Insert(ctx, secret)
}
@@ -66,29 +84,25 @@ func init() {
db.RegisterModel(new(Secret))
}
-func (s *Secret) Validate() error {
- if s.OwnerID == 0 && s.RepoID == 0 {
- return errors.New("the secret is not bound to any scope")
- }
- return nil
-}
-
type FindSecretsOptions struct {
db.ListOptions
- OwnerID int64
RepoID int64
+ OwnerID int64 // it will be ignored if RepoID is set
SecretID int64
Name string
}
func (opts FindSecretsOptions) ToConds() builder.Cond {
cond := builder.NewCond()
- if opts.OwnerID > 0 {
+
+ cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
+ if opts.RepoID != 0 { // if RepoID is set
+ // ignore OwnerID and treat it as 0
+ cond = cond.And(builder.Eq{"owner_id": 0})
+ } else {
cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
}
- if opts.RepoID > 0 {
- cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
- }
+
if opts.SecretID != 0 {
cond = cond.And(builder.Eq{"id": opts.SecretID})
}
diff --git a/modules/lfs/http_client.go b/modules/lfs/http_client.go
index 7ee2449b0..4859fe61e 100644
--- a/modules/lfs/http_client.go
+++ b/modules/lfs/http_client.go
@@ -136,14 +136,13 @@ func (c *HTTPClient) performOperation(ctx context.Context, objects []Pointer, dc
for _, object := range result.Objects {
if object.Error != nil {
- objectError := errors.New(object.Error.Message)
- log.Trace("Error on object %v: %v", object.Pointer, objectError)
+ log.Trace("Error on object %v: %v", object.Pointer, object.Error)
if uc != nil {
- if _, err := uc(object.Pointer, objectError); err != nil {
+ if _, err := uc(object.Pointer, object.Error); err != nil {
return err
}
} else {
- if err := dc(object.Pointer, nil, objectError); err != nil {
+ if err := dc(object.Pointer, nil, object.Error); err != nil {
return err
}
}
diff --git a/modules/lfs/shared.go b/modules/lfs/shared.go
index 675d2328b..a4326b57b 100644
--- a/modules/lfs/shared.go
+++ b/modules/lfs/shared.go
@@ -4,7 +4,11 @@
package lfs
import (
+ "errors"
+ "fmt"
"time"
+
+ "code.gitea.io/gitea/modules/util"
)
const (
@@ -64,6 +68,39 @@ type ObjectError struct {
Message string `json:"message"`
}
+var (
+ // See https://github.com/git-lfs/git-lfs/blob/main/docs/api/batch.md#successful-responses
+ // LFS object error codes should match HTTP status codes where possible:
+ // 404 - The object does not exist on the server.
+ // 409 - The specified hash algorithm disagrees with the server's acceptable options.
+ // 410 - The object was removed by the owner.
+ // 422 - Validation error.
+
+ ErrObjectNotExist = util.ErrNotExist // the object does not exist on the server
+ ErrObjectHashMismatch = errors.New("the specified hash algorithm disagrees with the server's acceptable options")
+ ErrObjectRemoved = errors.New("the object was removed by the owner")
+ ErrObjectValidation = errors.New("validation error")
+)
+
+func (e *ObjectError) Error() string {
+ return fmt.Sprintf("[%d] %s", e.Code, e.Message)
+}
+
+func (e *ObjectError) Unwrap() error {
+ switch e.Code {
+ case 404:
+ return ErrObjectNotExist
+ case 409:
+ return ErrObjectHashMismatch
+ case 410:
+ return ErrObjectRemoved
+ case 422:
+ return ErrObjectValidation
+ default:
+ return errors.New(e.Message)
+ }
+}
+
// PointerBlob associates a Git blob with a Pointer.
type PointerBlob struct {
Hash string
diff --git a/modules/repository/repo.go b/modules/repository/repo.go
index a863bec99..e08bc376b 100644
--- a/modules/repository/repo.go
+++ b/modules/repository/repo.go
@@ -6,6 +6,7 @@ package repository
import (
"context"
+ "errors"
"fmt"
"io"
"strings"
@@ -182,6 +183,10 @@ func StoreMissingLfsObjectsInRepository(ctx context.Context, repo *repo_model.Re
downloadObjects := func(pointers []lfs.Pointer) error {
err := lfsClient.Download(ctx, pointers, func(p lfs.Pointer, content io.ReadCloser, objectError error) error {
if objectError != nil {
+ if errors.Is(objectError, lfs.ErrObjectNotExist) {
+ log.Warn("Repo[%-v]: Ignore missing LFS object %-v: %v", repo, p, objectError)
+ return nil
+ }
return objectError
}
diff --git a/modules/setting/actions.go b/modules/setting/actions.go
index 804ed9ec7..2bb8471b6 100644
--- a/modules/setting/actions.go
+++ b/modules/setting/actions.go
@@ -12,10 +12,11 @@ import (
// Actions settings
var (
Actions = struct {
- LogStorage *Storage // how the created logs should be stored
- ArtifactStorage *Storage // how the created artifacts should be stored
- ArtifactRetentionDays int64 `ini:"ARTIFACT_RETENTION_DAYS"`
Enabled bool
+ LogStorage *Storage // how the created logs should be stored
+ LogRetentionDays int64 `ini:"LOG_RETENTION_DAYS"`
+ ArtifactStorage *Storage // how the created artifacts should be stored
+ ArtifactRetentionDays int64 `ini:"ARTIFACT_RETENTION_DAYS"`
DefaultActionsURL defaultActionsURL `ini:"DEFAULT_ACTIONS_URL"`
ZombieTaskTimeout time.Duration `ini:"ZOMBIE_TASK_TIMEOUT"`
EndlessTaskTimeout time.Duration `ini:"ENDLESS_TASK_TIMEOUT"`
@@ -61,10 +62,17 @@ func loadActionsFrom(rootCfg ConfigProvider) error {
if err != nil {
return err
}
+ // default to 1 year
+ if Actions.LogRetentionDays <= 0 {
+ Actions.LogRetentionDays = 365
+ }
actionsSec, _ := rootCfg.GetSection("actions.artifacts")
Actions.ArtifactStorage, err = getStorage(rootCfg, "actions_artifacts", "", actionsSec)
+ if err != nil {
+ return err
+ }
// default to 90 days in Github Actions
if Actions.ArtifactRetentionDays <= 0 {
@@ -75,5 +83,5 @@ func loadActionsFrom(rootCfg ConfigProvider) error {
Actions.EndlessTaskTimeout = sec.Key("ENDLESS_TASK_TIMEOUT").MustDuration(3 * time.Hour)
Actions.AbandonedJobTimeout = sec.Key("ABANDONED_JOB_TIMEOUT").MustDuration(24 * time.Hour)
- return err
+ return nil
}
diff --git a/modules/structs/repo_collaborator.go b/modules/structs/repo_collaborator.go
index 946a6ec7e..7d39b5a79 100644
--- a/modules/structs/repo_collaborator.go
+++ b/modules/structs/repo_collaborator.go
@@ -5,6 +5,7 @@ package structs
// AddCollaboratorOption options when adding a user as a collaborator of a repository
type AddCollaboratorOption struct {
+ // enum: read,write,admin
Permission *string `json:"permission"`
}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index ea201faff..534700a18 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2997,10 +2997,10 @@ dashboard.delete_old_actions.started = Delete all old activities from database s
dashboard.update_checker = Update checker
dashboard.delete_old_system_notices = Delete all old system notices from database
dashboard.gc_lfs = Garbage collect LFS meta objects
-dashboard.stop_zombie_tasks = Stop zombie tasks
-dashboard.stop_endless_tasks = Stop endless tasks
-dashboard.cancel_abandoned_jobs = Cancel abandoned jobs
-dashboard.start_schedule_tasks = Start schedule tasks
+dashboard.stop_zombie_tasks = Stop zombie actions tasks
+dashboard.stop_endless_tasks = Stop endless actions tasks
+dashboard.cancel_abandoned_jobs = Cancel abandoned actions jobs
+dashboard.start_schedule_tasks = Start schedule actions tasks
dashboard.sync_branch.started = Branch sync started
dashboard.sync_tag.started = Tag sync started
dashboard.rebuild_issue_indexer = Rebuild issue indexer
@@ -3803,6 +3803,7 @@ runs.no_workflows.quick_start = Don't know how to start with Forgejo Actions? Se
runs.no_workflows.documentation = For more information on Forgejo Actions, see the documentation.
runs.no_runs = The workflow has no runs yet.
runs.empty_commit_message = (empty commit message)
+runs.expire_log_message = Logs have been purged because they were too old.
workflow.disable = Disable workflow
workflow.disable_success = Workflow "%s" disabled successfully.
@@ -3836,6 +3837,7 @@ variables.update.failed = Failed to edit variable.
variables.update.success = The variable has been edited.
[projects]
+deleted.display_name = Deleted Project
type-1.display_name = Individual project
type-2.display_name = Repository project
type-3.display_name = Organization project
diff --git a/release-notes/4801.md b/release-notes/4801.md
new file mode 100644
index 000000000..c0f7b0d27
--- /dev/null
+++ b/release-notes/4801.md
@@ -0,0 +1,9 @@
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/0dbc6230286e113accbc6d5e829ce8dae1d1f5d4) Hide the "Details" link of commit status when the user cannot access actions.
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6e63afe31f43eaf5ff7c8595ddeaf8515c2dc0c0) The API endpoint to get the actions registration token is GET /repos/{owner}/{repo}/actions/runners/registration-token and not GET /repos/{owner}/{repo}/runners/registration-token.
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6e63afe31f43eaf5ff7c8595ddeaf8515c2dc0c0) Runner registration token via API is broken for repo level runners.
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/c784a5874066ca1a1fd518408d5767b4eb57bd69) Deleted projects causes bad popover text on issues.
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/42bb51af9b8283071e15ac6470ada9824d87cd40) Distinguish LFS object errors to ignore missing objects during migration.
+feat: [commit](https://codeberg.org/forgejo/forgejo/commit/11b6253e7532ba11dee8bc31d4c262b102674a4d) Use UTC as a timezone when running scheduled actions tasks.
+feat: [commit](https://codeberg.org/forgejo/forgejo/commit/feb43b2584b7f64ec7f9952af2b50b2210e6e6cf) The actions logs older than `[actions].LOG_RETENTION_DAYS` days are removed (the default is 365).
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/6328f648decc2754ef10ee5ca6ca9785a156614c) When viewing the revision history of wiki pages, the pagination links are broken: instead of org/repo/wiki/Page?action=_revision&page=2, the link is only org/repo/wiki/Page?page=2, thus bringing the user back to the wiki page.
+fix: [commit](https://codeberg.org/forgejo/forgejo/commit/2310556158d70bf1dbfca96dc928e1be3d3f41be) Also rename the head branch of open pull requests when renaming a branch.
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 72232d66e..0c7506b13 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -117,12 +117,11 @@ func (Action) CreateOrUpdateSecret(ctx *context.APIContext) {
// "404":
// "$ref": "#/responses/notFound"
- owner := ctx.Repo.Owner
repo := ctx.Repo.Repository
opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
- _, created, err := secret_service.CreateOrUpdateSecret(ctx, owner.ID, repo.ID, ctx.Params("secretname"), opt.Data)
+ _, created, err := secret_service.CreateOrUpdateSecret(ctx, 0, repo.ID, ctx.Params("secretname"), opt.Data)
if err != nil {
if errors.Is(err, util.ErrInvalidArgument) {
ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
@@ -174,10 +173,9 @@ func (Action) DeleteSecret(ctx *context.APIContext) {
// "404":
// "$ref": "#/responses/notFound"
- owner := ctx.Repo.Owner
repo := ctx.Repo.Repository
- err := secret_service.DeleteSecretByName(ctx, owner.ID, repo.ID, ctx.Params("secretname"))
+ err := secret_service.DeleteSecretByName(ctx, 0, repo.ID, ctx.Params("secretname"))
if err != nil {
if errors.Is(err, util.ErrInvalidArgument) {
ctx.Error(http.StatusBadRequest, "DeleteSecret", err)
@@ -486,7 +484,7 @@ func (Action) ListVariables(ctx *context.APIContext) {
// GetRegistrationToken returns the token to register repo runners
func (Action) GetRegistrationToken(ctx *context.APIContext) {
- // swagger:operation GET /repos/{owner}/{repo}/runners/registration-token repository repoGetRunnerRegistrationToken
+ // swagger:operation GET /repos/{owner}/{repo}/actions/runners/registration-token repository repoGetRunnerRegistrationToken
// ---
// summary: Get a repository's actions runner registration token
// produces:
@@ -506,7 +504,7 @@ func (Action) GetRegistrationToken(ctx *context.APIContext) {
// "200":
// "$ref": "#/responses/RegistrationToken"
- shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+ shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
}
var _ actions_service.API = new(Action)
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index e08e76b78..bc1ecbfc1 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -271,6 +271,27 @@ func ViewPost(ctx *context_module.Context) {
step := steps[cursor.Step]
+ // if task log is expired, return a consistent log line
+ if task.LogExpired {
+ if cursor.Cursor == 0 {
+ resp.Logs.StepsLog = append(resp.Logs.StepsLog, &ViewStepLog{
+ Step: cursor.Step,
+ Cursor: 1,
+ Lines: []*ViewStepLogLine{
+ {
+ Index: 1,
+ Message: ctx.Locale.TrString("actions.runs.expire_log_message"),
+ // Timestamp doesn't mean anything when the log is expired.
+ // Set it to the task's updated time since it's probably the time when the log has expired.
+ Timestamp: float64(task.Updated.AsTime().UnixNano()) / float64(time.Second),
+ },
+ },
+ Started: int64(step.Started),
+ })
+ }
+ continue
+ }
+
logLines := make([]*ViewStepLogLine, 0) // marshal to '[]' instead of 'null' in json
index := step.LogIndex + cursor.Cursor
diff --git a/routers/web/repo/branch.go b/routers/web/repo/branch.go
index f879a9878..4897a5f4f 100644
--- a/routers/web/repo/branch.go
+++ b/routers/web/repo/branch.go
@@ -70,6 +70,11 @@ func Branches(ctx *context.Context) {
ctx.ServerError("LoadBranches", err)
return
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ for key := range commitStatuses {
+ git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
+ }
+ }
commitStatus := make(map[string]*git_model.CommitStatus)
for commitID, cs := range commitStatuses {
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index bf9a448ec..ec9e49eb9 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -16,6 +16,7 @@ import (
"code.gitea.io/gitea/models/db"
git_model "code.gitea.io/gitea/models/git"
repo_model "code.gitea.io/gitea/models/repo"
+ unit_model "code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/charset"
@@ -81,7 +82,7 @@ func Commits(ctx *context.Context) {
ctx.ServerError("CommitsByRange", err)
return
}
- ctx.Data["Commits"] = git_model.ConvertFromGitCommit(ctx, commits, ctx.Repo.Repository)
+ ctx.Data["Commits"] = processGitCommits(ctx, commits)
ctx.Data["Username"] = ctx.Repo.Owner.Name
ctx.Data["Reponame"] = ctx.Repo.Repository.Name
@@ -199,7 +200,7 @@ func SearchCommits(ctx *context.Context) {
return
}
ctx.Data["CommitCount"] = len(commits)
- ctx.Data["Commits"] = git_model.ConvertFromGitCommit(ctx, commits, ctx.Repo.Repository)
+ ctx.Data["Commits"] = processGitCommits(ctx, commits)
ctx.Data["Keyword"] = query
if all {
@@ -264,7 +265,7 @@ func FileHistory(ctx *context.Context) {
}
}
- ctx.Data["Commits"] = git_model.ConvertFromGitCommit(ctx, commits, ctx.Repo.Repository)
+ ctx.Data["Commits"] = processGitCommits(ctx, commits)
ctx.Data["Username"] = ctx.Repo.Owner.Name
ctx.Data["Reponame"] = ctx.Repo.Repository.Name
@@ -375,6 +376,9 @@ func Diff(ctx *context.Context) {
if err != nil {
log.Error("GetLatestCommitStatus: %v", err)
}
+ if !ctx.Repo.CanRead(unit_model.TypeActions) {
+ git_model.CommitStatusesHideActionsURL(ctx, statuses)
+ }
ctx.Data["CommitStatus"] = git_model.CalcCommitStatus(statuses)
ctx.Data["CommitStatuses"] = statuses
@@ -454,3 +458,17 @@ func RawDiff(ctx *context.Context) {
return
}
}
+
+func processGitCommits(ctx *context.Context, gitCommits []*git.Commit) []*git_model.SignCommitWithStatuses {
+ commits := git_model.ConvertFromGitCommit(ctx, gitCommits, ctx.Repo.Repository)
+ if !ctx.Repo.CanRead(unit_model.TypeActions) {
+ for _, commit := range commits {
+ if commit.Status == nil {
+ continue
+ }
+ commit.Status.HideActionsURL(ctx)
+ git_model.CommitStatusesHideActionsURL(ctx, commit.Statuses)
+ }
+ }
+ return commits
+}
diff --git a/routers/web/repo/compare.go b/routers/web/repo/compare.go
index 088e5150f..38d6004ec 100644
--- a/routers/web/repo/compare.go
+++ b/routers/web/repo/compare.go
@@ -643,7 +643,7 @@ func PrepareCompareDiff(
return false
}
- commits := git_model.ConvertFromGitCommit(ctx, ci.CompareInfo.Commits, ci.HeadRepo)
+ commits := processGitCommits(ctx, ci.CompareInfo.Commits)
ctx.Data["Commits"] = commits
ctx.Data["CommitCount"] = len(commits)
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index dcc1cdd46..afac2c526 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -346,6 +346,11 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
ctx.ServerError("GetIssuesAllCommitStatus", err)
return
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ for key := range commitStatuses {
+ git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
+ }
+ }
if err := issues.LoadAttributes(ctx); err != nil {
ctx.ServerError("issues.LoadAttributes", err)
@@ -1692,7 +1697,7 @@ func ViewIssue(ctx *context.Context) {
}
ghostProject := &project_model.Project{
- ID: -1,
+ ID: project_model.GhostProjectID,
Title: ctx.Locale.TrString("repo.issues.deleted_project"),
}
@@ -1777,6 +1782,15 @@ func ViewIssue(ctx *context.Context) {
ctx.ServerError("LoadPushCommits", err)
return
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ for _, commit := range comment.Commits {
+ if commit.Status == nil {
+ continue
+ }
+ commit.Status.HideActionsURL(ctx)
+ git_model.CommitStatusesHideActionsURL(ctx, commit.Statuses)
+ }
+ }
} else if comment.Type == issues_model.CommentTypeAddTimeManual ||
comment.Type == issues_model.CommentTypeStopTracking ||
comment.Type == issues_model.CommentTypeDeleteTimeManual {
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index aa1f50648..a9213790c 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -515,6 +515,10 @@ func PrepareMergedViewPullInfo(ctx *context.Context, issue *issues_model.Issue)
ctx.ServerError("GetLatestCommitStatus", err)
return nil
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ git_model.CommitStatusesHideActionsURL(ctx, commitStatuses)
+ }
+
if len(commitStatuses) != 0 {
ctx.Data["LatestCommitStatuses"] = commitStatuses
ctx.Data["LatestCommitStatus"] = git_model.CalcCommitStatus(commitStatuses)
@@ -577,6 +581,10 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
ctx.ServerError("GetLatestCommitStatus", err)
return nil
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ git_model.CommitStatusesHideActionsURL(ctx, commitStatuses)
+ }
+
if len(commitStatuses) > 0 {
ctx.Data["LatestCommitStatuses"] = commitStatuses
ctx.Data["LatestCommitStatus"] = git_model.CalcCommitStatus(commitStatuses)
@@ -669,6 +677,10 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
ctx.ServerError("GetLatestCommitStatus", err)
return nil
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ git_model.CommitStatusesHideActionsURL(ctx, commitStatuses)
+ }
+
if len(commitStatuses) > 0 {
ctx.Data["LatestCommitStatuses"] = commitStatuses
ctx.Data["LatestCommitStatus"] = git_model.CalcCommitStatus(commitStatuses)
@@ -835,7 +847,7 @@ func ViewPullCommits(ctx *context.Context) {
ctx.Data["Username"] = ctx.Repo.Owner.Name
ctx.Data["Reponame"] = ctx.Repo.Repository.Name
- commits := git_model.ConvertFromGitCommit(ctx, prInfo.Commits, ctx.Repo.Repository)
+ commits := processGitCommits(ctx, prInfo.Commits)
ctx.Data["Commits"] = commits
ctx.Data["CommitCount"] = len(commits)
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index 7e20d3afa..652738afd 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -683,6 +683,9 @@ func SearchRepo(ctx *context.Context) {
ctx.JSON(http.StatusInternalServerError, nil)
return
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ git_model.CommitStatusesHideActionsURL(ctx, latestCommitStatuses)
+ }
results := make([]*repo_service.WebSearchRepository, len(repos))
for i, repo := range repos {
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 5295bfdb2..caa4bfae1 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -368,6 +368,9 @@ func loadLatestCommitData(ctx *context.Context, latestCommit *git.Commit) bool {
if err != nil {
log.Error("GetLatestCommitStatus: %v", err)
}
+ if !ctx.Repo.CanRead(unit_model.TypeActions) {
+ git_model.CommitStatusesHideActionsURL(ctx, statuses)
+ }
ctx.Data["LatestCommitStatus"] = git_model.CalcCommitStatus(statuses)
ctx.Data["LatestCommitStatuses"] = statuses
diff --git a/routers/web/repo/wiki.go b/routers/web/repo/wiki.go
index 4911fb645..1fd080021 100644
--- a/routers/web/repo/wiki.go
+++ b/routers/web/repo/wiki.go
@@ -396,6 +396,7 @@ func renderRevisionPage(ctx *context.Context) (*git.Repository, *git.TreeEntry)
pager := context.NewPagination(int(commitsCount), setting.Git.CommitsRangeSize, page, 5)
pager.SetDefaultParams(ctx)
+ pager.AddParamString("action", "_revision")
ctx.Data["Page"] = pager
return wikiRepo, entry
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index df22c3fb8..0a1b08c57 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -17,6 +17,7 @@ import (
activities_model "code.gitea.io/gitea/models/activities"
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/db"
+ git_model "code.gitea.io/gitea/models/git"
issues_model "code.gitea.io/gitea/models/issues"
"code.gitea.io/gitea/models/organization"
repo_model "code.gitea.io/gitea/models/repo"
@@ -597,6 +598,11 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
ctx.ServerError("GetIssuesLastCommitStatus", err)
return
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ for key := range commitStatuses {
+ git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
+ }
+ }
// -------------------------------
// Fill stats to post to ctx.Data.
diff --git a/routers/web/user/notification.go b/routers/web/user/notification.go
index 2105cfe5c..f8b68fb18 100644
--- a/routers/web/user/notification.go
+++ b/routers/web/user/notification.go
@@ -13,8 +13,10 @@ import (
activities_model "code.gitea.io/gitea/models/activities"
"code.gitea.io/gitea/models/db"
+ git_model "code.gitea.io/gitea/models/git"
issues_model "code.gitea.io/gitea/models/issues"
repo_model "code.gitea.io/gitea/models/repo"
+ "code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/optional"
@@ -303,6 +305,11 @@ func NotificationSubscriptions(ctx *context.Context) {
ctx.ServerError("GetIssuesAllCommitStatus", err)
return
}
+ if !ctx.Repo.CanRead(unit.TypeActions) {
+ for key := range commitStatuses {
+ git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
+ }
+ }
ctx.Data["CommitLastStatus"] = lastStatus
ctx.Data["CommitStatuses"] = commitStatuses
ctx.Data["Issues"] = issues
diff --git a/services/actions/cleanup.go b/services/actions/cleanup.go
index 5376c2624..1223ebcab 100644
--- a/services/actions/cleanup.go
+++ b/services/actions/cleanup.go
@@ -5,19 +5,30 @@ package actions
import (
"context"
+ "fmt"
"time"
- "code.gitea.io/gitea/models/actions"
+ actions_model "code.gitea.io/gitea/models/actions"
+ actions_module "code.gitea.io/gitea/modules/actions"
"code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
+ "code.gitea.io/gitea/modules/timeutil"
)
// Cleanup removes expired actions logs, data and artifacts
-func Cleanup(taskCtx context.Context, olderThan time.Duration) error {
- // TODO: clean up expired actions logs
-
+func Cleanup(ctx context.Context) error {
// clean up expired artifacts
- return CleanupArtifacts(taskCtx)
+ if err := CleanupArtifacts(ctx); err != nil {
+ return fmt.Errorf("cleanup artifacts: %w", err)
+ }
+
+ // clean up old logs
+ if err := CleanupLogs(ctx); err != nil {
+ return fmt.Errorf("cleanup logs: %w", err)
+ }
+
+ return nil
}
// CleanupArtifacts removes expired add need-deleted artifacts and set records expired status
@@ -29,13 +40,13 @@ func CleanupArtifacts(taskCtx context.Context) error {
}
func cleanExpiredArtifacts(taskCtx context.Context) error {
- artifacts, err := actions.ListNeedExpiredArtifacts(taskCtx)
+ artifacts, err := actions_model.ListNeedExpiredArtifacts(taskCtx)
if err != nil {
return err
}
log.Info("Found %d expired artifacts", len(artifacts))
for _, artifact := range artifacts {
- if err := actions.SetArtifactExpired(taskCtx, artifact.ID); err != nil {
+ if err := actions_model.SetArtifactExpired(taskCtx, artifact.ID); err != nil {
log.Error("Cannot set artifact %d expired: %v", artifact.ID, err)
continue
}
@@ -53,13 +64,13 @@ const deleteArtifactBatchSize = 100
func cleanNeedDeleteArtifacts(taskCtx context.Context) error {
for {
- artifacts, err := actions.ListPendingDeleteArtifacts(taskCtx, deleteArtifactBatchSize)
+ artifacts, err := actions_model.ListPendingDeleteArtifacts(taskCtx, deleteArtifactBatchSize)
if err != nil {
return err
}
log.Info("Found %d artifacts pending deletion", len(artifacts))
for _, artifact := range artifacts {
- if err := actions.SetArtifactDeleted(taskCtx, artifact.ID); err != nil {
+ if err := actions_model.SetArtifactDeleted(taskCtx, artifact.ID); err != nil {
log.Error("Cannot set artifact %d deleted: %v", artifact.ID, err)
continue
}
@@ -76,3 +87,40 @@ func cleanNeedDeleteArtifacts(taskCtx context.Context) error {
}
return nil
}
+
+const deleteLogBatchSize = 100
+
+// CleanupLogs removes logs which are older than the configured retention time
+func CleanupLogs(ctx context.Context) error {
+ olderThan := timeutil.TimeStampNow().AddDuration(-time.Duration(setting.Actions.LogRetentionDays) * 24 * time.Hour)
+
+ count := 0
+ for {
+ tasks, err := actions_model.FindOldTasksToExpire(ctx, olderThan, deleteLogBatchSize)
+ if err != nil {
+ return fmt.Errorf("find old tasks: %w", err)
+ }
+ for _, task := range tasks {
+ if err := actions_module.RemoveLogs(ctx, task.LogInStorage, task.LogFilename); err != nil {
+ log.Error("Failed to remove log %s (in storage %v) of task %v: %v", task.LogFilename, task.LogInStorage, task.ID, err)
+ // do not return error here, continue to next task
+ continue
+ }
+ task.LogIndexes = nil // clear log indexes since it's a heavy field
+ task.LogExpired = true
+ if err := actions_model.UpdateTask(ctx, task, "log_indexes", "log_expired"); err != nil {
+ log.Error("Failed to update task %v: %v", task.ID, err)
+ // do not return error here, continue to next task
+ continue
+ }
+ count++
+ log.Trace("Removed log %s of task %v", task.LogFilename, task.ID)
+ }
+ if len(tasks) < deleteLogBatchSize {
+ break
+ }
+ }
+
+ log.Info("Removed %d logs", count)
+ return nil
+}
diff --git a/services/cron/tasks_actions.go b/services/cron/tasks_actions.go
index 087579250..59cfe36d1 100644
--- a/services/cron/tasks_actions.go
+++ b/services/cron/tasks_actions.go
@@ -19,6 +19,7 @@ func initActionsTasks() {
registerStopEndlessTasks()
registerCancelAbandonedJobs()
registerScheduleTasks()
+ registerActionsCleanup()
}
func registerStopZombieTasks() {
@@ -63,3 +64,13 @@ func registerScheduleTasks() {
return actions_service.StartScheduleTasks(ctx)
})
}
+
+func registerActionsCleanup() {
+ RegisterTaskFatal("cleanup_actions", &BaseConfig{
+ Enabled: true,
+ RunAtStart: false,
+ Schedule: "@midnight",
+ }, func(ctx context.Context, _ *user_model.User, _ Config) error {
+ return actions_service.Cleanup(ctx)
+ })
+}
diff --git a/services/cron/tasks_basic.go b/services/cron/tasks_basic.go
index 3869382d2..2a213ae51 100644
--- a/services/cron/tasks_basic.go
+++ b/services/cron/tasks_basic.go
@@ -13,7 +13,6 @@ import (
"code.gitea.io/gitea/models/webhook"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/services/actions"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/migrations"
mirror_service "code.gitea.io/gitea/services/mirror"
@@ -157,20 +156,6 @@ func registerCleanupPackages() {
})
}
-func registerActionsCleanup() {
- RegisterTaskFatal("cleanup_actions", &OlderThanConfig{
- BaseConfig: BaseConfig{
- Enabled: true,
- RunAtStart: true,
- Schedule: "@midnight",
- },
- OlderThan: 24 * time.Hour,
- }, func(ctx context.Context, _ *user_model.User, config Config) error {
- realConfig := config.(*OlderThanConfig)
- return actions.Cleanup(ctx, realConfig.OlderThan)
- })
-}
-
func initBasicTasks() {
if setting.Mirror.Enabled {
registerUpdateMirrorTask()
@@ -187,7 +172,4 @@ func initBasicTasks() {
if setting.Packages.Enabled {
registerCleanupPackages()
}
- if setting.Actions.Enabled {
- registerActionsCleanup()
- }
}
diff --git a/services/repository/migrate.go b/services/repository/migrate.go
index 5800f2b5c..39ced04ae 100644
--- a/services/repository/migrate.go
+++ b/services/repository/migrate.go
@@ -172,6 +172,7 @@ func MigrateRepositoryGitData(ctx context.Context, u *user_model.User,
lfsClient := lfs.NewClient(endpoint, httpTransport)
if err = repo_module.StoreMissingLfsObjectsInRepository(ctx, repo, gitRepo, lfsClient); err != nil {
log.Error("Failed to store missing LFS objects for repository: %v", err)
+ return repo, fmt.Errorf("StoreMissingLfsObjectsInRepository: %w", err)
}
}
}
diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
index 6d14d7264..019638bfb 100644
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@@ -582,13 +582,19 @@
{{template "shared/user/authorlink" .Poster}}
{{$oldProjectDisplayHtml := "Unknown Project"}}
{{if .OldProject}}
- {{$trKey := printf "projects.type-%d.display_name" .OldProject.Type}}
- {{$oldProjectDisplayHtml = HTMLFormat `%s` (ctx.Locale.Tr $trKey) .OldProject.Title}}
+ {{$tooltip := ctx.Locale.Tr "projects.deleted.display_name"}}
+ {{if not .OldProject.IsGhost}}
+ {{$tooltip = ctx.Locale.Tr (printf "projects.type-%d.display_name" .OldProject.Type)}}
+ {{end}}
+ {{$oldProjectDisplayHtml = HTMLFormat `%s` $tooltip .OldProject.Title}}
{{end}}
{{$newProjectDisplayHtml := "Unknown Project"}}
{{if .Project}}
- {{$trKey := printf "projects.type-%d.display_name" .Project.Type}}
- {{$newProjectDisplayHtml = HTMLFormat `%s` (ctx.Locale.Tr $trKey) .Project.Title}}
+ {{$tooltip := ctx.Locale.Tr "projects.deleted.display_name"}}
+ {{if not .Project.IsGhost}}
+ {{$tooltip = ctx.Locale.Tr (printf "projects.type-%d.display_name" .Project.Type)}}
+ {{end}}
+ {{$newProjectDisplayHtml = HTMLFormat `%s` $tooltip .Project.Title}}
{{end}}
{{if and (gt .OldProjectID 0) (gt .ProjectID 0)}}
{{ctx.Locale.Tr "repo.issues.change_project_at" $oldProjectDisplayHtml $newProjectDisplayHtml $createdStr}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 628e8d5c9..0ae58c450 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -4598,6 +4598,39 @@
}
}
},
+ "/repos/{owner}/{repo}/actions/runners/registration-token": {
+ "get": {
+ "produces": [
+ "application/json"
+ ],
+ "tags": [
+ "repository"
+ ],
+ "summary": "Get a repository's actions runner registration token",
+ "operationId": "repoGetRunnerRegistrationToken",
+ "parameters": [
+ {
+ "type": "string",
+ "description": "owner of the repo",
+ "name": "owner",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "name of the repo",
+ "name": "repo",
+ "in": "path",
+ "required": true
+ }
+ ],
+ "responses": {
+ "200": {
+ "$ref": "#/responses/RegistrationToken"
+ }
+ }
+ }
+ },
"/repos/{owner}/{repo}/actions/secrets": {
"get": {
"produces": [
@@ -14739,39 +14772,6 @@
}
}
},
- "/repos/{owner}/{repo}/runners/registration-token": {
- "get": {
- "produces": [
- "application/json"
- ],
- "tags": [
- "repository"
- ],
- "summary": "Get a repository's actions runner registration token",
- "operationId": "repoGetRunnerRegistrationToken",
- "parameters": [
- {
- "type": "string",
- "description": "owner of the repo",
- "name": "owner",
- "in": "path",
- "required": true
- },
- {
- "type": "string",
- "description": "name of the repo",
- "name": "repo",
- "in": "path",
- "required": true
- }
- ],
- "responses": {
- "200": {
- "$ref": "#/responses/RegistrationToken"
- }
- }
- }
- },
"/repos/{owner}/{repo}/signing-key.gpg": {
"get": {
"produces": [
@@ -19959,6 +19959,11 @@
"properties": {
"permission": {
"type": "string",
+ "enum": [
+ "read",
+ "write",
+ "admin"
+ ],
"x-go-name": "Permission"
}
},
diff --git a/tests/integration/api_user_variables_test.go b/tests/integration/api_user_variables_test.go
index dd5501f0b..9fd84ddf8 100644
--- a/tests/integration/api_user_variables_test.go
+++ b/tests/integration/api_user_variables_test.go
@@ -19,7 +19,7 @@ func TestAPIUserVariables(t *testing.T) {
session := loginUser(t, "user1")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
- t.Run("CreateRepoVariable", func(t *testing.T) {
+ t.Run("CreateUserVariable", func(t *testing.T) {
cases := []struct {
Name string
ExpectedStatus int
@@ -70,7 +70,7 @@ func TestAPIUserVariables(t *testing.T) {
}
})
- t.Run("UpdateRepoVariable", func(t *testing.T) {
+ t.Run("UpdateUserVariable", func(t *testing.T) {
variableName := "test_update_var"
url := fmt.Sprintf("/api/v1/user/actions/variables/%s", variableName)
req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{