Extract from #33934
In the same goroutine, we should reuse the exist cat file sub process
which exist in `git.Repository` to avoid creating a unnecessary
temporary subprocess.
This PR reuse the exist cate file writer and reader in
`getCommitFromBatchReader`.
It also move `prepareLatestCommitInfo` before creating dataRc which will
hold the writer so other git operation will create a temporary cat file
subprocess.
Adds the `flat-square` style to action badges. Styles can be selected by
adding `?style=<style>` to the badge endpoint. If no style query is
given, or if the query is invalid, the style defaults to `flat`.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#33966
```
;; User must sign in to view anything.
;; It could be set to "expensive" to block anonymous users accessing some pages which consume a lot of resources,
;; for example: block anonymous AI crawlers from accessing repo code pages.
;; The "expensive" mode is experimental and subject to change.
;REQUIRE_SIGNIN_VIEW = false
```
Follow #33127Fix#8649, fix#639
This is a complete solution. A repo unit could be set to:
* Anonymous read (non-signed-in user)
* Everyone read (signed-in user)
* Everyone write (wiki-only)
When a team have no code unit permission of a repository, the member of
the team should not view activity contributors, recent commits and code
frequrency.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The current action status badge are looking different from most other
badges renders, which is especially noticeable when using them along
with other badges. This PR updates the action badges to match the
commonly used badges from other providers.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Follow #33127
This PR add backend logic and test for "anonymous access", it shares the
same logic as "everyone access", so not too much change.
By the way, split `SettingsPost` into small functions to make it easier
to make frontend-related changes in the future.
Next PR will add frontend support for "anonymous access"
fixes an issue where user is unable to create new repository in
organization via UI if repository limits are in place and user has
exhausted them for their own namespace.
closes: https://github.com/go-gitea/gitea/issues/15504
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The pagination on the user dashboard sounds unnecessary, this will
change it to a prev/next buttons. For instances with around `10 million`
records in the action table, this option affects how the user dashboard
is loaded on first visit.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Two SQLs are very slow when `action` table have over 5M records.
```
database duration=1.8881s db.sql="SELECT created_unix DIV 900 * 900 AS timestamp, count(user_id) as contributions FROM `action` WHERE user_id=? AND act_user_id=? AND (created_unix > ?) GROUP BY timestamp ORDER BY timestamp"
database duration=1.5408s db.sql="SELECT count(*) FROM `action` WHERE (user_id = ?) AND (is_deleted = ?)"
```
This will cache the count for the first loading or when the activities
changed.
Currently the organisation feed only includes items for public
repositories (for non-administrators). This pull requests adds
notifications from private repositories to the organisation-feed (for
accounts that have access to the organisation).
Feed-items only get shown for repositories where the users team(s)
should have access to, this filtering seems to get done by some existing
code.
Needs some tests, but am unsure where/how to add them.
Before:
After:
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Resolve#29328
This pull request introduces a file tree on the left side when reviewing
files of a repository.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#24623
Major changes:
1. Redirect `/owner/repo/blob/*` requests to `/owner/repo/src/commit/*`
(like GitHub)
2. Add a "view file diff" link (see screenshot below)
3. Refactor "AssertHTMLElement" to generic, now we can accurately assert
existence or number.
4. Add more tests
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
Fix#33490
It will only read the changed file on the pushed commits but not all the
files of this PR.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#33358, fix#21970
This adds a step in the `GitDiffForRender` that does syntax highlighting for the
entire file and then only references lines from that syntax highlighted
code. This allows things like multi-line comments to be syntax
highlighted correctly.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The diff stats are no longer part of the diff generation.
Use `GetDiffShortStat` instead to get the total number of changed files,
added lines, and deleted lines.
As such, `gitdiff.GetDiff` can be simplified:
It should not do more than expected.
And do not run "git diff --shortstat" for pull list. Fix#31492
Modify Diff View FileTree to show all files
## Changes
* removes Show Status button on diff
* uses `git diff-tree` to generate the file tree for the diff
* doesn't reload the diff tree each time we load more files in the
preview
* selecting and unloaded file will keep loading until that file is
loaded
* removes `DiffFileList.vue` and "Show Stats" in diff options
## Open Questions
* selecting and unloaded file will keep loading until that file is
loaded. Is this behaviour okay? It matches what github does.
### Demo
In this demo I set `git.MAX_GIT_DIFF_FILES=1` in my `app.ini` to
demonstrate a worst case example. In most cases the behaviour isn't
nearly as jarring as we load a bunch of files at a time.
https://github.com/user-attachments/assets/72f29663-d6fc-472d-94fa-7fb5950c2836
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
See the FIXME comment in code. Otherwise, if a repo's issue unit is
disabled, then the PRs can't be edited anymore.
By the way, make the permission log output look slightly better.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: metiftikci <metiftikci@hotmail.com>
Noticed a SQL in gitea.com has a bigger load. It seems both `is_pull`
and `pin_order` are not indexed columns in the database.
```SQL
SELECT `id`, `repo_id`, `index`, `poster_id`, `original_author`, `original_author_id`, `name`, `content`, `content_version`, `milestone_id`, `priority`, `is_closed`, `is_pull`, `num_comments`, `ref`, `pin_order`, `deadline_unix`, `created_unix`, `updated_unix`, `closed_unix`, `is_locked`, `time_estimate` FROM `issue` WHERE (repo_id =?) AND (is_pull = 0) AND (pin_order > 0) ORDER BY pin_order
```
I came across a comment
https://github.com/go-gitea/gitea/pull/24406#issuecomment-1527747296
from @delvh , which presents a more reasonable approach. Based on this,
this PR will migrate all issue and pull request pin data from the
`issue` table to the `issue_pin` table. This change benefits larger
Gitea instances by improving scalability and performance.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* download endpoint has to use 302 redirect
* fake blob download used if direct download not possible
* downloading v3 artifacts not possible
New repo apis based on GitHub Rest V3
- GET /runs/{run}/artifacts (Cannot use run index of url due to not
being unique)
- GET /artifacts
- GET + DELETE /artifacts/{artifact_id}
- GET /artifacts/{artifact_id}/zip
- (GET /artifacts/{artifact_id}/zip/raw this is a workaround for a http
302 assertion in actions/toolkit)
- api docs removed this is protected by a signed url like the internal
artifacts api and no longer usable with any token or swagger
- returns http 401 if the signature is invalid
- or change the artifact id
- or expired after 1 hour
Closes#33353Closes#32124
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
When listing commits, Gitea attempts to retrieve the actual user based
on the commit email. Querying users one by one from the database is
inefficient. This PR optimizes the process by batch querying users by
email, reducing the number of database queries.
Some old code use direct type-casting to get context, it causes
problems.
This PR fixes all legacy problems and use correct `ctx.Value` to get
low-level contexts.
Fix#33518
- Find the runner before deleting
- Move the main logic from `routers/web/repo/setting/runners.go` to
`routers/web/shared/actions/runners.go`.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Find the variable before updating or deleting
- Move the main logic from `routers/web/repo/setting/variables.go` to
`routers/web/shared/actions/variables.go`.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
This PR fixes#33205.
If stars are disabled:
* The `.../repo/stars` page returns a 403 Forbidden error
* Star-related API endpoints return a 403 Forbidden error saying `Stars are disabled.`
* Same for action endpoints
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Fix incorrect `MentionCount` (actually it seems to be deadcode,
affects nothing)
2. Remove fallback sha1 support for time limit token
3. Use route middleware `reqRepoActionsWriter` for `ArtifactsDeleteView`
4. Use clearer message "Failed to authenticate user" instead of "Verify"
when auth fails
5. `tests/integration/benchmarks_test.go` is not quite right, actually
it is never used, so delete it.
6. Remove or update TODO comments
Dear Gitea team,
first of all, thanks for the great work you're doing with this project.
I'm planning to introduce Gitea at a client site, and noticed that while
there is time recording, there are no project-manager-friendly reports
to actually make use of that data, as were also mentioned by others in
#4870#8684 and #13531.
Since I had a little time last weekend, I had put together something
that I hope to be a useful contribution to this great project (while of
course useful for me too).
This PR adds a new "Worktime" tab to the Organisation level. There is a
date range selector (by default set to the current month), and there are
three possible views:
- by repository,
- by milestone, and
- by team member.
Happy to receive any feedback!
There are several possible future improvements of course (predefined
date ranges, charts, a member time sheet, matrix of repos/members, etc)
but I hope that even in this relatively simple state this would be
useful to lots of people.
<img width="1161" alt="Screen Shot 2022-05-25 at 22 12 58"
src="https://user-images.githubusercontent.com/118010/170366976-af00c7af-c4f3-4117-86d7-00356d6797a5.png">
Keep up the good work!
Kristof
---------
Co-authored-by: user <user@kk-git1>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Both have `RejectTransfer` and `CancelTransfer` because the permission
checks are not the same. `CancelTransfer` can be done by the doer or
those who have admin permission to access this repository.
`RejectTransfer` can be done by the receiver user if it's an individual
or those who can create repositories if it's an organization.
- Some tests are wrong, this PR corrects them.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This is a follow-up to https://github.com/go-gitea/gitea/pull/33097.
When linking a submodule at a commit in either the repo view, or a diff
when adding a new submodule, link to the tree view of that submodules
intead of the individual commit. This shows the user the full tree,
instead of the diff of the commit.
This makes the assumption that the tree for a given SHA is at
`<repo_url>/tree/<sha>`. This URL format is supported by both Github &
Gitlab, but not Gitea. To fix this, add a redirect from
`<username>/<repo>/tree/<ref>` to `<username>/<repo>/src/<ref>`, so that
Gitea can support this URL structure.
1. add `GetSiteCookieFlashMessage` to help to parse flash message
2. clarify `handleRepoHomeFeed` logic
3. remove unnecessary global variables, use `sync.OnceValue` instead
4. add some tests for `IsUsableUsername` and `IsUsableRepoName`
Extract from #33320
This PR uses a map instead of a struct to store webhook event
information. It removes many duplicated functions and makes the logic
clearer.
1. Add a OpenTelemetry-like shim-layer to collect traces
2. Add a simple builtin trace collector and exporter, end users could
download the diagnosis report to get the traces.
This PR's design is quite lightweight, no hard-dependency, and it is
easy to improve or remove. We can try it on gitea.com first to see
whether it works well, and fine tune the details.
---------
Co-authored-by: silverwind <me@silverwind.io>
After the RefName refactoring, the `ctx.Repo.CommitID` is only set when
there is a `RepoRefByType` middleware.
Many handlers do not use that middleware and they only use "default
branch"
Fix password form missing whilst linking account even with
`ENABLE_PASSWORD_SIGNIN_FORM = true`.
Remove redundant empty box in account linking sign up page when
`LinkAccountMode` is true.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Estimated time represented in hours it might be convenient to
have tracked time represented in the same way to be compared and
managed.
---------
Co-authored-by: Sysoev, Vladimir <i@vsysoev.ru>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. the error check was added for go-git, it was caused by the empty `.keep` file in the test fixtures.
2. use `PostFormValue` instead of `PostForm.Get` (`Get` needs to parse the form ahead)
3. fix incorrect container text (it should show "Images" in the header but not "OS/Arch")
4. align maven xml
5. fix closed PR color&icon
Currently, anyone with write permissions to a repo are able to rename
default or protected branches.
This change follows
[GitHub's](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch)
design by only allowing repo/site admins to change these branches.
However, it also follows are current design for protected branches and
only allows admins to modify branch names == branch protection rule
names. Glob-based rules cannot be renamed by anyone (as was already the
case, but we now catch `ErrBranchIsProtected` which we previously did
not catch, throwing a 500).
