Automatically connect source code repository to package on upload operation

routers/api/packages/alpine/alpine.go

@@ -133,7 +133,7 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
 
-	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+	pv, _, err := packages_service.CreatePackageOrAddFileToExisting(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -178,6 +178,20 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }
 

routers/api/packages/cargo/cargo.go

@@ -259,6 +259,20 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.JSON(http.StatusOK, StatusResponse{OK: true})
 }
 

routers/api/packages/chef/chef.go

@@ -285,7 +285,7 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
 
-	_, _, err = packages_service.CreatePackageAndAddFile(
+	pv, _, err := packages_service.CreatePackageAndAddFile(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -319,6 +319,20 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.JSON(http.StatusCreated, make(map[any]any))
 }
 

routers/api/packages/composer/composer.go

@@ -219,7 +219,7 @@ func UploadPackage(ctx *context.Context) {
 		cp.Version = v.String()
 	}
 
-	_, _, err = packages_service.CreatePackageAndAddFile(
+	pv, _, err := packages_service.CreatePackageAndAddFile(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -256,5 +256,19 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }

routers/api/packages/conan/conan.go

@@ -5,6 +5,7 @@ package conan
 
 import (
 	std_ctx "context"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -21,6 +22,7 @@ import (
 	packages_module "code.gitea.io/gitea/modules/packages"
 	conan_module "code.gitea.io/gitea/modules/packages/conan"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/api/packages/helper"
 	notify_service "code.gitea.io/gitea/services/notify"
 	packages_service "code.gitea.io/gitea/services/packages"
@@ -367,6 +369,7 @@ func uploadFile(ctx *context.Context, fileFilter container.Set[string], fileKey
 				apiError(ctx, http.StatusInternalServerError, err)
 				return
 			}
+
 			pv, err := packages_model.GetVersionByNameAndVersion(ctx, pci.Owner.ID, pci.PackageType, pci.Name, pci.Version)
 			if err != nil && err != packages_model.ErrPackageNotExist {
 				apiError(ctx, http.StatusInternalServerError, err)
@@ -407,7 +410,7 @@ func uploadFile(ctx *context.Context, fileFilter container.Set[string], fileKey
 		}
 	}
 
-	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+	pv, _, err := packages_service.CreatePackageOrAddFileToExisting(
 		ctx,
 		pci,
 		pfci,
@@ -424,6 +427,20 @@ func uploadFile(ctx *context.Context, fileFilter container.Set[string], fileKey
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }
 

routers/api/packages/conda/conda.go

@@ -228,7 +228,7 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
 
-	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+	pv, _, err := packages_service.CreatePackageOrAddFileToExisting(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -271,6 +271,20 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }
 

routers/api/packages/cran/cran.go

@@ -182,7 +182,7 @@ func uploadPackageFile(ctx *context.Context, compositeKey string, properties map
 		return
 	}
 
-	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+	pv, _, err := packages_service.CreatePackageOrAddFileToExisting(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -218,6 +218,20 @@ func uploadPackageFile(ctx *context.Context, compositeKey string, properties map
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }
 

routers/api/packages/debian/debian.go

@@ -158,7 +158,7 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
 
-	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+	pv, _, err := packages_service.CreatePackageOrAddFileToExisting(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -203,6 +203,20 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }
 

routers/api/packages/generic/generic.go

@@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	packages_module "code.gitea.io/gitea/modules/packages"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/api/packages/helper"
 	packages_service "code.gitea.io/gitea/services/packages"
 )
@@ -88,7 +89,7 @@ func UploadPackage(ctx *context.Context) {
 	}
 	defer buf.Close()
 
-	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+	pv, _, err := packages_service.CreatePackageOrAddFileToExisting(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -120,6 +121,20 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }
 

routers/api/packages/helper/helper.go

@@ -10,9 +10,13 @@ import (
 	"net/url"
 
 	packages_model "code.gitea.io/gitea/models/packages"
+	access_model "code.gitea.io/gitea/models/perm/access"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // LogAndProcessError logs an error and calls a custom callback with the processed error message.
@@ -61,3 +65,31 @@ func ServePackageFile(ctx *context.Context, s io.ReadSeekCloser, u *url.URL, pf
 
 	ctx.ServeContent(s, opts)
 }
+
+func TryConnectRepository(ctx *context.Context, packageID int64) error {
+	headers := ctx.Req.Header["Package-Connection-Repository"]
+
+	if len(headers) == 0 {
+		return nil
+	}
+
+	if len(headers) != 1 {
+		return util.NewInvalidArgumentErrorf("too many package repository connection headers")
+	}
+
+	repo, err := repo_model.GetRepositoryByName(ctx, ctx.Package.Owner.ID, headers[0])
+	if err != nil {
+		return err
+	}
+
+	perms, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+	if err != nil {
+		return err
+	}
+
+	if !perms.CanWrite(unit.TypePackages) {
+		return util.NewPermissionDeniedErrorf("no permission to link package to repository: %s, or packages are disabled", repo.Name)
+	}
+
+	return packages_model.SetRepositoryLink(ctx, packageID, repo.ID)
+}

routers/api/packages/maven/maven.go

@@ -24,6 +24,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	packages_module "code.gitea.io/gitea/modules/packages"
 	maven_module "code.gitea.io/gitea/modules/packages/maven"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/api/packages/helper"
 	packages_service "code.gitea.io/gitea/services/packages"
 
@@ -355,7 +356,7 @@ func UploadPackageFile(ctx *context.Context) {
 		}
 	}
 
-	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+	pv, _, err := packages_service.CreatePackageOrAddFileToExisting(
 		ctx,
 		pvci,
 		pfci,
@@ -372,6 +373,20 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
 
+	if err = helper.TryConnectRepository(ctx, pv.PackageID); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			apiError(ctx, http.StatusForbidden, err)
+		case errors.Is(err, util.ErrNotExist):
+			apiError(ctx, http.StatusNotFound, err)
+		case errors.Is(err, util.ErrInvalidArgument):
+			apiError(ctx, http.StatusBadRequest, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }