Merge remote-tracking branch 'origin/main' into rmapi

* origin/main: (35 commits)
  Remove fomantic button module (go-gitea#30475)
  Improve "must-change-password" logic and document (go-gitea#30472)
  Fix commitstatus summary (go-gitea#30431)
  Remove fomantic menu module (go-gitea#30325)
  Use `flex-container` for dashboard layout (go-gitea#30214)
  Rewrite and restyle reaction selector and enable no-sizzle eslint rule (go-gitea#30453)
  Pulse page improvements (go-gitea#30149)
  Fix JS error when opening to expanded code comment (go-gitea#30463)
  fix: Fix to delete cookie when AppSubURL is non-empty (go-gitea#30375)
  Add `interface{}` to `any` replacement to `make fmt`, exclude `*.pb.go` (go-gitea#30461)
  Fix network error when open/close organization/individual projects and redirect to project page (go-gitea#30387)
  Avoid losing token when updating mirror settings (go-gitea#30429)
  Fix label rendering (go-gitea#30456)
  Add comment for ContainsRedirectURI about the exact match (go-gitea#30457)
  Update JS and PY deps, lock eslint and related plugins (go-gitea#30452)
  Refactor cache and disable go-chi cache (go-gitea#30417)
  Fix admin notice view-detail (go-gitea#30450)
  Fix mirror error when mirror repo is empty (go-gitea#30432)
  Add `/public/assets/img/webpack` to ignore files again (go-gitea#30451)
  Lock a few tool dependencies to major versions (go-gitea#30439)
  ...

.dockerignore

@@ -95,6 +95,9 @@ cpu.out
 /.air
 /.go-licenses
 
+# Files and folders that were previously generated
+/public/assets/img/webpack
+
 # Snapcraft
 snap/.snapcraft/
 parts/

.eslintrc.yaml

@@ -318,7 +318,7 @@ rules:
  jquery/no-serialize: [2]
  jquery/no-show: [2]
  jquery/no-size: [2]
- jquery/no-sizzle: [0]
+ jquery/no-sizzle: [2]
  jquery/no-slide: [0]
  jquery/no-submit: [0]
  jquery/no-text: [0]
@@ -470,7 +470,7 @@ rules:
  no-jquery/no-selector-prop: [2]
  no-jquery/no-serialize: [2]
  no-jquery/no-size: [2]
- no-jquery/no-sizzle: [0]
+ no-jquery/no-sizzle: [2]
  no-jquery/no-slide: [2]
  no-jquery/no-sub: [2]
  no-jquery/no-support: [2]

.gitattributes

@@ -1,5 +1,6 @@
 * text=auto eol=lf
 *.tmpl linguist-language=Handlebars
+*.pb.go linguist-generated
 /assets/*.json linguist-generated
 /public/assets/img/svg/*.svg linguist-generated
 /templates/swagger/v1_json.tmpl linguist-generated

.gitignore

@@ -94,6 +94,9 @@ cpu.out
 /.air
 /.go-licenses
 
+# Files and folders that were previously generated
+/public/assets/img/webpack
+
 # Snapcraft
 /gitea_a*.txt
 snap/.snapcraft/

.golangci.yml

@@ -30,10 +30,6 @@ linters:
 
 run:
  timeout: 10m
- skip-dirs:
- - node_modules
- - public
- - web_src
 
 linters-settings:
  stylecheck:
@@ -90,10 +86,13 @@ linters-settings:
  desc: do not use the internal package, use AddXxx function instead
  - pkg: gopkg.in/ini.v1
  desc: do not use the ini package, use gitea's config system instead
+ - pkg: gitea.com/go-chi/cache
+ desc: do not use the go-chi cache package, use gitea's cache system
 
 issues:
  max-issues-per-linter: 0
  max-same-issues: 0
+ exclude-dirs: [node_modules, public, web_src]
  exclude-rules:
  # Exclude some linters from running on tests files.
  - path: _test\.go

Makefile

@@ -25,17 +25,17 @@ COMMA := ,
 
 XGO_VERSION := go-1.22.x
 
-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.49.0
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.6.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.56.1
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.4.1
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@db51e79a0e37c572d8b59ae0c58bf2bbbbe53285
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1.0.3
-ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.6.26
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1
+ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1
 
 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@@ -295,7 +295,7 @@ clean:
 
 .PHONY: fmt
 fmt:
- GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+ @GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
  $(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
  @# strip whitespace after '{{' or '(' and before '}}' or ')' unless there is only
  @# whitespace before it

build/code-batch-process.go

@@ -69,6 +69,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
  co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
 
  co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
+ co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`\.pb\.go$`))
  co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/gitea-repositories-meta`))
  co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
  co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
@@ -203,17 +204,6 @@ Example:
 `, "file-batch-exec")
 }
 
-func getGoVersion() string {
- goModFile, err := os.ReadFile("go.mod")
- if err != nil {
- log.Fatalf(`Faild to read "go.mod": %v`, err)
- os.Exit(1)
- }
- goModVersionRegex := regexp.MustCompile(`go \d+\.\d+`)
- goModVersionLine := goModVersionRegex.Find(goModFile)
- return string(goModVersionLine[3:])
-}
-
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
  fileFilter := mainOptions["file-filter"]
  if fileFilter == "" {
@@ -278,7 +268,8 @@ func main() {
  log.Print("the -d option is not supported by gitea-fmt")
  }
  cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-w")))
- cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", getGoVersion()}, substArgs...)))
+ cmdErrors = append(cmdErrors, passThroughCmd("gofmt", append([]string{"-w", "-r", "interface{} -> any"}, substArgs...)))
+ cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra"}, substArgs...)))
  default:
  log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
  }

cmd/admin_user_change_password.go

@@ -36,6 +36,7 @@ var microcmdUserChangePassword = &cli.Command{
  &cli.BoolFlag{
  Name: "must-change-password",
  Usage: "User must change password",
+ Value: true,
  },
  },
 }
@@ -57,23 +58,18 @@ func runChangePassword(c *cli.Context) error {
  return err
  }
 
- var mustChangePassword optional.Option[bool]
- if c.IsSet("must-change-password") {
- mustChangePassword = optional.Some(c.Bool("must-change-password"))
- }
-
  opts := &user_service.UpdateAuthOptions{
  Password: optional.Some(c.String("password")),
- MustChangePassword: mustChangePassword,
+ MustChangePassword: optional.Some(c.Bool("must-change-password")),
  }
  if err := user_service.UpdateAuth(ctx, user, opts); err != nil {
  switch {
  case errors.Is(err, password.ErrMinLength):
- return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
+ return fmt.Errorf("password is not long enough, needs to be at least %d characters", setting.MinPasswordLength)
  case errors.Is(err, password.ErrComplexity):
- return errors.New("Password does not meet complexity requirements")
+ return errors.New("password does not meet complexity requirements")
  case errors.Is(err, password.ErrIsPwned):
- return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
+ return errors.New("the password is in a list of stolen passwords previously exposed in public data breaches, please try again with a different password, to see more details: https://haveibeenpwned.com/Passwords")
  default:
  return err
  }

cmd/admin_user_create.go

@@ -8,6 +8,7 @@ import (
  "fmt"
 
  auth_model "code.gitea.io/gitea/models/auth"
+ "code.gitea.io/gitea/models/db"
  user_model "code.gitea.io/gitea/models/user"
  pwd "code.gitea.io/gitea/modules/auth/password"
  "code.gitea.io/gitea/modules/optional"
@@ -46,8 +47,9 @@ var microcmdUserCreate = &cli.Command{
  Usage: "Generate a random password for the user",
  },
  &cli.BoolFlag{
- Name: "must-change-password",
- Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
+ Name: "must-change-password",
+ Usage: "Set to false to prevent forcing the user to change their password after initial login",
+ DisableDefaultText: true,
  },
  &cli.IntFlag{
  Name: "random-password-length",
@@ -71,10 +73,10 @@ func runCreateUser(c *cli.Context) error {
  }
 
  if c.IsSet("name") && c.IsSet("username") {
- return errors.New("Cannot set both --name and --username flags")
+ return errors.New("cannot set both --name and --username flags")
  }
  if !c.IsSet("name") && !c.IsSet("username") {
- return errors.New("One of --name or --username flags must be set")
+ return errors.New("one of --name or --username flags must be set")
  }
 
  if c.IsSet("password") && c.IsSet("random-password") {
@@ -110,17 +112,21 @@ func runCreateUser(c *cli.Context) error {
  return errors.New("must set either password or random-password flag")
  }
 
- // always default to true
- changePassword := true
-
- // If this is the first user being created.
- // Take it as the admin and don't force a password update.
- if n := user_model.CountUsers(ctx, nil); n == 0 {
- changePassword = false
- }
-
+ isAdmin := c.Bool("admin")
+ mustChangePassword := true // always default to true
  if c.IsSet("must-change-password") {
- changePassword = c.Bool("must-change-password")
+ // if the flag is set, use the value provided by the user
+ mustChangePassword = c.Bool("must-change-password")
+ } else {
+ // check whether there are users in the database
+ hasUserRecord, err := db.IsTableNotEmpty(&user_model.User{})
+ if err != nil {
+ return fmt.Errorf("IsTableNotEmpty: %w", err)
+ }
+ if !hasUserRecord && isAdmin {
+ // if this is the first admin being created, don't force to change password (keep the old behavior)
+ mustChangePassword = false
+ }
  }
 
  restricted := optional.None[bool]()
@@ -136,8 +142,8 @@ func runCreateUser(c *cli.Context) error {
  Name: username,
  Email: c.String("email"),
  Passwd: password,
- IsAdmin: c.Bool("admin"),
- MustChangePassword: changePassword,
+ IsAdmin: isAdmin,
+ MustChangePassword: mustChangePassword,
  Visibility: visibility,
  }
 

docs/content/administration/command-line.en-us.md

@@ -83,8 +83,7 @@ Admin operations:
  - `--email value`: Email. Required.
  - `--admin`: If provided, this makes the user an admin. Optional.
  - `--access-token`: If provided, an access token will be created for the user. Optional. (default: false).
- - `--must-change-password`: If provided, the created user will be required to choose a newer password after the
- initial login. Optional. (default: true).
+ - `--must-change-password`: The created user will be required to set a new password after the initial login, default: true. It could be disabled by `--must-change-password=false`.
  - `--random-password`: If provided, a randomly generated password will be used as the password of the created
  user. The value of `--password` will be discarded. Optional.
  - `--random-password-length`: If provided, it will be used to configure the length of the randomly generated
@@ -95,7 +94,7 @@ Admin operations:
  - Options:
  - `--username value`, `-u value`: Username. Required.
  - `--password value`, `-p value`: New password. Required.
- - `--must-change-password`: If provided, the user is required to choose a new password after the login. Optional.
+ - `--must-change-password`: The user is required to set a new password after the login, default: true. It could be disabled by `--must-change-password=false`.
  - Examples:
  - `gitea admin user change-password --username myname --password asecurepassword`
  - `must-change-password`:

docs/content/usage/actions/act-runner.en-us.md

@@ -303,34 +303,3 @@ sudo systemctl enable act_runner --now
 ```
 
 If using Docker, the `act_runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act_runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface).
-
-## Configuration variable
-
-You can create configuration variables on the user, organization and repository level.
-The level of the variable depends on where you created it.
-
-### Naming conventions
-
-The following rules apply to variable names:
-
-- Variable names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed.
-
-- Variable names must not start with the `GITHUB_` and `GITEA_` prefix.
-
-- Variable names must not start with a number.
-
-- Variable names are case-insensitive.
-
-- Variable names must be unique at the level they are created at.
-
-- Variable names must not be `CI`.
-
-### Using variable
-
-After creating configuration variables, they will be automatically filled in the `vars` context.
-They can be accessed through expressions like `{{ vars.VARIABLE_NAME }}` in the workflow.
-
-### Precedence
-
-If a variable with the same name exists at multiple levels, the variable at the lowest level takes precedence:
-A repository variable will always be chosen over an organization/user variable.