Merge remote-tracking branch 'upstream/main'

* upstream/main:
  Use `object-fit: contain` for oauth2 custom icons (go-gitea#26493)
  add disable workflow feature (go-gitea#26413)
  Move dropzone progress bar to bottom to show filename when uploading (go-gitea#26492)
  Handle base64 decoding correctly to avoid panic (go-gitea#26483)
  Allow to archive labels (go-gitea#26478)

cmd/generate.go

@@ -70,12 +70,12 @@ func runGenerateInternalToken(c *cli.Context) error {
 }
 
 func runGenerateLfsJwtSecret(c *cli.Context) error {
-	JWTSecretBase64, err := generate.NewJwtSecretBase64()
+	_, jwtSecretBase64, err := generate.NewJwtSecretBase64()
 	if err != nil {
 		return err
 	}
 
-	fmt.Printf("%s", JWTSecretBase64)
+	fmt.Printf("%s", jwtSecretBase64)
 
 	if isatty.IsTerminal(os.Stdout.Fd()) {
 		fmt.Printf("\n")

models/fixtures/label.yml

@@ -7,6 +7,7 @@
   exclusive: false
   num_issues: 2
   num_closed_issues: 0
+  archived_unix: 0
 
 -
   id: 2
@@ -17,6 +18,7 @@
   exclusive: false
   num_issues: 1
   num_closed_issues: 1
+  archived_unix: 0
 
 -
   id: 3
@@ -27,6 +29,7 @@
   exclusive: false
   num_issues: 0
   num_closed_issues: 0
+  archived_unix: 0
 
 -
   id: 4
@@ -37,6 +40,7 @@
   exclusive: false
   num_issues: 1
   num_closed_issues: 0
+  archived_unix: 0
 
 -
   id: 5
@@ -47,6 +51,7 @@
   exclusive: false
   num_issues: 0
   num_closed_issues: 0
+  archived_unix: 0
 
 -
   id: 6
@@ -57,6 +62,7 @@
   exclusive: false
   num_issues: 0
   num_closed_issues: 0
+  archived_unix: 0
 
 -
   id: 7
@@ -67,6 +73,7 @@
   exclusive: true
   num_issues: 0
   num_closed_issues: 0
+  archived_unix: 0
 
 -
   id: 8
@@ -77,6 +84,7 @@
   exclusive: true
   num_issues: 0
   num_closed_issues: 0
+  archived_unix: 0
 
 -
   id: 9
@@ -87,3 +95,4 @@
   exclusive: true
   num_issues: 0
   num_closed_issues: 0
+  archived_unix: 0

models/issues/label.go

@@ -97,6 +97,8 @@ type Label struct {
 	QueryString       string `xorm:"-"`
 	IsSelected        bool   `xorm:"-"`
 	IsExcluded        bool   `xorm:"-"`
+
+	ArchivedUnix timeutil.TimeStamp `xorm:"DEFAULT NULL"`
 }
 
 func init() {
@@ -109,6 +111,15 @@ func (l *Label) CalOpenIssues() {
 	l.NumOpenIssues = l.NumIssues - l.NumClosedIssues
 }
 
+// SetArchived set the label as archived
+func (l *Label) SetArchived(isArchived bool) {
+	if isArchived && l.ArchivedUnix.IsZero() {
+		l.ArchivedUnix = timeutil.TimeStampNow()
+	} else {
+		l.ArchivedUnix = timeutil.TimeStamp(0)
+	}
+}
+
 // CalOpenOrgIssues calculates the open issues of a label for a specific repo
 func (l *Label) CalOpenOrgIssues(ctx context.Context, repoID, labelID int64) {
 	counts, _ := CountIssuesByRepo(ctx, &IssuesOptions{
@@ -153,6 +164,11 @@ func (l *Label) BelongsToOrg() bool {
 	return l.OrgID > 0
 }
 
+// IsArchived returns true if label is an archived
+func (l *Label) IsArchived() bool {
+	return l.ArchivedUnix > 0
+}
+
 // BelongsToRepo returns true if label is a repository label
 func (l *Label) BelongsToRepo() bool {
 	return l.RepoID > 0
@@ -211,7 +227,7 @@ func UpdateLabel(l *Label) error {
 	}
 	l.Color = color
 
-	return updateLabelCols(db.DefaultContext, l, "name", "description", "color", "exclusive")
+	return updateLabelCols(db.DefaultContext, l, "name", "description", "color", "exclusive", "archived_unix")
 }
 
 // DeleteLabel delete a label

models/issues/label_test.go

@@ -11,6 +11,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -259,11 +260,12 @@ func TestUpdateLabel(t *testing.T) {
 	label := unittest.AssertExistsAndLoadBean(t, &issues_model.Label{ID: 1})
 	// make sure update wont overwrite it
 	update := &issues_model.Label{
-		ID:          label.ID,
-		Color:       "#ffff00",
-		Name:        "newLabelName",
-		Description: label.Description,
-		Exclusive:   false,
+		ID:           label.ID,
+		Color:        "#ffff00",
+		Name:         "newLabelName",
+		Description:  label.Description,
+		Exclusive:    false,
+		ArchivedUnix: timeutil.TimeStamp(0),
 	}
 	label.Color = update.Color
 	label.Name = update.Name
@@ -273,6 +275,7 @@ func TestUpdateLabel(t *testing.T) {
 	assert.EqualValues(t, label.Color, newLabel.Color)
 	assert.EqualValues(t, label.Name, newLabel.Name)
 	assert.EqualValues(t, label.Description, newLabel.Description)
+	assert.EqualValues(t, newLabel.ArchivedUnix, 0)
 	unittest.CheckConsistencyFor(t, &issues_model.Label{}, &repo_model.Repository{})
 }
 

models/migrations/migrations.go

@@ -522,6 +522,8 @@ var migrations = []Migration{
 	NewMigration("Drop deleted branch table", v1_21.DropDeletedBranchTable),
 	// v270 -> v271
 	NewMigration("Fix PackageProperty typo", v1_21.FixPackagePropertyTypo),
+	// v271 -> v272
+	NewMigration("Allow archiving labels", v1_21.AddArchivedUnixColumInLabelTable),
 }
 
 // GetCurrentDBVersion returns the current db version

models/migrations/v1_21/v271.go

@@ -0,0 +1,16 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_21 //nolint
+import (
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func AddArchivedUnixColumInLabelTable(x *xorm.Engine) error {
+	type Label struct {
+		ArchivedUnix timeutil.TimeStamp `xorm:"DEFAULT NULL"`
+	}
+	return x.Sync(new(Label))
+}

models/repo/repo.go

@@ -391,7 +391,13 @@ func (repo *Repository) MustGetUnit(ctx context.Context, tp unit.Type) *RepoUnit
 			Type:   tp,
 			Config: new(IssuesConfig),
 		}
+	} else if tp == unit.TypeActions {
+		return &RepoUnit{
+			Type:   tp,
+			Config: new(ActionsConfig),
+		}
 	}
+
 	return &RepoUnit{
 		Type:   tp,
 		Config: new(UnitConfig),

models/repo/repo_unit.go

@@ -6,6 +6,7 @@ package repo
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unit"
@@ -162,6 +163,42 @@ func (cfg *PullRequestsConfig) GetDefaultMergeStyle() MergeStyle {
 	return MergeStyleMerge
 }
 
+type ActionsConfig struct {
+	DisabledWorkflows []string
+}
+
+func (cfg *ActionsConfig) EnableWorkflow(file string) {
+	cfg.DisabledWorkflows = util.SliceRemoveAll(cfg.DisabledWorkflows, file)
+}
+
+func (cfg *ActionsConfig) ToString() string {
+	return strings.Join(cfg.DisabledWorkflows, ",")
+}
+
+func (cfg *ActionsConfig) IsWorkflowDisabled(file string) bool {
+	return util.SliceContains(cfg.DisabledWorkflows, file)
+}
+
+func (cfg *ActionsConfig) DisableWorkflow(file string) {
+	for _, workflow := range cfg.DisabledWorkflows {
+		if file == workflow {
+			return
+		}
+	}
+
+	cfg.DisabledWorkflows = append(cfg.DisabledWorkflows, file)
+}
+
+// FromDB fills up a ActionsConfig from serialized format.
+func (cfg *ActionsConfig) FromDB(bs []byte) error {
+	return json.UnmarshalHandleDoubleEncode(bs, &cfg)
+}
+
+// ToDB exports a ActionsConfig to a serialized format.
+func (cfg *ActionsConfig) ToDB() ([]byte, error) {
+	return json.Marshal(cfg)
+}
+
 // BeforeSet is invoked from XORM before setting the value of a field of this object.
 func (r *RepoUnit) BeforeSet(colName string, val xorm.Cell) {
 	switch colName {
@@ -175,7 +212,9 @@ func (r *RepoUnit) BeforeSet(colName string, val xorm.Cell) {
 			r.Config = new(PullRequestsConfig)
 		case unit.TypeIssues:
 			r.Config = new(IssuesConfig)
-		case unit.TypeCode, unit.TypeReleases, unit.TypeWiki, unit.TypeProjects, unit.TypePackages, unit.TypeActions:
+		case unit.TypeActions:
+			r.Config = new(ActionsConfig)
+		case unit.TypeCode, unit.TypeReleases, unit.TypeWiki, unit.TypeProjects, unit.TypePackages:
 			fallthrough
 		default:
 			r.Config = new(UnitConfig)
@@ -218,6 +257,11 @@ func (r *RepoUnit) ExternalTrackerConfig() *ExternalTrackerConfig {
 	return r.Config.(*ExternalTrackerConfig)
 }
 
+// ActionsConfig returns config for unit.ActionsConfig
+func (r *RepoUnit) ActionsConfig() *ActionsConfig {
+	return r.Config.(*ActionsConfig)
+}
+
 func getUnitsByRepoID(ctx context.Context, repoID int64) (units []*RepoUnit, err error) {
 	var tmpUnits []*RepoUnit
 	if err := db.GetEngine(ctx).Where("repo_id = ?", repoID).Find(&tmpUnits); err != nil {

models/repo/repo_unit_test.go

@@ -0,0 +1,30 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionsConfig(t *testing.T) {
+	cfg := &ActionsConfig{}
+	cfg.DisableWorkflow("test1.yaml")
+	assert.EqualValues(t, []string{"test1.yaml"}, cfg.DisabledWorkflows)
+
+	cfg.DisableWorkflow("test1.yaml")
+	assert.EqualValues(t, []string{"test1.yaml"}, cfg.DisabledWorkflows)
+
+	cfg.EnableWorkflow("test1.yaml")
+	assert.EqualValues(t, []string{}, cfg.DisabledWorkflows)
+
+	cfg.EnableWorkflow("test1.yaml")
+	assert.EqualValues(t, []string{}, cfg.DisabledWorkflows)
+
+	cfg.DisableWorkflow("test1.yaml")
+	cfg.DisableWorkflow("test2.yaml")
+	cfg.DisableWorkflow("test3.yaml")
+	assert.EqualValues(t, "test1.yaml,test2.yaml,test3.yaml", cfg.ToString())
+}

modules/generate/generate.go

@@ -49,12 +49,12 @@ func NewJwtSecret() ([]byte, error) {
 }
 
 // NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
-func NewJwtSecretBase64() (string, error) {
+func NewJwtSecretBase64() ([]byte, string, error) {
 	bytes, err := NewJwtSecret()
 	if err != nil {
-		return "", err
+		return nil, "", err
 	}
-	return base64.RawURLEncoding.EncodeToString(bytes), nil
+	return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
 }
 
 // NewSecretKey generate a new value intended to be used by SECRET_KEY.

modules/setting/lfs.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/modules/generate"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // LFS represents the configuration for Git LFS
@@ -56,17 +57,14 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
 
 	LFS.HTTPAuthExpiry = sec.Key("LFS_HTTP_AUTH_EXPIRY").MustDuration(24 * time.Hour)
 
-	if !LFS.StartServer {
+	if !LFS.StartServer || !InstallLock {
 		return nil
 	}
 
 	LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
-
-	LFS.JWTSecretBytes = make([]byte, 32)
-	n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64))
-
-	if (err != nil || n != 32) && InstallLock {
-		LFS.JWTSecretBase64, err = generate.NewJwtSecretBase64()
+	LFS.JWTSecretBytes, err = util.Base64FixedDecode(base64.RawURLEncoding, []byte(LFS.JWTSecretBase64), 32)
+	if err != nil {
+		LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecretBase64()
 		if err != nil {
 			return fmt.Errorf("error generating JWT Secret for custom config: %v", err)
 		}

modules/setting/oauth2.go

@@ -10,6 +10,7 @@ import (
 
 	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // OAuth2UsernameType is enum describing the way gitea 'name' should be generated from oauth2 data
@@ -129,21 +130,19 @@ func loadOAuth2From(rootCfg ConfigProvider) {
 	}
 
 	if InstallLock {
-		key := make([]byte, 32)
-		n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64))
-		if err != nil || n != 32 {
-			key, err = generate.NewJwtSecret()
+		if _, err := util.Base64FixedDecode(base64.RawURLEncoding, []byte(OAuth2.JWTSecretBase64), 32); err != nil {
+			key, err := generate.NewJwtSecret()
 			if err != nil {
 				log.Fatal("error generating JWT secret: %v", err)
 			}
 
-			secretBase64 := base64.RawURLEncoding.EncodeToString(key)
+			OAuth2.JWTSecretBase64 = base64.RawURLEncoding.EncodeToString(key)
 			saveCfg, err := rootCfg.PrepareSaving()
 			if err != nil {
 				log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
 			}
-			rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64)
-			saveCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64)
+			rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(OAuth2.JWTSecretBase64)
+			saveCfg.Section("oauth2").Key("JWT_SECRET").SetValue(OAuth2.JWTSecretBase64)
 			if err := saveCfg.Save(); err != nil {
 				log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
 			}